Security Engineer - Risk and Compliance
Our Security teams support the unwritten fourth tenet of Slack’s mission: make people’s working lives more secure. We’re serious about protecting our infrastructure, operations, and most importantly, our customers’ data. We take a systemic approach to security, and strive to ensure we provide low friction high-impact security across everything we do.
As a key member of the Risk & Compliance Team, you understand that building user trust is critical to Slack’s success. You are passionate about information security risk management, privacy and maintaining customer confidence. You have the focus and organization to champion the adoption of sound security practices across all of Slack’s business and engineering teams. You get passionate about learning new legal policy frameworks, building processes to address new regulatory and compliance requirements, and jump at the chance to use your technical knowledge to answer customer questions. You are delighted your work directly impacts the way millions of users, teams and businesses get things done.
- Build and maintain a formalize customer inquiries program for the Risk & Compliance team; including the development of any customer facing documentation and responses regarding Slack’s information security, compliance and regulatory programs.
- Manage and respond to all customer information security or compliance inquiries and
- Assist with maintaining various regulatory and compliance attestation and/or certification
- Codify and raise awareness of internal security policies and practices
- Improve and maintain the following information security program components:
- IT Risk methodology & processes, risk assessments and treatment plans
- Risk & compliance program, documentation, and assessment calendar,
- Security Training & Awareness Program
- Vendor risk management
- Collaborate with operations and IT counterparts to improve network and infrastructure
security to better secure customer data
- Partner with legal and policy counterparts to create policies and artifacts that support
- Extensive experience in managing customer information security, compliance and regulatory inquiries and audits.
- Experience interacting directly with both enterprise and small business customers
- Experience implementing, participating in, or conducting security assessments of compliance programs (e.g.: SOC 2, FedRAMP, ISO 27001, HIPAA, etc.)
- Ability to work independently, communicating across multiple time zones
- Experience working with a broad array of multi-functional partners
- Familiarity with generally-accepted security methods, concepts and techniques
- Understanding of underlying Slack infrastructure including AWS, GCP, Chef, JAMF, ELK, etc.
- Effective communication with great interpersonal and presentation skills, writing well to translate complex issues into simple language that people who are not experts can understand
- Bachelor’s degree in computer science or equivalent educational or professional experience and/or qualifications
- CISA or CISSP
- 2+ years of information security experience
- 2+ years of experience with information technology audits and assessments
- Excellent time management and related organizational skills
Slack is where work happens. It connects you with the people and apps you work with every day, no matter where you are or what you do. We believe everyone deserves to work in a welcoming, respectful, and empathetic culture. We live by our values and hire accordingly.
Launched in February 2014, Slack is the fastest growing business application ever and is used by thousands of teams and millions of users every day. Slack's investors include many of the best-recognized firms in the world, including Accel Partners, Andreessen Horowitz, Social+Capital, KPCB, Google Ventures, Horizons Ventures, IVP, Spark Growth, DST, and Index Ventures. We currently have eight offices worldwide, in San Francisco, Vancouver, Dublin, Melbourne, New York, London, Tokyo, and Toronto.
Ensuring a diverse and inclusive workplace where we learn from each other is core to Slack's values. We welcome people of different backgrounds, experiences, abilities and perspectives. We are an equal opportunity employer and a fun place to work. Come do the best work of your life here at Slack.