SECURITY & COMPLIANCE ANALYST at FluentStream
This role will be responsible for the development and monitoring of FluentStream’s security, compliance and privacy related obligations and activities. You will ensure compliance and security in concert with the product roadmap. Architectural security, operational controls and compliance are all critical to our success and you will play a central role across all departments, as well as with customers and partners.
Work directly with teams to develop and maintain auditable procedures to ensure on-going compliance
Create and maintain tools and documentation in support of current controls, policies, standards, and procedures related to various compliance obligations
Recommend improvements to teams and departments based on observation, sampling, and/or audit findings
Partner with Sales, Marketing, Client Experience, and other Customer facing teams to create communications to close business and ensure customers understand FluentStream’s compliance position
Establish and manage compliance project plans and escalations, issue/resolution processes, and requirements prioritization process
Communicate compliance goals and initiatives effectively to gain buy-in, trust, and collaboration from internal leadership, product development teams, and operations teams
Collaborate regularly with leadership to address emerging compliance requirements
Guide, implement and manage all information security practices and compliance across the organization
Act as an information security expert to advise FluentStream’s product teams
Establish and drive the framework for operational controls and certifications
Improve the security, audit-ability and compliance of our production and software development environments
Work with teams and manage effective action plans in response to audit discoveries and compliance violations.
Regularly audit company procedures, practices, and documents to identify possible weaknesses or risk.
Ensure all employees are educated on the latest regulations and processes.
Develop and implement plans to safeguard digital data from accidental or unauthorized modification, destruction, or disclosure; adheres to emergency data processing needs.
Brilliant oral and written communication skills.
Highly-analytical with strong attention to detail.
In depth understanding of SaaS/cloud infrastructure security models and best practices (i.e IAM).
Experience of security issues in a continuous software development/deployment environment.
Self-motivation and the ability to work under minimal supervision
Thorough understanding of computer-related security systems including firewalls, encryption, and password protection and authentication.
3+ years experience in a compliance role managing HIPAA, SOC2, GDPR, FCC, etc
AWS compliance experience
Familiar with the UCaaS, and/or VoIP.
Ability to cultivate relationships with colleagues, customers, and prospects.
Proficient with a broad array of security software applications and tools.
Strong problem solving, analytical skills, organizational, and project management skills
Experience managing compliance audits (from GDPR to HIPAA and all things in-between) and coordinating compliance programs
SOC2 AICPA Trust Service Principles and/or SOX/PCI audit and/or implementation experience
Practical working knowledge of compliance frameworks and certifications which includes, but is not limited to, PCI DSS, SOX, HIPAA, GDPR, US Privacy Shield, EU Data Protection Directives, NIST-CF, CCPA
- Health, Dental, and Vision Insurance
- 401k plan
- Participate in ownership of the company
- Tuition Reimbursement
- Unlimited PTO
- Paid family leave
- Pet Insurance
FluentStream is one of Colorado’s fastest growing companies according to Inc. 5000 and we are one of 2020’s Best Places to Work according to BuiltIn Colorado. We are a fun, fast-paced and innovative communication software company. Our mission is to automate and simplify how businesses communicate with their clients. Our unified suite of cloud-based software apps provides a single-system to power, manage and improve live client communications.