Asana is hiring a

Senior Analyst, Security Risk and Compliance

San Francisco, United States

We are looking for an experienced Security Risk and Compliance professional to help build and operate our Security Risk and Compliance program. You will be a key member of the security team that is part of Asana’s world-class engineering organization and will be responsible for protecting Asana and its users. You will collaborate closely with Legal, Finance, Business, and Engineering teams to implement security safeguards, manage security risk, and build and maintain trust with our customers and users. 


What you’ll achieve

  • Own and manage the third party risk management program by leading vendor due diligence reviews and performing ongoing monitoring of vendors
  • Manage Asana’s risk register and ensure that risks are assessed, monitored, and prioritized
  • Lead internal and external compliance assessments of our security program and partner with external auditors and internal stakeholders
  • Lead risk assessments to identify security risks across business functions, products, and systems
  • Maintain a common controls framework that aligns with applicable security standards and regulations
  • Develop and maintain security documentation including policies, procedures, and security white papers
  • Partner with sales and legal teams to build and maintain customer trust


About you

  • 4+ years in security compliance, risk management, IT audit, or information security assurance
  • Experience leading internal or external security audits and assessments
  • Familiar with SOC 2, ISO 27001, CIS Controls, NIST CSF, or PCI DSS standards
  • Excellent leadership, interpersonal, verbal and written communication, presentation, and problem solving skills
  • Strong cross-functional team program management abilities, including managing multiple assessments concurrently with different stakeholders and timelines
  • Track record of taking initiative, having the ability to work independently, and be comfortable thriving in ambiguity


About us

At Asana, we're building a better way to work, fueled by transparency, inclusion, and technology that is a force for positive change. Asana is a work management platform that helps teams orchestrate their work, from daily tasks to strategic initiatives, so they can move faster and accomplish more with less. For the past 5 years, we've been named a top workplace, including top 10 Great Place to Work Best Small & Medium Workplaces, #1 Fortune Best Workplace in the Bay Area for four years in a row, #8 Fortune Best Workplaces for Women, #14 Glassdoor Best Place to Work, and one of Ireland's Best Workplaces. With offices all over the world, we are always looking for curious, collaborative, and mission-driven people to help us enable the world’s teams to work together effortlessly.

We believe in supporting people to do their best work and thrive, and building a diverse, equitable, and inclusive company is core to our mission. Our goal is to ensure that Asana upholds an inclusive environment where all people feel that they are equally respected and valued, whether they are applying for an open position or working at the company. We welcome applicants of any educational background, gender identity and expression, sexual orientation, religion, ethnicity, age, citizenship, socioeconomic status, disability, and veteran status.

Looking for a job?

Senior Analyst, Security Risk and Compliance at Asana looks great, right? We have dozens of similar job posts on our site, interested? Leave your email and we'll send the best matches.