ActiveCampaign's category-defining Customer Experience Automation Platform (CXA) helps over 150,000 businesses in 170 countries meaningfully engage with their customers. The platform gives businesses of all sizes access to 500+ pre-built automations that combine email marketing, marketing automation and CRM for powerful segmentation and personalization across social, email, messaging, chat and text. Over 100,000 of ActiveCampaign's customers use its 850+ integrations including Microsoft, Shopify, Square, Facebook, and Salesforce. ActiveCampaign scores higher in customer satisfaction than any other solution in Marketing Automation, CRM, and E-Commerce Personalization on G2.com and is the Top Rated Email Marketing Software on TrustRadius. Pricing starts at just $9/month. Start a free trial at ActiveCampaign.com.

As a global multicultural company, we are proud of our inclusive culture which embraces diverse voices, backgrounds, and perspectives. We don’t just celebrate our differences, we believe our diversity is what empowers our innovation and success. If this matches your goals and interests, we hope you consider joining our team!

As one of the fastest-growing SaaS companies, we are scaling rapidly to keep up with market demand. We are growing all of our teams and looking for people who share our values, deliver innovation frequently, and join us in our mission to grow our customer base from 150,000 today to millions.

We are growing and we are growing fast. Because of this amazing growth, we are now seeking an Information Compliance & Risk Analyst to contribute to the development and growth of our risk management and compliance program. This individual will be responsible for supporting the implementation of a global risk and compliance security program at a high growth, fast paced company. 

This position serves as an internal information compliance and risk analyst that will assist with designing, implementing, supporting and maintaining of policies and security solutions to support ActiveCampaign’s SOC2, ISO 27001 and security program within a SaaS application environment. Must be to self-manage with multiple high priority initiatives. 

What your day could consist of:

• Assists and supports the ISMS program at an enterprise level, including the design, development and implementation of policies and procedures
• Works within the Engineering teams to internally audit and collect evidence for implemented security controls
• Responsible for working with Customer Success resources to assist with information security questionnaires and RFI’s for customers, partners and vendors
• Support and utilization of a security and compliance knowledge base, utilized to respond to information security questionnaires and RFI’s
• Supports the preparation of metrics on the effectiveness of the compliance programs, including implementation KPIs for initiatives
• Supports the ISO 27001 certification and SOC2 / Type 2 program, working as an internal and in support of external audits
• Participates as a member of the Incident Response Team (IRT) to assist with oversight as it relates to the ISMS and SOC2 programs
• Supports third party pen testing, vulnerability monitoring, security audits, and risk assessments
• Audits and regularly evaluates company performance for compliance to information security standards
• Participates in the operational risk board and maintains the risk registry
• Performs additional duties as required
• Assists with the development, rollout and delivery of security awareness training
• Works with the Procurement team to perform security related risk assessments within the supplier relationship management program
• Works with Legal new regulations and participates in discussions regarding new compliance needs

What is needed:

• BS in Computer Science, Information Systems, IT or equivalent experience
• 2+ years’ experience within an information technology/security role supporting cloud-based solutions
• Excellent written and verbal communication skills for effective interaction with team members, customers, partners, and auditors
• Experience with ISMS governance models (such as NIST), information security roles, and creating and implementing security controls (ISO, ITIL, NIST, PCI, and SOC)
• Strong risk management and auditing experience
• Experience with data privacy regulations such as GDPR and Privacy Shield
• Certification CISSP, CISA, CISM, CompTIA, GSEC, CEH, or similar certification relating to information security preferred
• Experience defining, driving, and executing a program vision with clear milestones

ActiveCampaign is an employee-first culture. We take care of our employees at work and outside of work. You can see more of the details here, but some of our most popular benefits include our comprehensive health and wellness benefits (including no premiums for employees on our HSA plan, tele-health and tele-mental health, and access to the Calm app for meditation), open paid time off, generous 401(k) matching with no vesting, a generous stipend to outfit your remote office, and a focus on career growth including access to personal and professional coaching. We take a proactive approach to diversity and inclusion and offer parental leave, career pathing, and support employees’ ongoing learning and development through Udemy and access to life coaches via Modern Health. We also offer cool swag.

ActiveCampaign is an equal opportunity employer. We recruit, hire, pay, grow and promote no matter of gender, race, color, sexual orientation, religion, age, protected veteran status, physical and mental abilities, or any other identities protected by law.

Our Employee Resource Groups (ERGs) strive to foster a diverse inclusive environment by supporting each other, building a strong sense of belonging, and creating opportunities for mentorship and professional growth for their members. 

Start with trust

Make the customer a hero

Cultivate inclusion & diversity

Iterate everything, always

Create WOW

Pursue growth with gratitude

Visit here to learn about perks and benefits at ActiveCampaign and see our values in action.

#BI-Remote