Recurly is a leading enterprise subscription billing platform that serves companies of all sizes including some of the largest Fortune 500 organizations in the world. We are seeking a motivated Sr. Security Compliance Analyst to join our team.

As a Senior Security Compliance Analyst on the Information Security and Compliance team, you will help lead Recurly’s overall governance, risk, and compliance program. As part of this team, you will ensure that Recurly is meeting and exceeding its compliance requirements as well as ensuring we are holding ourselves to the highest standards when it comes to governance. You will research and help us meet new compliance standards and as we adopt new technology work with internal teams to ensure they are meeting those compliance requirements.

Responsibilities

• Support and provide project management to Recurly’s major compliance programs
• Identify new laws/regulations that can affect Recurly, document the requirements and come up with an easy to consume plan for internal teams to operationalize
• Assist in developing a comprehensive risk-based Governance, Risk and Compliance program
• Interface with technical teams, stakeholders and leadership teams to translate security risk mitigation plans into actionable items to mitigate risk
• Establish, implement and work to improve appropriate compliance processes
• Plan and execute audits to meet our compliance obligations
• Collaborate with technical teams to resolve security and compliance issues
• Work with peers to ensure new technology and features meet our compliance requirements
• Work with peers to automate parts of our compliance program
• Drive security awareness and compliance across the business

Requirements

• 5+ years of experience as a Senior Audit / Compliance role
• 5+ years of experience in PCI/SOC Audits
• 5+ years of experience working in a mature GRC program
• 5+ years of experience in conducting internal audits
• Strong documentation skills
• Strong communication skills
• Bachelor's degree or equivalent experience

Preferences

• Experience with Scrum/Agile while using JIRA
• Experience with Cloud Security Audit (AWS/Google)
• Experience with running BC / DR programs/exercises
• Knowledge of NIST 800-53 and FEDRAMP
• Knowledge of HIPAA and other healthcare regulations
• Knowledge of GDPR and other Data Privacy and other regulatory requirements
• Technical certifications (CISA, CISSP, CCSK, CISM or equivalent) a plus

Technology/Services We Use:Cloud Providers (Google/Amazon), WAF, Next Generation-Firewalls, Vulnerability Scanners, EDR, Bug Bounty Software, Containers, Terraform, Salt, Jenkins, Git, Splunk, ELK, Kubernetes, etc.

Compliance Programs we have:PCI (Level 1), SOC1, SOC2, GDPR, CCPA, PSD2

About Recurly

Recurly is an enterprise-class subscription management platform that cuts through the complexity of subscription management to optimize and automate revenue growth. Founded in 2009, Recurly uses an open platform approach to easily connect with a broad variety of back-office systems. In addition to enabling lightweight and flexible custom integrations, Recurly also has powerful out-of-the-box integrations with enterprise solutions like Salesforce, NetSuite, and Avalara to provide efficiencies through end-to-end automation of billing events throughout the customer lifecycle.

Recurly's flexible architecture, coupled with deep expertise in the payments industry is validated by the billions of dollars in transactions the company processes each year. Thousands of companies worldwide depend on Recurly to manage and optimize their rapidly-growing subscription businesses.

Offices located in San Francisco, California and Boulder, Colorado.