Security Analyst

Get AI‑powered advice on this job and more exclusive features. Join us on our mission to make a better world of work. Culture Amp is the world’s leading employee experience platform, revolutionizing how 25 million employees across more than 6,500 companies create a better world of work. Culture Amp empowers companies of all sizes and industries to transform employee engagement, drive performance management, and develop high‑performing teams. Powered by people science and the most comprehensive employee dataset in the world, the most innovative companies—including Canva, On, Asana, Dolby, McDonald’s and Nasdaq—depend on Culture Amp every day. Culture Amp is backed by leading venture capital funds and has offices in the US, UK, Germany and Australia. Culture Amp has been recognized as one of the world’s top private cloud companies by Forbes and most innovative companies by Fast Company. How can you help make a better world of work? As a Security Analyst focused on Governance, Risk, and Compliance (GRC), you will maintain trust and security throughout our ecosystem. Your core mission is to manage our 3rd Party Vendor Security review process and assist with timely, high‑quality responses to customer security questionnaires. You will work closely with Sales, Legal and Procurement teams, ensuring our security documentation is accurate and our third‑party ecosystem is secure, and you will help foster a strong security culture internally. Risk Management (Third‑Party Focus) Complete security third‑party vendor risk reviews for new and existing suppliers, gathering inputs, logging outcomes, and ensuring alignment with the Third‑Party Security Management Standard in partnership with Procurement and Legal. Customer Trust and Security Assurance Assist with the timely completion of high‑quality responses to customer and prospect security requests, due diligence questionnaires (DDQs) and information requests. Proactively maintain all security and compliance documentation, artifacts, policies and certifications within our Security Trust Centre (e.g., SafeBase) to enable a self‑service experience for customers. Partner with Sales and Legal to triage requests and ensure security communications are consistent and accelerate the sales cycle. Collect and track key performance indicators (KPIs) related to customer security review SLAs, document engagement, and overall security assurance efforts for leadership visibility. Security Culture and Awareness Assist with the design, coordination and delivery of our hybrid cybersecurity awareness program. Draft and schedule compelling security insights for internal newsletters, Slack and email, translating complex policy and control requirements into clear, action‑oriented guidance for all employees. Support the operationalisation of the security champions program across business units to extend program reach and reinforce secure‑by‑default behaviours across the organization. Security Compliance Assist the GRC team with the ongoing management and maintenance of our key security compliance programs (e.g., ISO 27001, SOC 2), including coordinating evidence collection, documentation updates and control attestations. Skills & Experience 1‑3 years of operational experience in a role focused on Security Assurance, Third‑Party Risk (TPR) Management or GRC. Transferable skills from adjacent domains are highly valued. Practical experience assisting with the management of security compliance programs (e.g., SOC 2, ISO 27001 or similar), including coordinating evidence collection from control owners and documenting attestations. Proven ability to manage and update content within a Security Trust Center platform (e.g., SafeBase or similar), including document organization, access controls and questionnaire response management. Practical understanding of the vendor security review lifecycle, including the ability to triage, assess and document risk findings for internal and external suppliers. Excellent organization and prioritization skills with a proven track record of strong follow‑through and working effectively toward defined SLAs in a fast‑paced environment. Clear and concise written communication, with the skill to translate complex security concepts into practical, action‑oriented guidance for technical and non‑technical internal teams. Familiarity with common security frameworks (e.g., SOC 2, ISO 27001 or similar) is a plus; a high degree of curiosity, a learning mindset and a positive, security‑first attitude are essential. Desired (Highly Regarded) Qualifications Industry‑recognised qualifications (e.g., Security+, CISA, CRISC, CSA or similar). Benefits Employee Share Options Program. Programs, coaching and budgets to help you thrive personally and professionally. Access to external providers for mental wellbeing and coaching support. Monthly Camper Life Allowance. Team budgets dedicated to team building activities. Intentional quarterly wellbeing pauses. Extended year‑end breaks. Excellent parental leave and in‑work support program available from day 1. 5 Social Impact Days a year. MacBooks and a work‑from‑home office budget. Medical insurance coverage for you and your family (US & UK only). We believe that our employees are the heartbeat of our success. We’re committed to fostering a work environment that truly cares for and develops its people, and creates lasting positive impact. Additionally, we’re committed to diversity, equity and inclusion, with Employee Resource Groups and ally communities in place. We have a strong commitment to Anti‑Racism and actively lead by example. Our commitment to Anti‑Racism can be viewed here . If you require reasonable accommodations or adjustments due to a disability to complete the online application or to participate in the interview process, please contact and identify the type of accommodation or assistance you are requesting. Culture Amp will retain your CV & personal information for a period of two years (four years for the US) from the date of your application process completion. Culture Amp may contact you in relation to future job opportunities during this time period. For further information please see our privacy policy or contact #J-18808-Ljbffr