Risk & Compliance Engineer - Vendor Risk

Our Security teams support the unwritten fourth tenet of Slack’s mission: make people’s working lives more secure. We’re serious about protecting our infrastructure, operations, and most importantly, our customers’ data. We take a systemic approach to security, and strive to ensure we provide low friction high-impact security across everything we do.

As a member of the Risk & Compliance Team, you understand that building user trust is critical to Slack’s success. You challenge Slack's vendors to meet the same high standards we hold ourselves to and help them to evolve their security practices to meet our customers' expectations. You are passionate about privacy and maintaining customer confidence. You have the focus and organization to champion the adoption of sound security practices across all of Slack’s business and engineering teams. You get passionate about learning new legal policy frameworks, building processes to address new regulatory and compliance requirements, and jump at the chance to use your technical knowledge to answer customer questions. You are happy your work directly impacts the way millions of users, teams and businesses get things done.


  • You will develop and maintain various regulatory and compliance attestation and/or certification of Slack’s information security program
  • You will modify and raise awareness of internal security policies and practices; especially Slack's vendor risk management program
  • You will improve and maintain the following information security program components:
    --Establish or enhance security risk methodology & processes
    --Perform risk assessments and execute treatment plans with internal stakeholders and vendors
    --Craft compliance documentation and monitor consistency to policies and standards
    --Build and operate a security training & awareness program relating to vendor risk management program
    --Partner with business, engineering, and IT counterparts to monitor or improve the conformance of vendors/third party security controls to better secure our internal or customer data
    --Partner with legal and policy counterparts to review vendor/third party contracts and ensure such clauses/requirements adhere to Slack's information security programs and controls


  • You have experience addressing technical policy, compliance and regulatory issues
  • You have experience implementing, participating in, or conducting security assessments of compliance programs (e.g.: SOC 2, FedRAMP, ISO 27001, HIPAA, PCI DSS, FINRA, etc.)
  • You have the ability to work independently, communicating across multiple time zones
  • You have experience working with a broad array of multi-functional partners
  • You are familiar with generally-accepted security methods, concepts and techniques
  • You use effective communication with great interpersonal and presentation skills, writing well to translate complex issues into simple language that people who are not experts can understand
  • You have experience interacting directly with both enterprise and small business customers

Bonus Points

  • Bachelor’s degree in computer science or equivalent educational or professional experience and/or qualifications
  • CISA, CISSP, or equivalent
  • 2+ years of information security experience
  • 2+ years of experience with information technology audits and assessments
  • Excellent time management and related organizational skills

Slack is where work happens. It connects you with the people and apps you work with every day, no matter where you are or what you do. We believe everyone deserves to work in a welcoming, respectful, and empathetic culture. We live by our values and hire accordingly.

Launched in February 2014, Slack is the fastest growing business application ever and is used by thousands of teams and millions of users every day. Slack's investors include many of the best-recognized firms in the world, including Accel Partners, Andreessen Horowitz, Social+Capital, KPCB, Google Ventures, Horizons Ventures, IVP, Spark Growth, DST, and Index Ventures. We currently have eight offices worldwide, in San Francisco, Vancouver, Dublin, Melbourne, New York, London, Tokyo, and Toronto.

Ensuring a diverse and inclusive workplace where we learn from each other is core to Slack's values. We welcome people of different backgrounds, experiences, abilities and perspectives. We are an equal opportunity employer and a fun place to work. Come do the best work of your life here at Slack.