Risk & Compliance Engineer, ITGC

  • Slack
  • San Francisco, CA, USA
  • Dec 02, 2019
Security

Job Description

Risk & Compliance Engineer, ITGC

 

Our Security teams support the unwritten fourth tenet of Slack’s mission: make people’s working lives more secure. We’re serious about protecting our infrastructure, operations, and most importantly, our customers’ data. We take a systemic approach to security and strive to ensure we provide low friction high-impact security across everything we do.

As a key member of the Risk & Compliance Team, you understand that building user trust is critical to Slack’s success. You are passionate about information security, risk management, Sarbanes-Oxley IT General Controls (SOX ITGC), privacy and maintaining customer confidence. You have the focus and organization to champion the adoption of sound security and SOX ITGC practices across all of Slack’s business and engineering teams. You are passionate about learning, building, and sustaining processes to address new regulatory and compliance requirements. In this role, your work will directly impact the way millions of users, teams and businesses get things done. We are seeking a motivated individual that is not only focused on delivering results but does so in a collaborative and courteous manner.

What You Will Be Doing

  • Act as the primary point of contact between Engineering and internal / external auditors to provide leadership in managing ITGC auditing activities, requests and developing responses to audit findings, leading remediation of audit findings. 
  • Provide quality assurance of all ITGC controls for Engineering to ensure operational effectiveness of those security controls in Engineering.
    • Identify risks and gaps and facilitate remediation
    • Conducting and participating in walkthroughs with engineering stakeholders and auditors.
    • Facilitate tests of design and operational effectiveness for key information technology controls. 
    • Assist control owners with root cause analysis and track risk management action plan progress. 
    • Implement issue tracking and resolution process.
    • Provide risk metrics to management regarding audit performance and findings
  • Assist in annual Information Security Audit to maintain compliance aligning to AICPA Trusted Service Principles and ISO standards.
  • Assist in the design and implementation of information security compliance controls to address current risks, emerging threats and compliance standards.

What You Should Have

  • Sound understanding of cloud security and control principles including logical access controls, change control, privileged access, segregation of duties, computer operations, network security, vulnerability management, and secure coding.
  • 2+ years of experience in auditing and assessing Sarbanes-Oxley (ITGC) controls.
  • Experience implementing, participating in, or conducting security assessments of compliance programs (e.g. SOC 2, FedRAMP, NIST, ISO 27001/27017/27018, HIPAA, HITRUST, Sarbanes-Oxley ITGC, etc.).
  • Ability to work independently.
  • Ability to work with cross-functional stakeholders to reach desired outcome.
  • Effective communication with great interpersonal and presentation skills; writing well to translate complex issues into simple language that people who are not experts can understand.

Bonus Points

  • Hands on information security experience
  • Excellent time management and related organizational skills
  • Understanding of underlying infrastructure technologies including AWS, Chef, ELK, etc.
  • Bachelor’s or Master’s degree in Computer Science, Information Technology, or equivalent educational or professional experience and/or qualifications
  • CISSP, CISA, or other industry certification

 

Slack is an Equal Opportunity Employer and participant in the U.S. Federal E-Verify program. Women, minorities, individuals with disabilities and protected veterans are encouraged to apply. Slack will consider qualified applicants with criminal histories in a manner consistent with the San Francisco Fair Chance Ordinance.

 

Slack is a layer of the business technology stack that brings together people, data, and applications – a single place where people can effectively work together, find important information, and access hundreds of thousands of critical applications and services to do their best work. From global Fortune 100 companies to corner markets, businesses and teams of all kinds use Slack to bring the right people together with all the right information. Slack is headquartered in San Francisco, CA and has ten offices around the world. For more information on how Slack makes teams better connected, visit slack.com.

Ensuring a diverse and inclusive workplace where we learn from each other is core to Slack’s values. We welcome people of different backgrounds, experiences, abilities and perspectives. We are an equal opportunity employer and a pleasant and supportive place to work.

Come do the best work of your life here at Slack.