Zip
Join to apply for the
Security Compliance Analyst
role at
Zip
The simple task of buying software, services, or tools at work has become hopelessly complicated at even the most innovative companies in the world. Today, enterprises spend $120T+ per year globally (>30 times larger than annual consumer e-commerce spend) and rely on vendors more than ever before to run their businesses. Our cofounders started Zip in 2020 to address this seemingly intractable problem with a purpose-built procurement platform that provides a simple, consumer-grade user experience. Within the last 4 years, Zip has created a new category and developed the leading solution in this $50B+ TAM space. Today, the world’s leading companies like OpenAI, Snowflake, Anthropic, Coinbase, and Prudential rely on Zip to manage billions of dollars in spend. We have a world-class team coming from category-defining companies like Airbnb, Meta, Stripe, Salesforce, Apple, and Google. With a $2.2 billion valuation and $370 million in funding from Y Combinator, Tiger Global, BOND, DST Global, and CRV, we’re focused on developing cutting-edge technology, expanding into new global markets, and—above all–driving incredible value for our customers. Join us!
Your Role The Security & Compliance team at Zip is committed to providing a high level of security assurance to customers, aligning security goals with business objectives and customer requirements. As a GRC Analyst at Zip, you’ll be a key driver for ensuring the success of compliance programs at a fast-growing company. Your contributions will be pivotal to the overall growth and competitive edge of Zip’s GRC program. You’ll ensure we can securely and compliantly build new features, help design and scale the compliance programs that power our expansion, from supporting new certifications to enabling secure AI development and entry into new markets like the EU and U.S. Federal sector.
You Will
Drive and perform periodic compliance-related activities, such as user access reviews, internal audits, and third party risk management
Develop, implement, and improve core compliance projects, such as leading security awareness training initiatives and helping drive adoption of best practices across the company
Curate responses for customer due diligence and security questionnaires and maintain our security knowledge base
Collaborate with internal stakeholders and external auditors to support third party audits including SOC 1, SOC 2, and ISO 27001
Develop, maintain, and lead the adoption of security policies, standards, and guidelines to ensure compliance with applicable regulatory requirements
Qualifications
Bachelor’s degree in a related field
2+ years of experience in GRC, information security consulting, cybersecurity risk, audits, or similar roles
Strong written and verbal communication skills with both technical and non-technical stakeholders
Familiarity with and participation in one or more of the following frameworks: ISO 27001, SOC 1, SOC 2, FedRAMP, PCI DSS
Familiarity with information security fundamentals for cloud software systems
Nice to Haves
Professional certifications in information security are a plus but not required
The salary range for this role is $95,000 - $150,000. The salary for this position is determined based on a variety of job-related factors that may include location, relevant experience, education, or particular skills and expertise.
Perks & Benefits
Start-up equity
Full health, vision & dental coverage
️ Catered lunches & dinners for SF employees
Commuter benefit
Team building events & happy hours
Flexible PTO
Apple equipment plus home office budget
401k plan
#J-18808-Ljbffr
Security Compliance Analyst
role at
Zip
The simple task of buying software, services, or tools at work has become hopelessly complicated at even the most innovative companies in the world. Today, enterprises spend $120T+ per year globally (>30 times larger than annual consumer e-commerce spend) and rely on vendors more than ever before to run their businesses. Our cofounders started Zip in 2020 to address this seemingly intractable problem with a purpose-built procurement platform that provides a simple, consumer-grade user experience. Within the last 4 years, Zip has created a new category and developed the leading solution in this $50B+ TAM space. Today, the world’s leading companies like OpenAI, Snowflake, Anthropic, Coinbase, and Prudential rely on Zip to manage billions of dollars in spend. We have a world-class team coming from category-defining companies like Airbnb, Meta, Stripe, Salesforce, Apple, and Google. With a $2.2 billion valuation and $370 million in funding from Y Combinator, Tiger Global, BOND, DST Global, and CRV, we’re focused on developing cutting-edge technology, expanding into new global markets, and—above all–driving incredible value for our customers. Join us!
Your Role The Security & Compliance team at Zip is committed to providing a high level of security assurance to customers, aligning security goals with business objectives and customer requirements. As a GRC Analyst at Zip, you’ll be a key driver for ensuring the success of compliance programs at a fast-growing company. Your contributions will be pivotal to the overall growth and competitive edge of Zip’s GRC program. You’ll ensure we can securely and compliantly build new features, help design and scale the compliance programs that power our expansion, from supporting new certifications to enabling secure AI development and entry into new markets like the EU and U.S. Federal sector.
You Will
Drive and perform periodic compliance-related activities, such as user access reviews, internal audits, and third party risk management
Develop, implement, and improve core compliance projects, such as leading security awareness training initiatives and helping drive adoption of best practices across the company
Curate responses for customer due diligence and security questionnaires and maintain our security knowledge base
Collaborate with internal stakeholders and external auditors to support third party audits including SOC 1, SOC 2, and ISO 27001
Develop, maintain, and lead the adoption of security policies, standards, and guidelines to ensure compliance with applicable regulatory requirements
Qualifications
Bachelor’s degree in a related field
2+ years of experience in GRC, information security consulting, cybersecurity risk, audits, or similar roles
Strong written and verbal communication skills with both technical and non-technical stakeholders
Familiarity with and participation in one or more of the following frameworks: ISO 27001, SOC 1, SOC 2, FedRAMP, PCI DSS
Familiarity with information security fundamentals for cloud software systems
Nice to Haves
Professional certifications in information security are a plus but not required
The salary range for this role is $95,000 - $150,000. The salary for this position is determined based on a variety of job-related factors that may include location, relevant experience, education, or particular skills and expertise.
Perks & Benefits
Start-up equity
Full health, vision & dental coverage
️ Catered lunches & dinners for SF employees
Commuter benefit
Team building events & happy hours
Flexible PTO
Apple equipment plus home office budget
401k plan
#J-18808-Ljbffr