Employment Type: Full-Time
The OpportunityThe Compliance Analyst role is part of the Enterprise Risk Management (ERM) Team and will be responsible for supporting Rodan and Fields' ongoing compliance efforts (PCI DSS, Sox, GDPR, CCPA), working collaboratively to manage risk within the organization, and shaping the information security program through documentation and evaluation of security controls within R+F and external 3rd parties. This role works closely with the ERM, IT Operations, Legal and other teams from across the organization to help ensure R+F and customer data is secure and controls meet compliance standards.Responsibilities:* Coordinate and support internal and external audits with auditors, control owners, and appropriate R+F management* Analyze control testing and audit results and provide guidance to relevant stakeholders on addressing issues and mitigating risk* Oversee ongoing compliance maintenance activities and documentation between audits* Produce weekly, monthly and quarterly compliance and status reports for audits and remediation efforts* Provide subject matter expertise and consulting with project and IT operational teams to assist them in aligning their activities with security policies and regulatory requirements* Perform security assessments of third-party service providers; report findings and oversee any necessary remediation efforts* Support security awareness program to ensure R+F staff have adequate security knowledge to perform their duties in alignment with security policies and best practices* Support the incident response and architecture review processes when compliance and security expertise is needed* Support security tool deployments to ensure they meet regulatory requirements and appropriately manage security risk* Analyze output from network and application security scans, advise support teams on managing security vulnerabilities, and recommend prevention / mitigation strategies* Maintain security policies and standards supporting leading security practicesQualifications:* 5-7 years working in information security, information risk management and/or security compliance* Experience with security and compliance frameworks such as NIST CSF, ISO27001, SOC2* Direct experience with performing and/or managing regulatory audits including PCI, Sox, Data Privacy (e.g., GDPR, CCPA)* Extensive experience with performing audit testing, recommending corrective action, and working with stakeholders to oversee remediation* Demonstrated experience using and managing audits using a GRC tool; experience with ACL or Galvanize a plus* Experience working with stakeholders to identify and resolve security concerns in IT operational areas such as Network and Infrastructure Support, Desktop Support, Systems Development, Application Support, Enterprise Architecture, DevOps. Understanding of cloud security and principles* Demonstrated knowledge of how to apply all the principles listed above to a cloud-based computing environment* Demonstrated experience developing security policies, procedures* Demonstrated experience reporting security related issues/concerns to executive management* Organized, responsive, and able to manage multiple concurrent projects* Ability to work efficiently and independently in a remote, fast-paced work environment* A Bachelor's Degree in Computer Information Systems, Information Security or related fieldThe CompanyRodan + Fields was founded in 2000 by Stanford-trained dermatologists Dr. Katie Rodan and Dr. Kathy Fields with a passion for giving people the best skin of their lives - and the confidence that comes with it. With effective products, a unique business model and a powerful community of Independent Consultants, Rodan + Fields has disrupted the skincare category to become a leading skincare brand in North America. The company has grown its innovative line of products and expanded into Canada, Australia and Japan. Headquartered in San Francisco, CA, R+F now employs 500+ people, has more than 300,000 enrolled Independent Consultants and over two million Preferred Customers.At Rodan + Fields, you will be challenged to make an impact, inspired to do more, and rewarded for your contributions. We are transforming skincare, and we welcome your big ideas to fuel our ambitious growth plans! If you are looking for a life-changing career opportunity, we've got your prescription. You'll become part of a positive, passionate movement that celebrates greatness and encourages employees to be catalysts for change. We provide a creative, vibrant workplace outfitted with all of the technology, tools and training you'll need to learn, grow and thrive! We create life-changing impact in our communities through our non-profit, Prescription for Change®, the heart of Rodan + Fields. By funding empowerment programs for students, we teach them how to use their skills to make life-changing differences in their lives and the lives of others. Join us and share your talents as we develop innovative solutions for your skin and empower entrepreneurs. In addition to working arm-in-arm with industry leaders, employees at Rodan + Fields enjoy rich benefits plans and perks.Rodan + Fields is an equal opportunity employer that champions diversity, inclusion and equality for all. We do not discriminate on the basis of race, religion, color, national origin, ancestry, citizenship, gender, gender identity, sexual orientation, age, marital status, military/veteran status, or disability status.We welcome employees to be their true, authentic selves, without exception and believe individual differences add value to our team. Join our team; we know it will be a life- changing experience!Regarding COVID-19With the spread of COVID-19 globally, our Bay Area offices will remain closed until further notice with the exception of phase 1 employees that require access to hardware and lab equipment.Our primary concern is for the health and well-being of our employees as well as candidates. We have transitioned all interviews and new hire onboarding to be conducted virtually via Zoom video conferencing.