Figma is growing our team of passionate people on a mission to make design accessible to all. Born on the Web, Figma helps entire product teams brainstorm, create, test, and ship better designs, together. From great products to long-lasting companies, we believe that nothing great is made alone—come make with us!

As a Security Compliance Manager at Figma, you will help the Commercial Security Compliance team manage and improve existing Compliance Certification/Framework programs, while also developing customer-facing collateral to enable our Sales teams in closing deals from a security compliance perspective. This is an excellent opportunity to drive efficiencies, reduce process friction, and strategically scale our compliance programs to support a hyper growth company.

What you’ll do at Figma:

  • Refresh and maintain customer-facing trust tooling (i.e. Conveyor, CyberGRX, SecurityPal) with the most up-to-date information about our Security Compliance program
  • Develop customer-facing security compliance collateral (i.e. white-papers, architecture diagrams, CAIQ/SIG)
  • Work with sales on customer security due diligence, including security questionnaires, and resolve current or prospective compliance requests
  • Set a vision and strategy for a customer audit program to help facilitate and streamline customer audits
  • Maintain existing Security Compliance Certifications and Frameworks (i.e. SOC 2 Type II, ISO 27001)
  • Serve as a subject matter authority for applicable compliance standards and be a valued partner to the business and engineering teams in the implementation of the standards
  • Gap assess new in-scope tools and new hosting regions/environments against existing controls and processes
  • Help drive and improve Annual Operational Activities (i.e. Quarterly Privileged User Access Reviews)
  • Refine Figma’s Common Control Framework through control rationalization efforts
  • Configure compliance automation tooling to help achieve continuous monitoring and automated evidence collection for external audits
  • Align changes made to existing controls and processes to the Information Security and Data Privacy Policies

We’d love to hear from you if you have:

  • 3+ years of security compliance or IT compliance experience
  • Experience working with various security compliance frameworks (i.e. ISO 27001, SOC 2, NIST)
  • Experience conducting compliance gap assessments and working cross-functionally to remediate any identified issues
  • Experience leading or supporting external audits
  • Experience dealing with customer security questionnaires and building helpful compliance-related sales materials
  • Experience planning, coordinating, and prioritizing multiple sophisticated projects to completion
  • Experience writing and improving security and data privacy policies
  • Experience with control rationalization and drafting control narratives
  • Experience establishing work relationships across multi-disciplinary teams (i.e. Security, Engineering, Legal, IT, HR, etc.)
Job Overview
Job alerts

Subscribe to our weekly job alerts below and never miss the latest jobs

Sign in

Sign Up

Forgotten Password

Job Quick Search