Elastic is the world's leading software provider for making structured and unstructured data usable in real time for search, logging, security, and analytics use cases. Founded in 2012 by the people behind the Elasticsearch, Kibana, Beats, and Logstash open source projects, Elastic's global community has more than 80,000 members across 45 countries, and since its initial release. Elastic's products have achieved more than 100 million cumulative downloads. Today thousands of organizations, including Cisco, eBay, Dell, Goldman Sachs, Groupon, HP, Microsoft, Netflix, The New York Times, Uber, Verizon, Yelp, and Wikipedia, use the Elastic Stack, X-Pack, and Elastic Cloud to power mission-critical systems that drive new revenue opportunities and massive cost savings. Elastic is backed by more than $104 million in funding from Benchmark Capital, Index Ventures, and NEA; has headquarters in Amsterdam, the Netherlands, and Mountain View, California; and has over 800 employees in more than 30 countries around the world.
We are looking for a Senior Security Risk and Compliance Analyst to join the Information Security Team at Elastic. If you are someone that has a passion for the process of improvement, automation, and efficiency; and loves the fast pace of DevOps culture, then this is the job for you. This is a new role focused on developing and improving our internal risk & compliance processes at Elastic primarily in the fields of information security and data privacy.
- Audit and Compliance:
- Assess, formulate and monitor internal compliance requirements primarily in the fields of infoSec and data privacy in which you will work towards process efficiency and fit whenever possible.
- Manage audit requirements and deliverables for multiple compliance audits related to certification under various security standards (e.g. ISO 27001, SOC 2, etc.) and/or customer data privacy assessments (GDPR).
- Work on 3rd party risk assessments and compliance requirements for our vendor risk program and manage the review cycle.
- Assist with development and implementation of policies and procedures that align with ISO 27001 standards and with data processing standards applicable to Elastic’s processing of personal data under GDPR.
- Work with stakeholders to coordinate remediation projects as required and report on progress to management.
- Customer interaction:
- Support potential clients and customers by answering inquiries about Elastic’s data privacy and security and compliance practices.
- Coordinate responses to customer questionnaires by working with internal Elastic stakeholders.
- Optimize the program for efficiency.
- Work effectively with partners in IT, Finance, Legal, Engineering, and Product to assess security compliance requirements and recommend policies & practices in support of the company’s compliance initiatives.
- Demonstrate ability to engage at sufficient technical depth with our products.
- As a member of the InfoSec team, your position may include other responsibilities in the information security program such as assisting with vulnerability scan remediation, and updating risk assessments.
- Assist with coordinating security and privacy awareness training throughout Elastic.
- BA or BS or a higher degree in a technical field (e.g. EE, CS)
- 2+ years experience working on compliance audits for SaaS platforms, including SOC 2 type 2 and/or ISO 27001.
- 5 years of meaningful work experience across engineering and IT organizations, including security incident response, threat analytics, security operations, and security risk management.
- Working knowledge of common audit and compliance tools and requirements.
- Demonstrated ability to operate effectively at a dynamic company and embrace change.
- Technical aptitude and extreme attention to detail
- Excellent spoken and written communication skills
- Familiarity with GitHub
Preferred skills and experience:
- CISA, CRISC, CISSP, CCSP, CIPP, or similar certification.
- Experience with Open Source and the Elastic Stack.
- Familiarity with cloud technologies (such as AWS, Azure, and GCP).
- Competitive pay and benefits
- Stock options
- Catered lunches, snacks, and beverages in most offices
- An environment in which you can balance great work with a great life
- Passionate people building great products
- Distributed-first company with employees in over 27 countries, spread across 18 time zones, and speaking over 30 languages!
- Some travel may be required
Target locations: Washington D.C.; New York, NY; London, UK; Amsterdam, The Netherlands
Elastic is an Equal Employment employer committed to the principles of equal employment opportunity and affirmative action for all applicants and employees. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status or any other basis protected by federal, state or local law, ordinance or regulation. Elastic also makes reasonable accommodations for disabled employees consistent with applicable law.