Associate Risk and Compliance Engineer
Our Security teams support the unwritten fourth tenet of Slack’s mission: make people’s working lives more secure. We’re serious about protecting our infrastructure, operations, and most importantly, our customers’ data. We take a systemic approach to security and strive to ensure we provide low friction high-impact security across everything we do.
As a key member of the Risk and Compliance Team, you understand that building customer trust is critical to Slack’s success. You are passionate about information security risk management, privacy and maintaining customer confidence. You have the focus and organization to champion the adoption of sound security practices across all of Slack’s business and engineering teams. You are passionate about learning, building, and sustaining processes to address new regulatory, compliance, and customer requirements and jump at the chance to use your technical knowledge to answer customer questions. In this role, your work will directly impact the way millions of users, teams and businesses get things done. We are seeking a motivated individual that is not only focused on delivering results but does so in a collaborative and courteous manner.
What you’ll be doing:
- Assist in the development and maintenance of the customer trust program for the Risk and Compliance team; including the development of customer-facing documentation and responses regarding Slack’s information security, compliance and regulatory programs.
- Respond to customer information security and/or compliance inquiries and audits.
- Assist with maintaining various regulatory and compliance attestation and/or certification programs
- Collaborate with engineering and business technology (IT) counterparts to improve network and infrastructure security to better secure customer data.
- Partner with legal and policy counterparts to create policies and artifacts that support compliance programs.
What you should have:
- Understanding of basic cloud and security concepts
- General understanding of SOC 2, FedRAMP, NIST, ISO 27001/27017/27018, HIPAA, HITRUST, or Sarbanes Oxley IT General Controls.
- Ability to work independently with excellent time management, attention to detail, and other related organizational skills while interacting with stakeholders across multiple time zones.
- Experience effectively working with multiple cross-functional stakeholders to reach a desired outcome.
- Effective communication with great interpersonal and presentation skills; writing and speaking well to translate complex issues into simple language that people who are not experts can understand.
- Security+, CCSK, AWS Security, or other security industry certification and/or Bachelor’s Degree
Slack is an Equal Opportunity Employer and participant in the U.S. Federal E-Verify program. Women, minorities, individuals with disabilities and protected veterans are encouraged to apply. Slack will consider qualified applicants with criminal histories in a manner consistent with the San Francisco Fair Chance Ordinance.
Slack is a layer of the business technology stack that brings together people, data, and applications – a single place where people can effectively work together, find important information, and access hundreds of thousands of critical applications and services to do their best work. From global Fortune 100 companies to corner markets, businesses and teams of all kinds use Slack to bring the right people together with all the right information. Slack is headquartered in San Francisco, CA and has offices around the world. For more information on how Slack makes teams better connected, visit slack.com.
Ensuring a diverse and inclusive workplace where we learn from each other is core to Slack’s values. We welcome people of different backgrounds, experiences, abilities and perspectives. We are an equal opportunity employer and a pleasant and supportive place to work.
Come do the best work of your life here at Slack.