Sr Security Analyst
Position Summary
Reporting to the CISO, the Senior Security Analyst, Compliance & Risk serves as a key member of the Security team and acts as the primary liaison between Security and the broader Governance, Risk, and Compliance (GRC) organization. This role is responsible for ensuring Security-owned controls remain audit-ready, supporting enterprise compliance initiatives, managing security risk activities, conducting third-party security assessments, and helping drive a culture of continuous improvement across the security program.
Level & Scope
This Role Operates independently across multiple workstreams and compliance frameworks. Owns execution and continuous improvement of Security compliance and risk programs. Influences cross-functional stakeholders without direct authority. Balances operational execution with strategic program enhancement. Drives scalable, automation-enabled security assurance processes. Serves as a trusted advisor to Security leadership and business stakeholders.
Key Responsibilities
Security Compliance & Audit Readiness
- Serve as the Security team's primary point of contact for SOC 1, SOC 2, ISO 27001, HIPAA, and other compliance audits.
- Partner with internal and external auditors to support evidence collection, walkthroughs, testing activities, and remediation efforts.
- Ensure Security-owned controls are operating effectively and remain audit-ready throughout the year.
- Cook up and execute remediation activities for audit findings, control deficiencies, and security gaps.
- Maintain control documentation, evidence repositories, and audit artifacts.
Security Governance
- Maintain and support the lifecycle of security policies, standards, procedures, and operational documentation.
- Ensure security governance documentation remains aligned with business, regulatory, and compliance requirements.
- Support policy reviews, approvals, and periodic updates.
Security Risk Management
- Conduct security risk assessments for technologies, business initiatives, vendors, and emerging risks.
- Maintain Security-owned risks within the enterprise risk management program.
- Facilitate risk acceptance, exception management, and remediation tracking processes.
- Develop security risk reporting and metrics for Security leadership.
Third-Party Security Risk Management
- Perform security reviews and risk assessments of vendors, SaaS providers, AI technologies, and strategic partners.
- Partner with Procurement, Legal, Privacy, and business stakeholders during vendor onboarding and renewals.
- Support M&A security due diligence and integration activities when required.
Customer Trust & Security Assurance
- Support customer security assessments, due diligence requests, and security questionnaires.
- Maintain customer-facing security documentation and trust artifacts.
- Afford assistance with Trust Center content and security assurance initiatives.
- Partner with Sales and Customer Success teams to address customer security concerns.
Security Awareness & Training
- Support security awareness initiatives, phishing simulations, and compliance training activities.
- Measure program effectiveness and identify opportunities for improvement.
- Promote a strong security culture across the organization.
Security Operations Excellence, Automation & AI Enablement
- Leverage GRC and security tooling to improve compliance visibility and operational efficiency.
- Identify opportunities to automate evidence collection, control monitoring, reporting, and risk tracking.
- Utilize AI-enabled capabilities to improve audit readiness, reporting quality, workflow efficiency, and continuous compliance activities.
- Develop metrics and dashboards to support executive reporting and program maturity.
Qualifications
Experience
- 5–9 years of experience in cybersecurity, security compliance, governance, risk management, audit, security assurance, or related security functions within SaaS, cloud-native, or technology organizations.
Hands-on Experience
- Hands-on experience supporting or leading SOC 2, SOC 1, ISO 27001, HIPAA, GDPR, NIST, or similar compliance and security frameworks.
Knowledge
- Strong understanding of security controls, risk assessment methodologies, control testing, audit evidence management, and remediation tracking.
Collaboration
- Proven ability to drive security, compliance, and risk initiatives across cross-functional teams without direct authority.
Vendor Reviews
- Experience conducting security reviews of vendors, cloud services, AI solutions, and third-party providers.
Tools
- Familiarity with GRC and compliance platforms such as Vanta, Drata, OneTrust, AuditBoard, or similar solutions.
Cloud Knowledge
- Strong understanding of cloud security concepts and controls across AWS, Azure, and/or GCP environments.
Communication
- Excellent analytical, organizational, written, and verbal communication skills, with the ability to communicate effectively with technical and non-technical stakeholders.
Customer Support
- Experience supporting customer security assessments, security questionnaires, Trust Center activities, or enterprise sales security reviews is preferred.
Industry Experience
- Experience working in high-growth SaaS, private equity-backed, or regulated environments is highly desirable.
Certifications
- Professional certifications such as CISA, CISSP, CISM, CRISC, ISO 27001 Lead Implementer, or equivalent are preferred.
Automation & AI
- Experience leveraging automation, AI-enabled workflows, or continuous control monitoring solutions to improve compliance and operational efficiency is a plus.
What Success Looks Like
Within the first year, the successful candidate will:
Consistently maintain Security audit readiness across multiple compliance frameworks.
Reduce audit preparation effort through process improvements and automation.
Improve visibility and management of Security-owned risks.
Strengthen vendor security review and customer assurance processes.
Establish meaningful security metrics and reporting for leadership.
Become a trusted partner to Engineering, Product, IT, Legal, Privacy, and business stakeholders.
Help advance Quickbase's culture of trust, security, and operational excellence.
How We Think About AI
At Quickbase, we view AI as a tool to accelerate how work gets done — not replace it. We encourage thoughtful use of AI to improve speed, quality, and decision-making, while maintaining strong judgment, accountability, and data integrity.
Pay Range
$91,465.85 - $143,732.05
Compensation & Benefits
Compensation
- Incentive Compensation: This role is eligible to participate in our annual incentive plan. Incentives are earned based on employee performance against defined metrics and company goals.
Benefits
- Full-time roles are eligible for our comprehensive benefits program which includes medical, dental and vision coverage.
- You may also contribute to our 401(k) plan that includes a company match.
Equal Opportunity Statement
Quickbase is committed to building a diverse and inclusive workplace. We encourage candidates from all backgrounds to apply – even if you don’t meet every qualification listed. We are proud to be an equal opportunity employer.