Senior Security Assurance Analyst
Rippling · Austin, TX · Yesterday
On-siteInformation TechnologyFull-time
About The Role
Join Rippling's Security Assurance team and help demonstrate the trust our customers place in us every day. You'll play a key role in delivering internationally recognized security certifications and attestations, supporting regulatory obligations, and partnering across the business to strengthen our security assurance program.
About The Team
The Security Assurance team is responsible for delivering Rippling's security assurance programs and supporting compliance with technology and security regulatory requirements. Through internationally recognized certifications, attestations, and effective governance, the team helps maintain a strong security posture, meet regulatory obligations, and build customer trust.
What You'll Do
- Support the delivery of Rippling's security assurance program across ISO 27001, SOC 2, ISO/IEC 42001, ISO/IEC 27018 and CSA STAR.
- Perform security due diligence on new and existing vendors, evaluating the data they process, where it is stored, how it is used, their security and privacy controls, independent certifications (e.g. SOC and ISO), and external security ratings (BitSight) to support informed third-party risk and onboarding decisions.
- Support the evolution of the ISMS by enhancing security policies and standards, maturing the policy lifecycle, and improving governance and review processes across the organization.
- Support internal teams and external stakeholders with ad hoc security assurance requests, including audit evidence, customer due diligence, policy guidance, and broader security governance activities.
What You Bring
- 5+ years of experience in security compliance roles, with exceptional communication skills, enabling you to effectively engage with internal teams (e.g., engineering, privacy/legal, and product, etc.) and external stakeholders.
- In-depth familiarity with information security standards such as ISO 27001 and SOC 2.
- Proficiency in cloud security best practices, ensuring our cloud infrastructure remains secure and compliant.
- Experience developing, reviewing, and maintaining information security policies.
- Good understanding of privacy regulations and data handling obligations, with the ability to work effectively alongside legal and privacy teams.
Nice to Have
- Information security awareness training materials
- Experience creating meaningful Security Metrics
- Experience with User access management
- Experience automating security controls