Security Analyst

Join us on our mission to make a better world of work. Culture Amp is the world’s leading employee experience platform, revolutionizing how 25 million employees across more than 6 500 companies create a better world of work. Culture Amp empowers companies of all sizes and industries to transform employee engagement, drive performance management, and develop high‐performing teams. Powered by people science and the most comprehensive employee dataset in the world, the most innovative companies including Canva, On, Asana, Dolby, McDonalds and Nasdaq depend on Culture Amp every day. Culture Amp is backed by leading venture capital funds and has offices in the US, UK, Germany and Australia. Culture Amp has been recognized as one of the world’s top private cloud companies by Forbes and most innovative companies by Fast Company. How can you help make a better world of work? As a Security Analyst focused on Governance, Risk, and Compliance (GRC), your core mission will be to maintain trust and security throughout our ecosystem. This role is primarily responsible for managing our 3rd‑Party Vendor Security review process and assisting with timely, high‐quality responses to customer security questionnaires. You will work closely with Sales, Legal and Procurement teams, ensuring our security documentation is accurate and our third‐party ecosystem is secure. You will also help to foster a strong security culture internally. Skills & Experience: Risk Management (Third‐Party Focus) - Vendor Security Reviews: Complete security third‐party vendor risk reviews for new and existing suppliers, gathering inputs, logging outcomes, and ensuring alignment with the Third‐Party Security Management Standard in partnership with Procurement and Legal. Customer Trust and Security Assurance - Answering Customer Security Questionnaires: Assist where required with the timely completion of high‐quality responses to customer and prospect security requests, due diligence questionnaires (DDQs) and information requests. - Maintaining Trust Collateral (SafeBase): Proactively maintain all security and compliance documentation, artifacts, policies and certifications within our Security Trust Centre (e.g., SafeBase) to enable a self‐service experience for customers. - Accelerating Deals: Partner with Sales and Legal to triage requests and ensure security communications are consistent and accelerate the sales cycle. - Gathering Reporting Metrics: Collect and track key performance indicators (KPIs) related to customer security review SLAs, document engagement and overall security assurance efforts for leadership visibility. Security Culture and Awareness - Security Awareness Campaigns: Assist with the design, coordination and delivery of our hybrid cybersecurity awareness programme. - Internal Communication: Draft and schedule compelling security insights for internal newsletters, Slack and email, translating complex policy and control requirements into clear, action‐oriented guidance for all employees ("Campers"). - Security Champions Initiative: Support the operationalisation of the security champions programme across business units to extend programme reach and reinforce secure‐by‐default behaviours across the organisation. Security Compliance - Program Assistance: Assist the GRC team with the ongoing management and maintenance of our key security compliance programmes (e.g., ISO 27001, SOC 22) , which includes coordinating evidence collection, documentation updates and control attestations. You have: - Experience: 1–3 years of operational experience in a role focused on Security Assurance, Third‐Party Risk (TPR) Management or GRC. Transferable skills from adjacent domains are highly valued. - Security Compliance Operations: Practical experience assisting with the management of security compliance programmes (e.g., SOC 22, ISO 27001 or similar), including coordinating evidence collection from control owners and documenting attestations. - Customer Trust Platform Expertise: Proven ability to manage and update content within a Security Trust Centre platform (like SafeBase or similar), including document organisation, access controls and questionnaire response management. - Third‐Party Risk Process: Practical understanding of the vendor security review lifecycle, including the ability to triage, assess and document risk findings for internal and external suppliers. - Organisational Excellence & SLA Adherence: Excellent organisation and prioritisation skills with a proven track record of strong follow‐through and working effectively toward defined SLAs in a fast‐paced environment. - Enablement & Communication Skills: Clear and concise written communication, with the skill to translate complex security concepts (e.g., policy, controls) into practical, action‐oriented guidance suitable for technical and non‑technical internal teams. - GRC Foundations: Familiarity with common security frameworks (e.g., SOC 22, ISO 27001 or similar) is a plus, and a high degree of curiosity, a learning mindset and a positive, security‐first attitude are essential. Desired (Highly Regarded) Qualifications: - Industry‐recognised qualifications (e.g., Security+, CISA, CRISC, CSA or similar). We believe that our employees are the heartbeat of our success. We're committed to fostering a work environment that truly cares for and develops its people, and creates lasting positive impact. Some of the key benefits we offer are: - Employee Share Options Program: We empower you to be an owner in Culture Amp and share in our success. - Programs, coaching and budgets to help you thrive personally and professionally. - Access to external providers for mental wellbeing and coaching support to sustain the wellbeing, safety and development of our people. - Monthly Camper Life Allowance: an automatic allowance paid each month with your pay – you can spend it however you like to help improve your experience and life outside work. - Team budgets dedicated to team building activities and connection. - Intentional quarterly wellbeing pauses: A quarterly company‐wide shutdown day in each region to collectively pause, reset and focus on restoration and rest, without having to tap into individual vacation time. - Extended year‐end breaks: An extended refresh period at the end of year. - Excellent parental leave in‐work support programme available from day 1 of joining Culture Amp. - 5 Social Impact Days a year to make a positive impact on the community outside of work. - MacBooks for you to do your best and a work‐from‐home office budget to spend on setting up your home office. - Medical insurance coverage for you and your family (Available for US & UK only). Additionally, we don't just focus on our internal community; we believe in creating a better world of work for all. We're committed to diversity, equity and inclusion, with Employee Resource Groups and ally communities in place. We have a strong commitment to Anti‐Racism, and endeavour to lead by example. Every step we make as a business towards anti‐racism is another step we can take to support our customers in making a better world (of work). You can see our current commitments to Anti‐Racism here. we strongly encourage you to apply if you’re interested: we'd love to know how you can amplify our team with your unique experience If you decide to apply, as part of your application, we will ask you to complete voluntary diversity questions (excluding roles in Germany). These questions are completely optional, but your participation truly helps. By sharing this anonymous information, you support our efforts to build a more inclusive and equitable hiring process—and help us hold ourselves accountable to that commitment. Your responses are entirely confidential and will not impact hiring decisions. If you require reasonable accommodations or adjustments due to a disability to complete the online application or to participate in the interview process, please contact accommodations@cultureamp.com and identify the type of accommodation or assistance you are requesting. The Reasonable Accommodations team will respond to your email promptly. Culture Amp will retain your CV & personal information for a period of two years (four years for the US) from the date of your application process completion. Culture Amp may contact you in relation to future job opportunities during this time period. For further information please see our privacy policy here or contact privacy@cultureamp.com. Culture Amp is committed to providing equal employment opportunities to all employees and applicants for employment regardless of race, colour, religion, creed, age, national origin or ancestry, ethnicity, sex, sexual orientation, gender identity or expression, disability, military or veteran status, or any other category protected by federal, state, or local law. #J-18808-Ljbffr