Security Analyst

Formstack improves people’s lives with practical solutions to their everyday work. We are looking for the next Stacker to help us accomplish this mission.

Formstack is a remote-first company with team members who live and work across the U.S. Canada and the globe. We offer more than just a job; we provide a community where you can learn grow and thrive your way. Join a dynamic and diverse team that values relationships as much as results. Come build what matters with Formstack.

Who You Are

We are seeking a motivated Trust & Compliance Analyst with a solid foundation in information security and compliance frameworks to join our growing team. This role is ideal for a self-motivated individual with a technical background and a keen interest in the fields of software customer trust compliance and information security. The role involves analyzing communicating and improving our risk environment and system of controls with a focus on alignment against key control frameworks and standards such as NIST 800-53 Trust Services Criteria PCI-DSS 4.0 HIPAA ISO 27017 and ISO 27701. The successful candidate will play a crucial role in reporting on control health maturity residual risk and remediation status and will collaborate across teams to enhance our compliance posture.

What You Will Do

• Understand analyze and report on the company's risk environment system of controls control health maturity residual risk and remediation status.

• Operate and contribute to the processes assessing alignment against key control frameworks and assurance standards evangelizing their importance across the organization.

• Maintain and continuously improve Trust Center content to support customer self-serve enablement and contribute to the creation and update of pre-filled questionnaires.

• Facilitate and support periodic security reviews for vendors and system access reporting on review status deviations and remediation efforts.

• Collaborate with internal teams to maintain effective security testing reporting and remediation practices including static and dynamic security testing and network penetration testing.

• Engage in professional development opportunities including completing specific product onboarding security training and certifications.

What We Are Looking For

• Proactive self-starter with a strong technical aptitude and excellent problem-solving skills.

• Exceptional written and verbal communication skills with a keen attention to detail.

• Demonstrated ability to manage projects and tasks with minimal supervision delivering results in a fast-paced environment.

• Strong collaborative spirit with the ability to work effectively across various teams and departments.

• A history of self-managed results showcasing a commitment to continuous learning and improvement.

• Bachelor’s degree in Information Security Computer Science or a related field or equivalent experience.

• Familiarity with security tech or engineering disciplines through diplomas certifications or relevant work experience.

• 2-4 years of experience in information security compliance or a related field in a healthcare SaaS environment with a solid understanding of compliance frameworks and standards.

• Experience with Python Bash Ruby or other scripting languages; familiarity with artificial intelligence data analytics cloud technologies and IT operations.

• Relevant certifications (e.g. CCSK CISM CISA CISSP) are highly desirable.

• An understanding of or experience with relevant security frameworks and standards.

• Must be fluent in written and spoken English

Bonus Points

• A strong research background or contributions to security and tech communities (e.g. meetups online forums publications open source projects).

• Experience working on a software or DevOps team including internships co-op placements or open-source projects.

• Any additional certifications or training relevant to information security such as CSA CCSK Plus or Portswigger Web Security Academy Apprentice Path.

• Salary Range: $70000 - $100000 USD/year

• Plus a potential annual bonus of up to 5% of the salary.

• This is a target starting cash range for a candidate who meets the minimum qualifications for this role. The final cash pay for this role will depend on a variety of factors including a specific candidate’s experience qualifications skills and projected impact.

• ***This is a remote position***

$70000 - $100000 a year

Please submit your resume and a cover letter highlighting your relevant experience and interest in the Trust & Compliance Analyst role. Include any certifications projects or community involvement that demonstrate your competencies and assets for this position.

What Formstack Offers for Full-Time Employees in the US and Canada:

- Competitive health plans Dental Vision Disability and Life Insurance Benefits for US and Canadian full-time employees.

- Monthly Health & Wellness and Technology stipends

- Half-day Fridays

- Unlimited PTO for all employees.

- 401k & Roth w/ safe harbor match (the US and Canada)

- The most up-to-date technology including company-issued Macs the latest software and other tools needed to excel at your job

- Company-paid conferences and extended learning opportunities

- Yearly company and team gatherings

Don’t meet every single requirement? Studies have shown that women and people of color are less likely to apply to jobs unless they meet every qualification. Formstack is dedicated to building a diverse inclusive and authentic workplace. if you’re excited about this role but your experience doesn’t align perfectly with every qualification in the job description we encourage you to apply anyway. You may be just the right candidate for this or other roles.

Formstack is an equal-opportunity employer. We are passionately committed to equitable hiring and boldly dedicated to diversity in our work and staff. We do not discriminate in employment opportunities or practices based on actual or perceived race color religion national origin sex (including pregnancy childbirth or related conditions) age marital status sexual orientation gender identity or expression veteran status uniform service member status disability or any other characteristic protected by law. Women people of color bilingual and bicultural individuals LGBTQ+ persons and people with disabilities are encouraged to apply.

All data collected in our application process from resume collection to application questions is used for recruitment purposes only. We will store it in our applicant tracking system Lever and will not share this data with anyone else. We will keep your data until the role is filled and only continue to store it if we feel you may fit future roles.