Company Overview
At Zuora, we do Modern Business. We’re helping people subscribe to new ways of doing business that are better for people, companies and ultimately the planet. It’s an approach resulting from the shift to the Subscription Economy that puts customers first by building recurring relationships instead of one-time product sales and focuses on sustainable growth. Through our leading expertise and multi-product suite, we are transforming all industries and working with the world’s most innovative companies to monetize new business models, nurture subscriber relationships and optimize their digital experiences.
The Team & Role
The role of a Sr. Compliance Engineer is to work with our Trust and Compliance team to:
- Drive security compliance efforts from the beginning to the end by maintaining a positive relationship with both internal and external stakeholders
- Maintain compliance documentation, including audit evidence, controls, and vendor security reviews
- Design, implement, maintain, and improve programs to address key company risks and prepare internal teams for independent assessments against a wide variety of regulatory and compliance frameworks (PCI, SOC, ISO 27XXX, HIPAA, GDPR, etc)
- Monitor the performance of the compliance program through the development of and maintenance of automated systems.
- Work with cross functional teams to identify risks and gaps in our compliance controls and facilitate remediation across our products and infrastructure.
- Assist with completing security questionnaires from customers and answering customer questions with respect to compliance; work with the internals team to create customer collateral to educate internal staff and aid in the sales process
- Assist with requesting/reviewing security questionnaires/contracts from vendors and identify security risks and gaps in the compliance controls to aid in the procurement process
- Develop automations of risk management, control execution and monitoring
WHAT YOU’LL NEED TO BE SUCCESSFUL
- 5+ years of experience with a demonstrated track record of success in GRC, internal audit, security, and/or privacy space.
- Knowledge of various compliance frameworks (PCI, SOC2, ISO 27001, ISO 27018, HIPAA, GDPR, etc.)
- Strong experience with any scripting languages like Ruby, Python, Unix shell, bash, etc.
- Functional knowledge of multiple security domains and information security industry standards and best practices
- Experience leading 3rd party risk management programs, including responding to customer security questionnaires, interacting directly with customer sales and security teams, and reviewing vendor security
- Solid experience managing compliance initiatives for cloud platforms and interacting with external auditors
- Strong project management skills
- Strong written and verbal communication skills
Nice to haves:
- A mix of experiences at a Big Four (or similar) audit or consulting firm and at an in-house governance, risk, and compliance function at a SaaS company
- Industry recognized certification in security ISO 27001 LA / LI or desire to pursue CISSP, CISA, CISM, CCSK, etc. in 6 months.
- Experience working in an international / global organization
#ZEOLife at Zuora
As an industry pioneer, our work is constantly evolving and challenging us in new ways that require us to think differently, iterate often and learn constantly—it’s exciting. Our people, whom we refer to as “ZEOs" are empowered to take on a mindset of ownership and make a bigger impact here. Our teams collaborate deeply, exchange different ideas openly and together we’re making what’s next possible for our customers, community and the world.
As part of our commitment to building an inclusive, high-performance culture where ZEOs feel inspired, connected and valued, we support ZEOs with:
- Competitive compensation, corporate bonus program and performance rewards, company equity and retirement programs
- Medical insurance
- Generous, flexible time off
- Paid holidays, “wellness” days and company wide end of year break
- 6 months fully paid parental leave
- Learning & Development stipend
- Opportunities to volunteer and give back, including charitable donation match
- Free resources and support for your mental wellbeing
Specific benefits offerings may vary by country and can be viewed in more detail during your interview process.
Location & Work Arrangements
Organizations and teams at Zuora are empowered to design efficient and flexible ways of working, being intentional about scheduling, communication, and collaboration strategies that help us achieve our best results. In our dynamic, globally distributed company, this means balancing flexibility and responsibility — flexibility to live our lives to the fullest, and responsibility to each other, to our customers, and to our shareholders. For most roles, we offer the flexibility to work both remotely and at Zuora offices.
Our Commitment to an Inclusive Workplace
Think, be and do you! At Zuora, different perspectives, experiences and contributions matter. Everyone counts. Zuora is proud to be an Equal Opportunity Employer committed to creating an inclusive environment for all.
Zuora does not discriminate on the basis of, and considers individuals seeking employment with Zuora without regards to, race, religion, color, national origin, sex (including pregnancy, childbirth, reproductive health decisions, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, genetic information, political views or activity, or other applicable legally protected characteristics.
We encourage candidates from all backgrounds to apply. Applicants in need of special assistance or accommodation during the interview process or in accessing our website may contact us by sending an email to assistance(at)zuora.com.