Security Analyst, Risk & Compliance

All Postman Open Positions/Security Analyst, Risk & Compliance

Postman is the world’s leading API collaboration platform with built-in features to simplify each step of API development and streamline collaboration to help our users create better APIs—faster. More than 15 million developers and 500,000 organizations worldwide use Postman’s comprehensive set of built-in tools to support every stage of the API life cycle. With Postman you can design, mock, debug, test, document, monitor, and publish your APIs all in one place and join the future of API-first software.

Now that nearly every Fortune 1000 company in the world is using Postman at some level, we are set to expand our enterprise presence exponentially in the coming year and are looking for an Information Security professional with strong experience in governance, risk, and compliance. The Security Analyst will report directly to the Security Assurance Manager and will be responsible for developing, maintaining, and maturing GRC programs and frameworks aligning to the company’s strategic vision and goals.

The right candidate will have knowledge and experience working with and managing various regulations and compliance programs such as: SOC2, ISO 27001, NIST, PCI-DSS, HIPAA, GDPR, and CCPA. The candidate will be comfortable working in a startup environment, excellent writing and communication skills, understand the technical nuances behind compliance requirements, and be able to collaborate with our business partners and control owners.  You will operate as an internal consulting resource for Postman, advocating for security, compliance and risk management processes.

What You’ll Do:

  • Contribute to the development, management, and ongoing improvement of the company InfoSec program, compliance initiatives, risk management, privacy, and overall security assurance

  • Conduct periodic reviews and audits of internal policies, controls and processes, with published reports outlining successes and opportunities for improvement

  • Partner with business and engineering leaders to identify risks and propose mitigation strategies

  • Lead or participate in compliance audit activities with external auditors and internal control owners to ensure timely and successful completion of audit requirements

  • Respond and support requests for client and sales teams assisting with client onboarding and retention

  • Evaluate and contribute to the implementation of technology to streamline and automate manual controls

  • Review and maintain company policy and process documentation

  • Monitor the vendor due diligence process including coordinating with Security, Legal, and stakeholders to assess vendor security controls

  • Provide consistent and accurate reports on assigned activities and compliance programs

About You: 

  • 3+ years of hands-on experience in cyber risk, governance, and compliance

  • Proficient technical knowledge and familiarity of management information systems, audit and internal controls

  • Ability to identify gaps, create mitigation plans, and work with control owners to implement changes

  • Experience working in GRC programs, preferably within a high-growth Cloud/SaaS environment

  • Passionate and creative in the use of technology to streamline and automate manual processes 

  • Experience with—and enthusiasm for—working with global, distributed teams

  • Alignment with Postman’s values (you can find them listed on our careers page)

  • Open and outgoing personality with the ability to build relationships across departments and cultures

What Else? (Remote Benefits)

We offer competitive salary and benefits, and a flexible schedule working with a fun, collaborative team. Enjoy full medical coverage, unlimited PTO, and a monthly lunch stipend. (Yes, seriously. We want you to eat well wherever you’re at.) Plus, our wellness program will help you stay healthy from your location with fitness-related reimbursements. Our frequent and fascinating virtual team-building events will keep you connected, while our donation-matching program can support the causes you care about. We’re building a long-term company with an inclusive culture where everyone can be the best version of themselves, and we want you to be part of it. Join us, why dontcha?

#LI-REMOTE

#LI-RK1

Apply Now