[Remote] Sr Security Analyst - Risk and Compliance

Note: The job is a remote job and is open to candidates in USA. Quickbase is on a mission to eliminate Gray Work, empowering organizations with their Dynamic Work Management platform. The Senior Security Analyst, Compliance & Risk will ensure security compliance, manage risk activities, and act as a liaison between Security and the Governance, Risk, and Compliance organization.

Responsibilities

• Serve as the Security team's primary point of contact for SOC 1, SOC 2, ISO 27001, HIPAA, and other compliance audits
• Partner with internal and external auditors to support evidence collection, walkthroughs, testing activities, and remediation efforts
• Ensure Security-owned controls are operating effectively and remain audit-ready throughout the year
• Coordinate remediation activities for audit findings, control deficiencies, and security gaps
• Maintain control documentation, evidence repositories, and audit artifacts
• Maintain and support the lifecycle of security policies, standards, procedures, and operational documentation
• Ensure security governance documentation remains aligned with business, regulatory, and compliance requirements
• Support policy reviews, approvals, and periodic updates
• Conduct security risk assessments for technologies, business initiatives, vendors, and emerging risks
• Maintain Security-owned risks within the enterprise risk management program
• Facilitate risk acceptance, exception management, and remediation tracking processes
• Develop security risk reporting and metrics for Security leadership
• Perform security reviews and risk assessments of vendors, SaaS providers, AI technologies, and strategic partners
• Partner with Procurement, Legal, Privacy, and business stakeholders during vendor onboarding and renewals
• Support M&A security due diligence and integration activities when required
• Support customer security assessments, due diligence requests, and security questionnaires
• Maintain customer-facing security documentation and trust artifacts
• Assist with Trust Center content and security assurance initiatives
• Partner with Sales and Customer Success teams to address customer security concerns
• Support security awareness initiatives, phishing simulations, and compliance training activities
• Measure program effectiveness and identify opportunities for improvement
• Promote a strong security culture across the organization
• Leverage GRC and security tooling to improve compliance visibility and operational efficiency
• Identify opportunities to automate evidence collection, control monitoring, reporting, and risk tracking
• Utilize AI-enabled capabilities to improve audit readiness, reporting quality, workflow efficiency, and continuous compliance activities
• Develop metrics and dashboards to support executive reporting and program maturity

Skills

• 5–9 years of experience in cybersecurity, security compliance, governance, risk management, audit, security assurance, or related security functions within SaaS, cloud-native, or technology organizations
• Hands-on experience supporting or leading SOC 2, SOC 1, ISO 27001, HIPAA, GDPR, NIST, or similar compliance and security frameworks
• Strong understanding of security controls, risk assessment methodologies, control testing, audit evidence management, and remediation tracking
• Experience partnering with internal and external auditors and managing audit readiness activities across multiple concurrent compliance programs
• Proven ability to drive security, compliance, and risk initiatives across cross-functional teams without direct authority
• Experience conducting security reviews of vendors, cloud services, AI solutions, and third-party providers
• Familiarity with GRC and compliance platforms such as Vanta, Drata, OneTrust, AuditBoard, or similar solutions
• Strong understanding of cloud security concepts and controls across AWS, Azure, and/or GCP environments
• Excellent analytical, organizational, written, and verbal communication skills, with the ability to communicate effectively with technical and non-technical stakeholders
• Experience supporting customer security assessments, security questionnaires, Trust Center activities, or enterprise sales security reviews
• Experience working in high-growth SaaS, private equity-backed, or regulated environments
• Professional certifications such as CISA, CISSP, CISM, CRISC, ISO 27001 Lead Implementer, or equivalent
• Experience leveraging automation, AI-enabled workflows, or continuous control monitoring solutions to improve compliance and operational efficiency

Benefits

• Bonus/commission eligibility
• Access to a full benefits package including health insurance, 401k, paid time off, etc.

Company Overview

Company H1B Sponsorship