Postmates is looking for an Information Security Risk & Compliance Analyst focused on the evaluation of Postmates core services and infrastructure for compliance with the NIST Cybersecurity Framework (NIST CSF) and Sarbanes Oxley IT General Controls.
In this role, you will be responsible for evaluating and documenting internal controls, assisting with internal security reviews, and working with internal teams to address compliance and audit issues.
- Serve as a subject matter expert on industry standards and security compliance frameworks and standards such as SOX Section 404 IT General Controls, NIST 800-53, PCI DSS, GDPR, CCPA.
- Conduct security risk assessments of third-party vendor services.
- Support internal audits of Postmates Mobile and Web Applications for compliance with the NIST Cybersecurity Framework (NIST CSF), PCI DSS, GDPR, CCPA and Sarbanes Oxley IT General Controls.
- Interact with Postmates technology, and business stakeholders to understand risks critical to infrastructure, define potential business impact and establish corrective action plans.
- Prepare, validate and maintain security documentation including, but not limited to: Information Security Policies, Information Security Procedures, IT Compliance Corrective and Preventive Action Plans (CAPA’s), Privacy and Business Impact assessments (BIA/PIA), and Annual and Quarterly Compliance Audit Procedures.
- Prepare weekly reports for senior leadership on the status of Postmates internal controls.
- Competitive salary and generous stock option plan
- Medical, dental and vision insurance
- Whatever equipment you need to work efficiently and creatively
- Paid parental leave, vacation time, sick time, and volunteering time
- Catered lunches
- Impact-first work environment (no politics, no pandering)
- Huge company vision (we need you to build the future, not just maintain the status quo)
- Awesome office located in SOMA District just minutes from BART, Muni, AC Transit, and SamTrans