• The position requires a strong compliance acumen, business partnering skills, attention to detail, and ability to understand and implement compliance best practices in a complex technology environment
• 5 years experience working with technology governance, internal controls, and compliance activities such as ISO 27001/17/18, SOC 2, PCI, HIPAA, FedRAMP, HITRUST
• 2 years of experience working with HITRUST CSF (Common Security Framework) standards and conducting HITRUST assessments, audits, and remediation efforts
• Proficient with audit testing best practices and relevant documentation standards
• Demonstrated risk management and compliance experience across a broad range of technical areas relevant to SaaS environments: i.e. access management, software development lifecycle, secure coding principles, security architecture, information security, and network security

Desirable

• A phenomenal opportunity exists within Medallia’s Risk & Compliance Team as we are looking for a Senior Staff GRC (Governance, Risk, and Compliance) Analyst to drive compliance maturity and risk management in an ever-evolving SaaS landscape
• At the forefront of technological advancements and innovation, this role is pivotal in shaping the way we ensure security and compliance across our services
• As we continue to build and scale, this role’s impact will be critical to our platform, ensuring our growth is matched by the strength of our control environment
• Act as subject matter expert on compliance and regulatory frameworks
• Advise key stakeholders and management on best practice control design and implementation
• Coordinate and lead multiple IT security audits and compliance governance activities across the company
• Build and maintain Medallia’s unified controls matrix, in alignment with multiple compliance frameworks including SOC 2, ISO 27001/27701/27017/27018, PCI, HITRUST and HIPAA
• Expertise in HITRUST CSF (Common Security Framework) standards and experience conducting HITRUST assessments, audits, and remediation efforts
• Develop and maintain Medallia’s policies, procedures, and standards in collaboration with internal teams
• Collaborate with teams across Medallia, validate that security controls are implemented and develop recommendations to remediate control deficiencies
• Identify and oversee implementation of scalable security control enhancements that reduce risk and increase performance efficiency across diverse technical environments
• Develop employee facing technical documentation, internal wiki pages, periodic security oriented communication to spread awareness about Information Security policies and standards
• Develop and maintain AI policies and collaborate with internal and external teams on implementation
• Coach more junior members of the team on complex projects and governance, risk and compliance best practices, as needed