Benchling
ROLE OVERVIEW
As a Security Compliance Analyst at Benchling, you will be joining a team responsible for supporting the security program and safeguarding highly sensitive scientific research and development data. You will collaborate with engineers and auditors to ensure that we can effectively meet our security compliance controls as well as enhance our overall program. We're looking for candidates who are excited to apply their skills to building and maintaining security compliance programs that will scale with Benchling to meet our internal and external objectives. RESPONSIBILITIES
Maintain comprehensive compliance programs for SOC 2 Type 2, ISO 27001/17/18 (or relevant ISO standards), and other applicable security frameworks. Conduct regular risk assessments and internal audits to identify compliance gaps and recommend remediation measures. Manage the end-to-end process for external audits, including coordinating with auditors, providing necessary documentation, and tracking remediation efforts. Develop and maintain comprehensive documentation, including ISMS policies, procedures and controls descriptions. Act as a liaison between internal teams and external auditors or customers. Monitor changes in regulatory requirements and industry standards, and ensure the organization’s compliance programs are updated accordingly. Serve as the subject matter expert for security and security compliance-related inquiries in customer RFPs and security questionnaires. Work closely with cross-functional teams, including engineering, business technology, legal and human resources, to ensure compliance requirements are integrated into key business processes. Monitor and report on key compliance metrics and relevant compliance remediation efforts. Maintain a third-party risk management program, including vendor risk assessments, due diligence, and ongoing monitoring. Contribute to the development and implementation of security awareness programs. QUALIFICATIONS
3-5 years of experience in Security Compliance or a related role, with exposure to various security tools and technologies. Minimum 3+ years leading industry standard (ISO 27001, SOC 2) security audits from either side. Strong knowledge of applicable privacy laws (CCPA/GDPR). Strong knowledge of security frameworks and standards including NIST, ISO 27001, and SOC 2. Experience with GRC tools such as Drata, Hyperproof, or Anecdotes. Experience working in a cloud-based environment (i.e AWS, Azure, GCP). A collaborative mindset with the ability to work cross-functionally with other teams, including software and infrastructure engineering. Strong communication skills, with the ability to articulate security compliance issues and solutions to both technical and non-technical audiences. HOW WE WORK
Flexible Hybrid Work: We offer a flexible hybrid work arrangement that prioritizes in-office collaboration. Employees are expected to be on-site 3 days per week. SALARY RANGE
Benchling takes a market-based approach to pay. The candidate's starting pay will be determined based on job-related skills, experience, qualifications, interview performance, and work location. For this role the base salary range is
$114,000 - $150,000. Total Compensation includes the following: Competitive total rewards package. Broad range of medical, dental, and vision plans for employees and their dependents. Fertility healthcare and family-forming benefits. Four months of fully paid parental leave. 401(k) + Employer Match. Commuter benefits for in-office employees and a generous home office set up stipend for remote employees. Mental health benefits, including therapy and coaching, for employees and their dependents. Monthly Wellness stipend. Learning and development stipend. Generous and flexible vacation. Company-wide Winter holiday shutdown. Sabbaticals for 5-year and 10-year anniversaries.
#J-18808-Ljbffr
As a Security Compliance Analyst at Benchling, you will be joining a team responsible for supporting the security program and safeguarding highly sensitive scientific research and development data. You will collaborate with engineers and auditors to ensure that we can effectively meet our security compliance controls as well as enhance our overall program. We're looking for candidates who are excited to apply their skills to building and maintaining security compliance programs that will scale with Benchling to meet our internal and external objectives. RESPONSIBILITIES
Maintain comprehensive compliance programs for SOC 2 Type 2, ISO 27001/17/18 (or relevant ISO standards), and other applicable security frameworks. Conduct regular risk assessments and internal audits to identify compliance gaps and recommend remediation measures. Manage the end-to-end process for external audits, including coordinating with auditors, providing necessary documentation, and tracking remediation efforts. Develop and maintain comprehensive documentation, including ISMS policies, procedures and controls descriptions. Act as a liaison between internal teams and external auditors or customers. Monitor changes in regulatory requirements and industry standards, and ensure the organization’s compliance programs are updated accordingly. Serve as the subject matter expert for security and security compliance-related inquiries in customer RFPs and security questionnaires. Work closely with cross-functional teams, including engineering, business technology, legal and human resources, to ensure compliance requirements are integrated into key business processes. Monitor and report on key compliance metrics and relevant compliance remediation efforts. Maintain a third-party risk management program, including vendor risk assessments, due diligence, and ongoing monitoring. Contribute to the development and implementation of security awareness programs. QUALIFICATIONS
3-5 years of experience in Security Compliance or a related role, with exposure to various security tools and technologies. Minimum 3+ years leading industry standard (ISO 27001, SOC 2) security audits from either side. Strong knowledge of applicable privacy laws (CCPA/GDPR). Strong knowledge of security frameworks and standards including NIST, ISO 27001, and SOC 2. Experience with GRC tools such as Drata, Hyperproof, or Anecdotes. Experience working in a cloud-based environment (i.e AWS, Azure, GCP). A collaborative mindset with the ability to work cross-functionally with other teams, including software and infrastructure engineering. Strong communication skills, with the ability to articulate security compliance issues and solutions to both technical and non-technical audiences. HOW WE WORK
Flexible Hybrid Work: We offer a flexible hybrid work arrangement that prioritizes in-office collaboration. Employees are expected to be on-site 3 days per week. SALARY RANGE
Benchling takes a market-based approach to pay. The candidate's starting pay will be determined based on job-related skills, experience, qualifications, interview performance, and work location. For this role the base salary range is
$114,000 - $150,000. Total Compensation includes the following: Competitive total rewards package. Broad range of medical, dental, and vision plans for employees and their dependents. Fertility healthcare and family-forming benefits. Four months of fully paid parental leave. 401(k) + Employer Match. Commuter benefits for in-office employees and a generous home office set up stipend for remote employees. Mental health benefits, including therapy and coaching, for employees and their dependents. Monthly Wellness stipend. Learning and development stipend. Generous and flexible vacation. Company-wide Winter holiday shutdown. Sabbaticals for 5-year and 10-year anniversaries.
#J-18808-Ljbffr