What is Calendly?
Calendly takes the work out of scheduling so our customers have more time to work on what’s really important. Our software is used by millions of people worldwide—with thousands more signing up every day. To maintain this exciting growth, we’re looking for top talent to join our team and help shape the future of our product.
Why join Calendly’s Security & Compliance team?
Calendly is looking for a Compliance Analyst to join our fast growing Security and Compliance team. This is a GRC role, and this person will report to the Associate General Counsel as well as work closely with the Head of Information Security and alongside multiple departments. This role will provide internal support for Calendly’s Security, Privacy, and Compliance policies, as well as, auditing and testing programs, and other key Compliance and Privacy initiatives. Our ideal candidate will be comfortable in a fast-paced startup environment.
What are some of the high impact opportunities you’ll tackle?
- Stay ahead of the global threat, compliance, and privacy landscape and the technologies used to defend Calendly’s corporate assets
- Track the latest technical security, compliance, and privacy innovations and stay up to date with the latest cyber security and compliance technologies
- Identify areas of opportunity; drive change projects; and build new capabilities that support a secure and compliant environment
- Effectively communicate and educate Calendly employees from all functions on the purpose and vision of our security, compliance, and privacy strategies
- Work with leaders across all departments to help navigate through security control compliance standards and privacy by design (such as SOC2, GDPR, and CCPA)
- Respond to and help build efficient processes around security, legal, and privacy related requests, data subject requests, contracts, and questionnaires from existing customers and prospects
- Create and implement a strategy for the development of compliance and privacy technologies, policies, and practices to secure protected and sensitive data while ensuring information security and compliance with applicable regulations
- Write and test internal Security, Privacy, and Compliance related whitepapers, policies, and procedures
- Advise senior leadership by identifying critical privacy and Compliance issues and recommending risk-reduction solutions
- Liaise with outside parties during third party audits, privacy risk assessments, and DPIAs.
- Participate and represent Calendly in Security and Compliance related inquiries from prospective customers and vendors
- Work with Engineering on developing a processes for DPIA, privacy, and compliance assessments
- Develop and roll out practical, effective internal training programs around Security, Privacy, and Compliance across the company
- Collaborate with Marketing on how to best share Calendly Security, Privacy, and Compliance policies externally
This opportunity is for you if you have/are:
- Been a key member in a compliance program for a SaaS company in frameworks such as SOC2, HIPAA, GDPR, PCI, ISO 27001
- Minimum of 5 years of experience in a combination of Privacy Compliance, Risk management, Information Security, and Information Technology fields
- Minimum of 8 years of related work experience in a fast-paced SaaS company environment
- Able to communicate and collaborate with leadership as the subject matter expert in Privacy and Compliance, while putting threats and incidents into business context
- Significant experience in developing Privacy, Compliance, and Information Security policies and procedures, as well as successfully executing programs that meet the objectives of the business
- Extensive experience in dealing with internal/external auditors
- Ability to create effective, practical, and ethical policies and procedures that address compliance controls
- Self-driven and high attention to detail
- Familiarity with SaaS, PaaS, IaaS providers and their impact and challenges from a compliance perspective
- Fantastic written and verbal communication skills
- Ability to operate in and maintain a fast pace and cadence
- Authorized to work lawfully in the United States of America as Calendly does not engage in immigration sponsorship at this time
- CIPP, CISM, NCSF, CCSP, CISSP, or CISA certifications
- Extensive knowledge of GRC best practices for SaaS organizations
- Familiarity with security standards (SOC 2, ISO 27001, HITRUST, and NIST 800) as well as privacy laws (CCPA and GDPR)
Calendly is registered as an employer in many, but not all, states. If you are not located in or able to work from a state where Calendly is registered, you will not be eligible for employment.