OUR VISION: THE WORLD. SUBSCRIBED.

Customers have changed. They’re looking for new ways to engage with businesses. Consumers today have a new set of expectations. They want outcomes, not ownership. Customization, not generalization. Constant improvement, not planned obsolescence.  

In the old world (let’s call it the Product Economy) it was all about things. Acquiring new customers, shipping commodities, billing for one-time transactions. But in today’s new era, it’s all about relationships. More and more customers are becoming subscribers because subscription experiences built around services meet consumers’ needs better than the static offerings or a single product.

Our vision is “The World Subscribed” where one day every company will be a part of the Subscription Economy® (a phrase coined by our CEO, Tien Tzuo and author of the best selling book Subscribed).

YOUR MISSION:

The role of a Compliance Engineer is to work with our Trust and Compliance team to:            

• Drive security compliance efforts from the beginning to the end by maintaining a positive relationship with both internal and external stakeholders
• Maintain compliance documentation, including audit evidence, controls, and vendor security reviews
• Design, implement, maintain, and improve programs to address key company risks and prepare internal teams for independent assessments against a wide variety of regulatory and compliance frameworks (PCI, SOC, ISO 27XXX, HIPAA, GDPR, etc) 
• Monitor the performance of the compliance program through the development of and maintenance of automated systems.
• Work with cross functional teams to identify risks and gaps in our compliance controls and facilitate remediation across our products and infrastructure.
• Assist with completing security questionnaires from customers and answering customer questions with respect to compliance; work with the internals team to create customer collateral to educate internal staff and aid in the sales process
• Assist with requesting/reviewing security questionnaires/contracts from vendors and identify security risks and gaps in the compliance controls to aid in the procurement process
• Develop automations of risk management, control execution and monitoring

WHAT YOU’LL NEED TO BE SUCCESSFUL

• 5+ years of experience with a demonstrated track record of success in GRC, internal audit, security, and/or privacy space.  
• Knowledge of various compliance frameworks (PCI, SOC2, ISO 27001, ISO 27018, HIPAA, GDPR, etc.) 
• Strong experience with any scripting languages like Ruby, Python, Unix shell, bash, etc.
• Functional knowledge of multiple security domains and information security industry standards and best practices
• Experience leading 3rd party risk management programs, including responding to customer security questionnaires, interacting directly with customer sales and security teams, and reviewing vendor security
• Solid experience managing compliance initiatives for cloud platforms and interacting with external auditors
• Strong project management skills 
• Strong written and verbal communication skills

NICE TO HAVEs

• A mix of experiences at a Big Four (or similar) audit or consulting firm and at an in-house governance, risk, and compliance function at a SaaS company

ABOUT ZUORA & OUR “ZEO” CULTURE

Zuora (NYSE: ZUO) Zuora provides the leading cloud-based subscription management platform that functions as a system of record for subscription businesses across all industries. Powering the Subscription Economy®, the Zuora platform was architected specifically for dynamic, recurring subscription business models and acts as an intelligent subscription management hub that automates and orchestrates the entire subscription order-to-revenue process seamlessly across billing and revenue recognition. Zuora serves more than 1,000 companies around the world, including Box, Ford, Penske Media Corporation, Schneider Electric, Siemens, Xplornet, and Zoom.