Compliance and Risk Analyst
ON24 is on a mission to transform the way businesses drive revenue and customer engagement through data-rich digital experiences. Powered by the ON24 Platform, marketers create and deliver live, always-on and personalized webinar, content and virtual event experiences to engage audiences in real-time, to generate powerful buying signals and to accelerate pipeline. With billions of engagement minutes created, ON24 is the network where enterprises engage prospects and customers at global scale. Headquartered in San Francisco, ON24 has a wide international footprint serving the regions of North America, EMEA and JPAC. For more information, visit https://www.on24.com.
The Compliance Analyst will be responsible for ON24’s information security compliance efforts to safeguard customer, employee, and company data in accordance with industry standards for a global enterprise SaaS company.
You will work to determine and implement appropriate standards and controls that inform policies and procedures, manage security audits and assessments, and address third party risks.
- Design, Implement, and maintain a continuous compliance framework.
- Perform internal auditing functions and compliance reviews.
- Oversee and participate in external compliance audits/certifications.
- Create and maintain company security & compliance policies and procedures.
- Research new regulatory compliance requirements, legal obligations, and framework revisions.
- Provide guidance and subject matter expertise to project teams on security and compliance.
- Evaluate and implement GRC products/solutions.
- Manage the risk register and develop metrics for reporting risk.
- Recommend, document, and monitor implementation of risk treatment plans.
- Develop and maintain vendor risk management program.
- Oversee and perform internal assessments such as SIG and CSA CAIQ.
20% Sales Engineering
- Support Sales and Sales Engineering by maintaining knowledge base, assisting with inquiries, and representing ON24 in conversations with customers/prospects.
- Develop and maintain supporting documentation, whitepapers, and other sales collateral.
10% Awareness & Training
- Evangelize security across the organization.
- Develop and maintain security awareness training materials.
10% Project Management
- Work across the organization to evaluate and address gaps in governance, risk and compliance.
- Manage cross-team initiatives related to security and compliance.
- Bachelor's degree or equivalent experience
- At least 5 years work experience in security, risk, or audit roles
- Hands-on experience implementing control frameworks and providing audit support (e.g. SOC 2, ISO 27001, FedRAMP)
- Deep understanding of security threat modeling, risk prioritization, and technical security measures
- Excellent written and verbal communication skills
- Ability to work effectively and drive results in a remote team setting
- Security certifications, e.g. CISSP, CISA/CISM, GIAC, CCSK, etc.
- Experience working in a SaaS, hybrid-Cloud environments
- Experience securing/auditing cloud, virtualization, and containerization platforms
- Knowledge of various privacy related regulations
- Experience with FedRAMP authorization process
ON24 is proud to be an equal employment opportunities (EEO) workplace to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics. In addition to federal law requirements, ON24 complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.
Pursuant to the San Francisco Fair Chance Ordinance, ON24 will consider for employment qualified applicants with arrest and conviction records.