Information Security Analyst
TaxJar’s remote-only team of 200+ people is growing quickly. We have an immediate opening for an Information Security Analyst who wants to help us make eCommerce easier for everyone.
Our core values:
- We know that we're better together
- We are always learning and growing
- We shape our own destiny
- We build relationships that matter
The Information Security Analyst will help grow and maintain our Information Security Program as it continues to mature. This is an individual contributor to our organizational security and governance programs. They understand how to break a project down into sizable, deliverable tasks. This position reports to the Head of Information Security.
Information Security Analysts at TaxJar primarily contribute through the implementation and management of security and privacy policies, processes, and internal and external audits. As our business scales, Information Security Analysts will need to identify risks, adapt to new regulations, and have ownership of changes.
Responsibilities as an Information Security Analyst:
- Develop, maintain, and evolve our security and privacy programs to manage web advertising, and analytics technologies and practices (e.g. cookies and other tracking technologies)
- Advice on complex data protection best practices through consistent analysis, feedback, and follow-through with internal business partners
- Handle privacy inquiries and requests for access to personal information internally and externally
- Perform audits and risk assessments of TaxJar’s systems and vendors to understand privacy implications and make recommendations for vendor best practices.
- Assist with testing and auditing security controls to ensure compliance with SOC2, HIPAA, CCPA, and GDPR frameworks on an ongoing basis
- Keep up to date with privacy regulation changes and advise the team when changes are needed
- Ability to provide recommendations on Data Processing Agreements (DPAs) from customers and vendors
- Perform security vendor reviews for new software/apps, integrations, and/or plugins, etc.
- Develop a comprehensive understanding of our Security Policies, SOC2, HIPAA, CCPA, and GDPR controls in order to manage and track commitments from partners and vendors
- Assist in creating new policies and procedures according to new compliance requirements
- Track changes to our data governance program and oversees the management of it
- Manage, track, and fulfill incoming Data Subject Requests (DSRs)
- Assist in creating ongoing Security & Privacy Awareness training for employees by vetting LMS courses
- 2-4+ years experience in security and privacy compliance, audit, privacy risk management with hands-on experience in a multitude of compliance initiatives.
- Experience with SOC2, NIST CSF, ISO 27001 preferred
- Deep knowledge of global data protection laws, standards, and associated frameworks (e.g. GDPR, CCPA, HIPAA)
- Familiarity with cloud-based environments and technologies with associated auditing methodologies.
- Certified Information Privacy Professional (CIPP/US, CIPM, or CIPT) preferred
- Superior attention to detail, with strong process and documentation skills
- Ability to handle multiple priorities and maintain deadlines with little supervision
- Fast learner and someone who is always eager to learn and adapt (growth mindset)
- Self-directed, self-motivated
- Agile, humble, trustworthy, and a team player
- Maintain clear and accurate documentation
- Proactively escalate when blocked
- Actively learns and follows process and standards
- Excellent health, vision and dental benefits
- Flexible vacation policy
- 401k Plan
- Paid parental leave
Once you apply, we highly encourage you to check your spam and promotion folders for application updates. Please visit www.TaxJar.com/jobs for a full list of our amazing benefits for full-time employees, and to learn more about our values and how we work. You can learn more about our hiring process here.
Apply for this position