XTN-B303342 | COMPLIANCE ANALYST

As a Compliance Analyst, you will be a critical part of Figma's efforts to collect evidence for audits and assessments from various stakeholders and control owners. As a member of the broader GRC (Governance, Risk, and Compliance) team, the ideal candidate will be detail-oriented, a self-starter who can work independently, and meet deadlines in a fast-paced environment. This role will report to the GRC Manager.

Figma is growing our team of passionate people on a mission to make design accessible to all. Born on the Web, Figma helps entire product teams brainstorm, create, test, and ship better designs, together. From great products to long-lasting companies, we believe that nothing great is made alone—come make with us!

Security Documentation (20%)

Attention to detail for meticulous documentation of security controls, risk assessments, and compliance measures is crucial. Accurate and comprehensive documentation ensures transparency and compliance with regulatory requirements.

Collaborate and Automate (25%)

Collaboration is key in a team environment, and the ability to work effectively with cross-functional teams is highly valuable. Automation skills also play a significant role, streamlining processes, and improving efficiency in compliance and security measures.

Continuous Monitoring (30%)

Continuous monitoring is a fundamental aspect of maintaining security postures. Regularly assessing and updating security controls and monitoring for vulnerabilities contribute significantly to maintaining compliance and addressing emerging threats.

User Management (15%)

Managing user access, privileges, and authentication processes is critical for maintaining a secure environment. Compliance often involves strict controls over user management to prevent unauthorized access and ensure data integrity.

Strategic Growth (10%)

While not as immediately tied to day-to-day tasks, the ability to contribute to strategic growth by identifying opportunities for improvement, staying updated on industry trends, and providing insights into future security requirements is valuable for the long-term success of the team.

• Maintain existing Security Compliance Certifications and Frameworks (i.e. SOC 2 Type II, ISO 27001)

   

• Serve as a subject matter expert for applicable compliance standards and be a valued partner to the business and engineering teams in the implementation of the standards

• Gap assess new in-scope tools and new hosting regions/environments against existing controls and processes

• Help drive and improve Annual Operational Activities (i.e. Quarterly Privileged User Access Reviews)

• Implement and mature controls that scale and do not burden teams

• Refine Figma’s Controls through control rationalization efforts

• Configure compliance automation tooling to help achieve continuous monitoring and automated evidence collection for external audits

• Communicate progress, escalations, and issue resolution to management and team stakeholders

• Align changes made to existing controls and processes to the Information Security and Data Privacy Policies

• 3+ years of security compliance or IT compliance experience

• Worked with multiple security compliance frameworks (i.e. ISO 27001, SOC 2, and NIST)

• Familiarity with cloud computing/architecture such as AWS

• Conducted compliance gap assessments and worked cross-functionally to remediate any identified issues

• Led or supported external audits

While it’s not required, it’s an added plus if you also have:

• Planned, coordinated, and prioritized multiple sophisticated projects to completion

• Experience with control rationalization and drafting control narratives
• Demonstrated experience establishing work relationships across multi-disciplinary teams (including Security, Engineering, Legal, IT, and HR)