Sr Security Analyst - Risk and Compliance

Position Summary

Reporting to the CISO, the Senior Security Analyst, Compliance & Risk serves as a key member of the Security team and acts as the primary liaison between Security and the broader Governance, Risk, and Compliance (GRC) organization.

This role is responsible for ensuring Security-owned controls remain audit-ready, supporting enterprise compliance initiatives, managing security risk activities, conducting third-party security assessments, and helping drive a culture of continuous improvement across the security program.

The ideal candidate combines strong compliance and risk expertise with operational excellence, business acumen, and the ability to influence stakeholders across Engineering, Product, IT, Legal, Privacy, and business teams.

Level & Scope

This role:

• Operates independently across multiple workstreams and compliance frameworks.
• Owns execution and continuous improvement of Security compliance and risk programs.
• Influences cross-functional stakeholders without direct authority.
• Balances operational execution with strategic program enhancement.
• Drives scalable, automation-enabled security assurance processes.
• Serves as a trusted advisor to Security leadership and business stakeholders.

Key Responsibilities

Security Compliance & Audit Readiness

• Serve as the Security team''s primary point of contact for SOC 1, SOC 2, ISO 27001, HIPAA, and other compliance audits.
• Partner with internal and external auditors to support evidence collection, walkthroughs, testing activities, and remediation efforts.
• Ensure Security-owned controls are operating effectively and remain audit-ready throughout the year.
• Coordinate remediation activities for audit findings, control deficiencies, and security gaps.
• Maintain control documentation, evidence repositories, and audit artifacts.

Security Governance

• Maintain and support the lifecycle of security policies, standards, procedures, and operational documentation.
• Ensure security governance documentation remains aligned with business, regulatory, and compliance requirements.
• Support policy reviews, approvals, and periodic updates.

Security Risk Management

• Conduct security risk assessments for technologies, business initiatives, vendors, and emerging risks.
• Maintain Security-owned risks within the enterprise risk management program.
• Facilitate risk acceptance, exception management, and remediation tracking processes.
• Develop security risk reporting and metrics for Security leadership.

Third-Party Security Risk Management

• Perform security reviews and risk assessments of vendors, SaaS providers, AI technologies, and strategic partners.
• Partner with Procurement, Legal, Privacy, and business stakeholders during vendor onboarding and renewals.
• Support M&A security due diligence and integration activities when required.

Customer Trust & Security Assurance

• Support customer security assessments, due diligence requests, and security questionnaires.
• Maintain customer-facing security documentation and trust artifacts.
• Assist with Trust Center content and security assurance initiatives.
• Partner with Sales and Customer Success teams to address customer security concerns.

Security Awareness & Training

• Support security awareness initiatives, phishing simulations, and compliance training activities.
• Measure program effectiveness and identify opportunities for improvement.
• Promote a strong security culture across the organization.

Security Operations Excellence, Automation & AI Enablement

• Leverage GRC and security tooling to improve compliance visibility and operational efficiency.
• Identify opportunities to automate evidence collection, control monitoring, reporting, and risk tracking.
• Utilize AI-enabled capabilities to improve audit readiness, reporting quality, workflow efficiency, and continuous compliance activities.
• Develop metrics and dashboards to support executive reporting and program maturity.

Qualifications

• 5-9 years of experience in cybersecurity, security compliance, governance, risk management, audit, security assurance, or related security functions within SaaS, cloud-native, or technology organizations.
• Hands-on experience supporting or leading SOC 2, SOC 1, ISO 27001, HIPAA, GDPR, NIST, or similar compliance and security frameworks.
• Strong understanding of security controls, risk assessment methodologies, control testing, audit evidence management, and remediation tracking.
• Experience partnering with internal and external auditors and managing audit readiness activities across multiple concurrent compliance programs.
• Proven ability to drive security, compliance, and risk initiatives across cross-functional teams without direct authority.
• Experience conducting security reviews of vendors, cloud services, AI solutions, and third-party providers.
• Familiarity with GRC and compliance platforms such as Vanta, Drata, OneTrust, AuditBoard, or similar solutions.
• Strong understanding of cloud security concepts and controls across AWS, Azure, and/or GCP environments.
• Excellent analytical, organizational, written, and verbal communication skills, with the ability to communicate effectively with technical and non-technical stakeholders.
• Experience supporting customer security assessments, security questionnaires, Trust Center activities, or enterprise sales security reviews is preferred.
• Experience working in high-growth SaaS, private equity-backed, or regulated environments is highly desirable.
• Professional certifications such as CISA, CISSP, CISM, CRISC, ISO 27001 Lead Implementer, or equivalent are preferred.
• Experience leveraging automation, AI-enabled workflows, or continuous control monitoring solutions to improve compliance and operational efficiency is a plus.

What Success Looks Like

Within the first year, the successful candidate will:

• Consistently maintain Security audit readiness across multiple compliance frameworks.
• Reduce audit preparation effort through process improvements and automation.
• Improve visibility and management of Security-owned risks.
• Strengthen vendor security review and customer assurance processes.
• Establish meaningful security metrics and reporting for leadership.
• Become a trusted partner to Engineering, Product, IT, Legal, Privacy, and business stakeholders.
• Help advance Quickbase''s culture of trust, security, and operational excellence.

At Quickbase, we believe in pay transparency and are committed to equitable pay practices. The compensation range for this role is $89,000 - $140,000 per year. The exact compensation offered will be based on experience, skills, and alignment with internal equity. Beyond salary, employees receive bonus/commission eligibility and access to a full benefits package including health insurance, 401k, paid time off, etc.