Sr. Security Governance Specialist - Avalara

Avalara is looking for someone to support a growing team building on the security compliance function. You will be reporting to a Manager of Security Compliance and you will work hybrid out of the Durham, NC area. #LI-Hybrid

This role is not eligible for visa sponsorship.*

You will:

• Coordinate security compliance external assessments such as SOC 1, SOC 2, ISO 27001.
• Handle coordination of quality control of assigned compliance controls such as access reviews, change reviews, terminated user analysis.
• Ensure controls are performed by all partners within defined Service level agreements.
• Perform compliance assessments and work with system owners to fix.
• Help enhance Avalara's common controls framework.
• Help collect and migrate control information into Avalara's GRC platform.
• Be the contact for go-to-market related security inquiries.
• Partner with Sales organization to support the sales engagement lifecycle, including customer meetings and customer security inquiries.
• Develop customer-facing security documentation.
• Identify areas for automation and business process improvements.
• Partner with internal and external groups on multiple simultaneous projects.

• Coordination of security compliance external assessments such as SOC 1, SOC 2, ISO 27001.
• Coordination, execution, and quality control of assigned compliance controls such as access reviews, change reviews, terminated user analysis.
• Ensure controls are appropriately performed by all stakeholders within defined SLAs.
• Perform compliance assessments and work closely with system owners to remediate.
• Help enhance Avalara’s common controls framework.
• Assist in collecting and migrating control information into Avalara’s GRC platform.
• Act as a point of contact for go-to-market related security inquiries.

• Partner closely with Sales organization to support the sales engagement lifecycle, including customer meetings and customer security inquiries.

  Develop customer facing security documentation.
• Identify areas for automation and/or business process improvements.
• Work strategically and independently with internal and external groups on multiple simultaneous projects.
• Perform other duties as assigned.

• You have a Bachelor's degree in computer science, or equivalent experience.
• You have 3+ years of security, governance, compliance, or risk management experience, in FinTech or SaaS environment.
• You have 3+ years of professional experience working with ISO 27001, SOC 1, SOC 2, SOX, NIST and other similar frameworks.
• You have experience with global corporate security, risk management, or governance roles
• You have 3+ years working with security governance frameworks, regulatory requirements, and industry best practices (e.g., ISO 27001, NIST, GDPR, CCPA).
• You are familiar with security technologies, GRC tools (eg: ServiceNow), and methodologies.
• You are experienced in security and privacy risk management principles.
• You excel in communicating across multiple partners and customers verbally and in writing.

We’re Avalara. We’re defining the relationship between tax and tech. 

We’ve already built an industry-leading cloud compliance platform, processing nearly 40 billion customer API calls and over 5 million tax returns a year. 

Last year, we became a billion-dollar business, and our tribe expanded by a cool thousand people - there’s nearly 5,000 of us now.  Our growth is real, and we’re not slowing down - not until we’ve achieved our mission - to be part of every transaction in the world.

We’re bright, innovative and disruptive, like the orange we love to wear.  It captures our quirky spirit and optimistic mindset. It shows off the culture we’ve designed, that empowers our people to win. Ownership and achievement go hand in hand here. We instill passion in our people through the trust we place in them.

We’ve been different from day one. Join us, and your career will be too.

EEO Statement

We’re an Equal Opportunity Employer. Supporting diversity and inclusion is a cornerstone of our company — we don’t want people to fit into our culture, but to enrich it. All qualified candidates will receive consideration for employment without regard to race, color, creed, religion, age, gender, national orientation, disability, sexual orientation, US Veteran status, or any other factor protected by law. If you require any reasonable adjustments during the recruitment process, please let us know.