Senior Security & Compliance Analyst

  • San Francisco, CA, USA
  • Full-time
  • Department: Engineering

Company Description

Optimizely is the world's leader in customer experience optimization, allowing businesses to dramatically drive up the value of their digital products, commerce and campaigns through its best in class experimentation software platform. By replacing digital guesswork with evidence-based results, Optimizely enables product and marketing professionals to accelerate innovation, lower the risk of new features, and drive up the return on investment from digital by up to 10X. Over 26 of the Fortune 100 companies choose Optimizely to power their global digital experiences. Optimizely’s impressive customer list includes eBay, FOX, IBM, The New York Times and many more global enterprises.

Job Description

In this position, you will join the team that designs and manages programs to fuel Optimizely's rapid expansion in global enterprise markets. Your contributions across organizational boundaries will play a key role throughout the company in growing Optimizely’s security and compliance programs.


  • Perform assessments of security controls and processes to identify gaps and support the implementation of appropriate mitigations
  • Assist with aligning and driving controls implementation to show how they are mitigating information security risk
  • Participate in the development and oversight of required corrective action plans relating to security compliance issues
  • Assist control owners with the preparation and ongoing maintenance of control documentation (e.g., policies, procedures, narratives, and matrices)
  • Help demonstrate Optimizely’s commitment to security within the company and to external parties
  • Monitor, Identify, research, and evaluate new compliance requirements
  • Understand the security requirements of internal and external stakeholders, regulators, and auditors
  • Assist with responding to external requests inquiring about Optimizely's Information Security program including activities like audit management, evidence gathering, scoping, control walkthroughs, etc.
  • Coordinate work assignments with control owners and external auditors
  • Assist with daily compliance activities and functions such as detail status of current assessments, audits, and related activities, creating and maintaining security reports/dashboards, etc.
  • Support customer security questions database and security marketing assets



  • 5+ years of experience at a software company conducting security assessments or audits
  • Knowledge of information security concepts and experience applying them at scale
  • Experience with, and strong understanding of, at least the following security compliance frameworks, controls and best practices: SOC 2, ISO 27001, PCI
  • Bachelor degree in a technical field or similar work experience
  • CISSP certification
  • Prior experience at a Cloud Service Provider or consulting firm is a plus


Additional Information


  • Commuter and transportation benefits
  • Catered in-office lunch and dinner on weekdays
  • Full medical insurance with very low co-pay and deductible. HMO, PPO, and HSA options available
  • Full dental coverage including orthodontics
  • Full vision coverage including contacts
  • Dependents 100% covered for medical, dental, and vision
  • Wellness Grant
  • Unlimited vacation policy and seventeen weeks of paid parental leave
  • 401k benefit
  • Working with a great team and having a huge impact!

At Optimizely, we embody inclusion and embrace diversity.  Optimizely is an equal opportunity employer and makes employment decisions on the basis of merit.  Optimizely prohibits discrimination based on race, color, religion, sex, sexual identity, gender identity, marital status, veteran status, nationality, citizenship, age, disability, medical condition, pregnancy, or any other unlawful consideration. All your information will be kept confidential according to EEO guidelines.

Privacy Policy