Security Analyst at Braze
WHO WE ARE
Braze delivers customer experiences across email, mobile, SMS, and web. Customers, including Burger King, Delivery Hero, HBO Max, Mercari, and Venmo, use the Braze platform to facilitate real-time experiences between brands and consumers in a more authentic and human way. And we do it at scale – each month, hundreds of billions of messages are sent to a network of over 3 billion active users through Braze.
Need more proof? Braze was named a Leader in the Forrester Wave™: Cross-Channel Campaign Management (Independent Platforms), Q3 2021, and was named to the Forbes Cloud 100 list for the fourth consecutive year. The company has also been selected as one of Fortune’s Best Workplace for Millennials in 2021, and was ranked #20 on Fortune’s Best Medium Sized Workplaces in 2021. Braze is certified as a Great Place to Work in the UK and the U.S. and is recognized as one of the UK's Best Workplaces for Women.
WHAT WE'RE LOOKING FOR
We're seeking a Security Analyst to join our NYC-based Security Engineering team to help Braze achieve and maintain authorization and certifications that enable us to be competitive.The GRC team is responsible for audit readiness and risk mitigation across the organization. You will be able to help build compliance programs and make an impact at Braze. As a Security Analyst at Braze, you will be exposed to a wide range of security controls protecting (but not limited to) endpoint infrastructure, modern cloud-based containerized application deployments, and Web applications/API’s. You will work directly on the Security Engineering team, a technical team, exposing you to technical concepts and work, and the ability to have questions answered/evidence procured easily. In addition to helping guide the organization through compliance and risk frameworks, you will be a customer-facing advocate for the Braze security program, interacting with internal pre- and post-sales teams to meet client expectations for compliance, technical controls, policy, and governance.
WHAT YOU'LL DO
- Evaluate security controls on new and existing systems, processes, and technology to ensure the adequacy and the effectiveness and provide value-added recommendations.
- Collaborate with cross-functional teams to gather evidence in support of internal and external audits such as ISO27001, SOC 2, HIPAA, and other compliance frameworks.
- Collaborate to define Information Security requirements and develop/update policies and standards.
- Work with security engineers to implement the enterprise-wide strategy and key initiatives focused on the reduction of technology risk.
- Work with internal pre- and post-sales teams, as well as the Legal and Privacy team, to meet client expectations for compliance, technical controls, policy, and governance.
- Conduct vendor security reviews prior to onboarding.
WHO YOU ARE
- You have at least 2-3 years of formalized experience in compliance or risk in the context of the tech industry.
- You are familiar with ISO 27001, SOC 1 and 2, NIST and other Security frameworks.
- You are able to write policies and procedures that satisfy customer and internal requirements.
- You know how to conduct risk assessments and manage risk across multiple teams and assets.
- You enjoy evangelizing about security and risk to anyone who will listen, be it Braze employees, Braze customers, or contractors.
- You have a background in threat modeling.
WHAT WE OFFER
- Competitive compensation that includes equity
- Generous time off policy to balance your work and life, including paid parental leave
- Competitive medical, dental, and vision coverage for you and your dependents
- Collaborative, transparent, and fun loving office culture
If you are a California resident subject to the California Consumer Privacy Act, click here to understand how Braze processes your personal information and how you can exercise your rights.