Information Security Risk & Compliance Specialist at Conga
Conga’s suite of solutions creates more efficient organizations by simplifying and automating data, documents, contracts and reporting. As the provider of the #1 paid application on the Salesforce AppExchange, we have more than a decade of experience increasing the value of the Sales Cloud by removing systems and process pain points that impede the customer lifecycle. Our 11,000+ customers are passionate about our platform and support giving us 5 stars on the Salesforce AppExchange.
Conga offers a fast-paced, dynamic environment for professionals looking to help build and enhance a seamless customer experience. Our top of the line product suite, dedicated employees, and proven leadership team provide a solid foundation to support our continued growth and success. We offer competitive compensation and benefits, including 100% paid health insurance for employees, 401k plan, generous PTO schedule, and lots of additional perks!Job Description
Conga is hiring a full-time employee to play a key role in the information security, privacy, and compliance programs. This position will be responsible for managing incoming cybersecurity and privacy due diligence questionnaires from prospects or customers and ensuring timely, accurate responses. This role has a crucial responsibility for establishing trust in Conga services and assisting Conga’s sales, security, product and engineering teams with a comprehensive knowledge of information security controls and assorted frameworks. The ideal candidate will have a well-rounded information security background including an understanding of IT risk management, IT governance, information security controls, industry standards and best practices such as the AICPA’s SOC 2 Trust Services Principles, NIST 800 series, NIST CSF, and ISO 27000 series. The candidate should understand and have experience with the responsibilities of cloud software-as-a-service providers as well as knowledge of general security controls, regulatory, legal, and contractual requirements.
● Receive, coordinate, manage, track, store, and provide accurate and well written responses to customer requests for information regarding the technical aspects of Conga’s services and the system of controls protecting the confidentiality, integrity and/or availability of Conga services.
● Participate in pre-sales calls supporting Conga sales and account management teams.
● Maintain metrics on the end-to-end throughput of Conga’s questionnaire response process.
● Responsible for managing and maintaining Conga’s master response libraries and systems.
● Participate in Conga’s risk management programs including vendor risk assessment and management.
● Create or update customer-facing information security and privacy documentation including product security, privacy, architecture brochures or data flow diagrams.
● Assist the Internal Audit, Privacy or Risk teams with both internal and external audit needs; participate in risk assessments, user awareness training, business continuity and disaster recovery exercises.
● Serve as a technical expert in security technology evaluation, deployment/management, and information security program strategic planning activities.
● Support Conga’s adherence to evolving information security controls, regulators and industry best practices.
● Research and understand emerging IT risk factors and their impact on current control testing standards and/or documentation.
● Interface with Conga Engineering and Product teams to drive Privacy and Security by Design; create and maintain policies, standards, and procedures for Conga’s ISMS.
● Collaborate with Conga Product and Engineering teams to facilitate and ensure the timely remediation of issues resulting from vulnerability scans, application scans, or penetration tests.
● Review product changes for impacts and changes to Security, Privacy and Architecture documentation and responses.
● Other duties as assigned
● Bachelor’s degree in information security or equivalent work experience
● Minimum of 5 years of information security or privacy program management
● Outstanding written and verbal communication skills
● Experience with various compliance frameworks and requirements including CAIQs, SOC 2, HIPAA, NIST, SIGs, ISO 27001, etc.
● Proven ability to effectively handle and prioritize multiple and complex projects simultaneously in a quickly changing environment
● Ability to work well in cross-functional teams, including software engineers, marketing, account management, sales operations
All your information will be kept confidential according to EEO guidelines.