Risk and Compliance Analyst
Conga is a fast-growing leader in the Digital Transformation category with over 11,000 customers, 750,000 users, and 1,300 five-star customer reviews. Conga’s Digital Document Transformation Suite creates outstanding ROI for our customers by automating business processes for digital data, documents, reporting, and contracts. As a top global Salesforce Strategic ISV with the #1 paid application on the Salesforce AppExchange, Conga has tremendous momentum. For example, our net dollar retention and NPS scores are industry leading.
With a global team of 500 employees, an experienced senior management team, strategic investors including Insight Venture Partners and Salesforce Ventures, a global headquarters in Broomfield Colorado, and offices across the US, in London and in Sydney, Australia; Conga is poised to be one of the next great B2B SaaS success stories.
Reporting to the VP of Privacy and Compliance, this candidate will be responsible for assisting in the development, implementation, and management of an integrated risk framework for the company. They will be working closely with the information security, privacy and compliance, teams as well as individuals and groups across the organization. Other responsibilities in this role include developing and implementing Key Risk Indicators (KRIs), documenting and communicating procedures, assessing, evaluating and quantifying technology risks, supporting the implementation of IT GRC tools and projects and coordinating risk treatment and mitigation plans. This candidate will need to have strong communication skills and feel comfortable speaking to and running meetings with high-level employees. This position will play a critical role in managing assigned compliance and IT risk management functions for Conga and support the development, implementation, and maintenance of a compliance and risk management program for a global technology service provider. This includes developing and maintaining policies, procedures, risk assessments and risk mitigation strategies. We hire talented, motivated people and hand them big problems to solve.
- Contribute to risk management strategy and manage risk mitigation projects or initiatives including implementation of software platforms as necessary
- Manage the organizational risk register, create department metrics dashboards, lead risk assessments, quantify and qualify risks for prioritization
- Implements and manages the appropriate controls, metrics and programs that allow Conga to meet its governance, risk and compliance objectives while minimizing impact to the speed of business.
- Apply qualitative and quantitative measures to calculate and support risk ratings.
- Lead vendor due diligence and risk management program, meetings, processes and evidence for audit
- Perform risk qualification and quantification, risk management program maturity model benchmarking
- Stay abreast of changes in the risk management and compliance landscape affecting Conga’s risk posture and recommend mitigation or remediations strategies
- Participate in audits, incident management, and business continuity and disaster recovery exercises as needed
- Develop policy, procedure, and documentation management plan; engage as a SME in creating security policies, procedures, and standards and Manage organizational documentation through its lifecycle ensuring the security, accessibility, and proper distribution of organizational documents
- Assist in developing and maintaining an online digital library of security and compliance documents; organizing them logically for easy retrieval.
- Assist in editing and publishing of corporate policies related to IT Security and IT Compliance; coordinate with subject experts for content reviews.
- Help develop and enforce documentation design, review, and storage guidelines
- Meet strategic information security, privacy, compliance and risk management objectives through the development of policies, procedures, plans, training, and or other initiatives
- Assist in the design and monitoring of practices in place to adhere to information security policies, procedures, and standards required by contractual agreements, regulations, and legislation
- Other duties as assigned
- 2-4 years of work experience in a technology environment or risk management role
- Bachelor’s degree or equivalent work experience
- Understanding of qualitative vs. quantitative risk management and inherent vs. residual risk to properly determine, evaluate, and report on technology risk levels at the project and enterprise level.
- Maintains updated knowledge in the field of risk management and compliance to efficiently work on frameworks including NIST CSF, ISO, GDPR, SOX, etc.
- Strong project management, meeting/call management skills
- Familiarity with cloud-based IT environments
- Excellent communication skills
- Proven ability to effectively handle and prioritize multiple and complex projects simultaneously in a quickly changing environment
- Ability to work well in cross-functional teams, including software engineers, marketing, account management, sales operations
- Familiarity with various compliance programs and requirements such as ISO 27001/2, SOC 2, NIST, COSO, CoBIT, and other information security or risk management standards
- Certifications in CRISC, PMI-RMP, ISO implementation beneficial
All your information will be kept confidential according to EEO guidelines.