Senior Security Assurance Analyst in San Francisco, California at Rippling
Explore Related Opportunities
Job Description
Rippling gives businesses one place to run HR, IT, and Finance. It brings together all of the workforce systems that are normally scattered across a company, like payroll, expenses, benefits, and computers. For the first time ever, you can manage and automate every part of the employee lifecycle in a single system.
Take onboarding, for example. With Rippling, you can hire a new employee anywhere in the world and set up their payroll, corporate card, computer, benefits, and even third-party apps like Slack and Microsoft 365—all within 90 seconds.
Based in San Francisco, CA, Rippling has raised $1.4B+ from the world’s top investors—including Kleiner Perkins, Founders Fund, Sequoia, Greenoaks, and Bedrock—and was named one of America's best startup employers by Forbes.
We prioritize candidate safety. Please be aware that all official communication will only be sent from @Rippling.com addresses.
About the Role
Join Rippling's Security Assurance team and help demonstrate the trust our customers place in us every day. You'll play a key role in delivering internationally recognized security certifications and attestations, supporting regulatory obligations, and partnering across the business to strengthen our security assurance program.
At Ripping, we are on an exciting growth journey, and our Security team is at the forefront of this transformation. We are committed to our mission of protecting our company's assets and data, and we need individuals who share this passion.
The Security Assurance team is responsible for delivering Rippling's security assurance programmes and supporting compliance with technology and security regulatory requirements. Through internationally recognised certifications, attestations, and effective governance, the team helps maintain a strong security posture, meet regulatory obligations, and build customer trust.
Ideal candidate:
A self-motivated, experienced professional who thrives with autonomy, takes ownership of their work, and executes with minimal oversight. A collaborative team player and strong communicator, capable of building relationships and driving outcomes across technical and business teams.
- Support the delivery of Rippling's security assurance program across ISO 27001, SOC 2, ISO/IEC 42001, ISO/IEC 27018 and CSA STAR. The successful candidate will have experience supporting these certifications and attestation, coordinating evidence collection across the business, liaising with internal stakeholders and auditors, and helping ensure all annual certification and attestation activities are completed efficiently and on schedule.
- Vendor Management (Security Assurance): Perform security due diligence on new and existing vendors, evaluating the data they process, where it is stored, how it is used, their security and privacy controls, independent certifications (e.g. SOC and ISO), and external security ratings (BitSight) to support informed third-party risk and onboarding decisions.
- Support the evolution of the ISMS by enhancing security policies and standards, maturing the policy lifecycle, and improving governance and review processes across the organization.
- Support internal teams and external stakeholders with ad hoc security assurance requests, including audit evidence, customer due diligence, policy guidance, and broader security governance activities.
- 5+ years of experience in security compliance roles, with exceptional communication skills, enabling you to effectively engage with internal teams (e.g., engineering, privacy/legal, and product, etc.) and external stakeholders.
- In-depth familiarity with information security standards such as ISO 27001 and SOC 2.
- Proficiency in cloud security best practices, ensuring our cloud infrastructure remains secure and compliant.
- Experience developing, reviewing, and maintaining information security policies
- Good understanding of privacy regulations and data handling obligations, with the ability to work effectively alongside legal and privacy teams.
- Information security awareness training materials
- Experience creating meaningful Security Metrics
- Working knowledge or experience of User access management
- Experience automating security controls
Rippling is an equal opportunity employer. We are committed to building a diverse and inclusive workforce and do not discriminate based on race, religion, color, national origin, ancestry, physical disability, mental disability, medical condition, genetic information, marital status, sex, gender, gender identity, gender expression, age, sexual orientation, veteran or military status, or any other legally protected characteristics, Rippling is committed to providing reasonable accommodations for candidates with disabilities who need assistance during the hiring process. To request a reasonable accommodation, please email accomodations@rippling.com
Rippling highly values having employees working in-office to foster a collaborative work environment and company culture. For office-based employees (employees who live within a defined radius of a Rippling office), Rippling considers working in the office, at least three days a week under current policy, to be an essential function of the employee's role.
This role will receive a competitive salary + benefits + equity. The salary for US-based employees will be aligned with one of the ranges below based on location; see which tier applies to your location here.
A variety of factors are considered when determining someone’s compensation–including a candidate’s professional background, experience, and location. Final offer amounts may vary from the amounts listed below.
The pay range for this role is:
132,000 - 220,000 USD per year(US Tier 1)
118,800 - 198,000 USD per year(US Tier 2)