# Copy of Senior Security Assurance Analyst

**Company:** [Rippling](https://hotfix.jobs/companies/rippling)
**Location:** San Francisco, CA, Austin, TX, Seattle, WA
**Role:** Security Engineering
**Experience:** 5+ years
**Skills:** ISO 27001, SOC 2, Iso/Iec 42001, Iso/Iec 27018, Csa Star, Cloud Security, Security Policies, Vendor Risk Management, Privacy Regulations, Security Metrics, User Access Management, Security Automation
**Posted:** 2026-06-26

> Support Rippling's security assurance program by managing certifications (ISO 27001, SOC 2, others), conducting vendor due diligence, evolving the ISMS, and handling audit/governance requests. Requires 5+ years in security compliance, deep knowledge of ISO/SOC standards, cloud security, policy management, and strong cross-functional communication.

## Job Description

## What You'll Do
- Support the delivery of Rippling's security assurance program across ISO 27001, SOC 2, ISO/IEC 42001, ISO/IEC 27018 and CSA STAR. This includes coordinating evidence collection across the business, liaising with internal stakeholders and auditors, and ensuring all annual certification and attestation activities are completed efficiently and on schedule.
- Perform security due diligence on new and existing vendors, evaluating the data they process, where it is stored, how it is used, their security and privacy controls, independent certifications (e.g. SOC and ISO), and external security ratings (BitSight) to support informed third-party risk and onboarding decisions.
- Support the evolution of the ISMS by enhancing security policies and standards, maturing the policy lifecycle, and improving governance and review processes across the organization.
- Support internal teams and external stakeholders with ad hoc security assurance requests, including audit evidence, customer due diligence, policy guidance, and broader security governance activities.

## What You Bring
- 5+ years of experience in security compliance roles.
- Exceptional communication skills, enabling effective engagement with internal teams (e.g., engineering, privacy/legal, and product) and external stakeholders.
- In-depth familiarity with information security standards such as ISO 27001 and SOC 2.
- Proficiency in cloud security best practices.
- Experience developing, reviewing, and maintaining information security policies.
- Good understanding of privacy regulations and data handling obligations, with the ability to work effectively alongside legal and privacy teams.

## Nice to Have
- Information security awareness training materials.
- Experience creating meaningful Security Metrics.
- Working knowledge or experience of User access management.
- Experience automating security controls.

## Similar roles

- [Senior Software Engineer](https://hotfix.jobs/jobs/2ad28874-4486-42ff-949a-ec54985c2762) - Snowflake - Bellevue, WA - $200k – $288k/yr
- [Software Security Engineering Manager, Secure Frameworks](https://hotfix.jobs/jobs/26e1ecde-76c2-491f-951c-78e9c075c076) - Anthropic - San Francisco, CA - $405k – $485k/yr
- [Founding Security Engineer](https://hotfix.jobs/jobs/6deb6526-e0c3-42a9-9c29-360c4354d869) - Forus - New York, NY
- [Manager, Supply Chain Protection & Loss Intelligence](https://hotfix.jobs/jobs/9e3a84ce-58cf-480f-bf1d-6fefa2cf89bf) - Flexport - Miami, FL
- [Physical Security Manager](https://hotfix.jobs/jobs/053f4772-7be2-438c-b890-e7752ae44a12) - Crusoe - Dallas, TX

**Apply:** https://hotfix.jobs/jobs/4bc8581a-c43e-4215-8f78-456b5ccb8b94
**Canonical:** https://hotfix.jobs/jobs/4bc8581a-c43e-4215-8f78-456b5ccb8b94