Senior Compliance Specialist in Zuora

Our Information Technology (IT) team is Zuora’s internal engineering organization, responsible for creating technology experiences that connect our teams, drive business alignment and build a stronger, more collaborative work “place.” With a cloud-first approach, we empower our global ZEOs with increased productivity and self-service to enable company growth, scale, and flexibility while hardening our security and compliance posture. Zuora is looking for a Senior Security Engineer with expertise in Application Security and DevSecOps to join our application security & security engineering team.

The role of a Compliance Engineer is to work with our Trust and Compliance team to: 

• Drive security compliance efforts from the beginning to the end by maintaining a positive relationship with both internal and external stakeholders
• Maintain compliance documentation, including audit evidence, controls, and vendor security reviews
• Design, implement, maintain, and improve programs to address key company risks and prepare internal teams for independent assessments against a wide variety of regulatory and compliance frameworks (PCI, SOC, ISO 27XXX, HIPAA, GDPR, etc) 
• Monitor the performance of the compliance program through the development of and maintenance of automated systems.
• Work with cross-functional teams to identify risks and gaps in our compliance controls and facilitate remediation across our products and infrastructure.
• Assist with completing security questionnaires from customers and answering customer questions with respect to compliance; work with the internals team to create customer collateral to educate internal staff and aid in the sales process
• Assist with requesting/reviewing security questionnaires/contracts from vendors and identify security risks and gaps in the compliance controls to aid in the procurement process
• Develop automation of risk management, control execution, and monitoring

• 3+ years of experience with a demonstrated track record of success in GRC, internal audit, security, and/or privacy space. 
• Knowledge of various compliance frameworks (PCI, SOC2, ISO 27001, ISO 27018, HIPAA, GDPR, etc.) 
• Strong experience with any scripting languages like Ruby, Python, Unix shell, bash, etc.
• Functional knowledge of multiple security domains and information security industry standards and best practices
• Experience leading 3rd party risk management programs, including responding to customer security questionnaires, interacting directly with customer sales and security teams, and reviewing vendor security
• Solid experience managing compliance initiatives for cloud platforms and interacting with external auditors
• Strong project management skills 
• Strong written and verbal communication skills

• A mix of experiences at a Big Four (or similar) audit or consulting firm and at an in-house governance, risk, and compliance function at a SaaS company
• Industry-recognized certification in security ISO 27001 LA / LI D desire to pursue CISSP, CISA, CISM, CCSK, etc. in 6 months.
• Experience working in an international/global organization