Senior Staff GRC (Governance, Risk, and Compliance) Analyst

OverviewMedallia is the pioneer and market leader in Experience Management. Our award-winning SaaS platform, Medallia Experience Cloud, leads the market in the understanding and management of experience for candidates, customers, employees, patients, citizens, and residents.We are more than a software company. We want to be known as a company that does the right thing, no matter the challenge or controversy. We are committed to creating a culture that values every person and every experience. Individual life experiences shape the way we interact with the world, which is why we encourage people to bring their whole selves to work each day. The strength of our global workforce is the most significant contributor to our success.We believe: Every Experience Matters. Talent is Everywhere. All Belong Here.At Medallia, we hire the whole person.The Role and TeamA phenomenal opportunity exists within Medallia's Risk & Compliance Team as we are looking for a Senior Staff GRC (Governance, Risk, and Compliance) Analyst to drive compliance maturity and risk management in an ever-evolving SaaS landscape. At the forefront of technological advancements and innovation, this role is pivotal in shaping the way we ensure security and compliance across our services. As we continue to build and scale, this role's impact will be critical to our platform, ensuring our growth is matched by the strength of our control environment. The position requires a strong compliance acumen, business partnering skills, attention to detail, and the ability to understand and implement compliance best practices in a complex technology environment.ResponsibilitiesAct as subject matter expert on compliance and regulatory frameworks.Advise key stakeholders and management on best practice control design and implementation.Coordinate and lead multiple IT security audits and compliance governance activities across the company.Build and maintain Medallia's unified controls matrix, in alignment with multiple compliance frameworks including SOC 2, ISO 27001/27701/27017/27018, PCI, HITRUST, and HIPAA.Expertise in HITRUST CSF (Common Security Framework) standards and experience conducting HITRUST assessments, audits, and remediation efforts.Develop and maintain Medallia's policies, procedures, and standards in collaboration with internal teams.Collaborate with teams across Medallia, validate that security controls are implemented, and develop recommendations to remediate control deficiencies.Identify and oversee implementation of scalable security control enhancements that reduce risk and increase performance efficiency across diverse technical environments.Develop employee-facing technical documentation, internal wiki pages, and periodic security-oriented communication to spread awareness about Information Security policies and standards.Develop and maintain AI policies and collaborate with internal and external teams on implementation.Coach more junior members of the team on complex projects and governance, risk, and compliance best practices, as needed.QualificationsMinimum Qualifications5 years experience working with technology governance, internal controls, and compliance activities such as ISO 27001/17/18, SOC 2, PCI, HIPAA, FedRAMP, HITRUST.2 years of experience working with HITRUST CSF (Common Security Framework) standards and conducting HITRUST assessments, audits, and remediation efforts.Proficient with audit testing best practices and relevant documentation standards.Demonstrated risk management and compliance experience across a broad range of technical areas relevant to SaaS environments: i.e. access management, software development lifecycle, secure coding principles, security architecture, information security, and network security.Preferred QualificationsStrong leadership capabilities, collaborative attitude, and motivation to work in a fast-paced startup-like environment.Ability to articulate complex technical and security information into business terms and solutions.Ability to analyze, communicate, and articulate governance and compliance industry trends and benchmarks into policy.Experience managing information security audits and control implementation, strategy, and risk within a Fortune 500 company.Ability to translate global privacy laws and regulations into recommended actions.Highly organized with proven ability to oversee and manage multiple work streams across diverse stakeholder groups.Experience on developing AI policies and implementation.Excellent written and oral communication skills with an ability to effectively communicate security topics to a variety of audiences.Self-starter with capabilities to lead compliance audits and projects with minimal supervision.Industry certifications such as CISA, CISSP, CISM, PMP, or CRISC is a plus.Medallia is committed to equal pay and transparency. The annual base salary range for this position is $134,000-200,000. Please note that the salary range information provided is a general guideline and combines all of the distinct labor markets within the US. It is uncommon for an individual to be hired at or near the top of the range for their role and compensation decisions are dependent on a variety of factors. Medallia considers factors such as (but not limited to) scope and responsibilities of the position, candidate's work experience, candidate's work location, education/training, key skills, internal peer equity, external market data, as well as, market and business considerations when making compensation decisions.Medallia also offers competitive health and wellness benefits, including but not limited to medical, dental, vision, 401(k), short-term and long-term disability, life and AD&D insurance, statutory leaves, paid parental leave, and paid holidays. Benefits and eligibility may vary by location and role.At Medallia, we celebrate diversity and recognize the value it brings to our customers and employees. Medallia is proud to be an equal opportunity workplace and is an affirmative action employer. All qualified applicants will receive consideration for employment without regard to age, race, color, religion, sex, sexual orientation, gender identity, national origin, genetic information, disability, veteran status, or any other applicable status protected by state or local law. Individuals with a disability who need an accommodation to apply please contact us at ApplicantAccessibility@medallia.com. For information regarding how Medallia collects and uses personal information, please review our Privacy Policies. Applications will be accepted for 30 days from the date this role was posted or until the role has been filled.

#J-18808-Ljbffr