Job Description:

DUTIES & RESPONSIBILITIES:

• Collect, organize, and evaluate evidence to support compliance with regulatory frameworks such as PCI, SOC 1, SOC 2, HIPAA, and FedRAMP.

• Serve as a subject matter expert (SME) on compliance frameworks, including NIST, OWASP, and other relevant standards, providing guidance to internal teams.

• Collaborate with internal stakeholders, including control owners, system owners, and business units, to ensure adherence to compliance frameworks and address control weaknesses or noncompliance.

• Support the management and maintenance of the GRC platform (Hyperproof) to track compliance activities, manage evidence, and streamline audit processes.

• Conduct risk assessments and evaluate the effectiveness of existing controls, policies, and processes to meet compliance requirements.

• Develop, implement, and manage privacy programs to ensure adherence to internal policies, regulatory requirements, and industry standards, while closely collaborating with the general counsel, security and legal teams.

• Present compliance findings, risks, and recommendations to stakeholders in a clear, business-friendly manner.

• Assist in coordinating and liaising with external auditors, vendors, and customers during audits and compliance reviews.

• Support penetration testing processes, including evidence collection, evaluation, and remediation tracking.

• Develop, implement, and maintain compliance policies, standards, and procedures to align with organizational and regulatory requirements.

• Monitor and report on compliance and privacy status, control exceptions, and remediation efforts to ensure ongoing adherence to standards.

• Other projects and responsibilities as assigned

Experience

• 5–7 years of experience in compliance, information security, or a related field.

• Bachelor’s degree in a related field or equivalent experience.

Technical Skills

• Proficiency in using a GRC (Specifically Hyperpoof), including evidence collection, control mapping, and audit management.

• Working knowledge of Qualys for vulnerability management and compliance scanning.

• Familiarity with compliance frameworks such as PCI, SOC 1, SOC 2, HIPAA, FedRAMP, NIST, and OWASP.

• Experience with processes including penetration testing, evidence collection and evaluation, risk management, and presenting compliance-related information.

• Knowledge of security tools and processes, including:

  • Endpoint Protection

  • Information Security Governance

  • Security Information and Event Management (SIEM) Software

  • Threat Intelligence Software

  • Incident Response Software

  • Identity Management Software

Other Skills

• Strong analytical and problem-solving skills with a focus on compliance and risk management.

• Ability to prioritize and execute tasks effectively in a high-pressure environment.

• Excellent written, oral, and interpersonal communication skills, with the ability to present complex information in a clear, user-friendly manner.

• Highly self-motivated with strong attention to detail.

• Team-oriented with proven ability to collaborate across departments and with external stakeholders.

About Us:

Momentive Software amplifies the impact of over 30,000 purpose-driven organizations in over 30 countries. Mission–driven organizations and associations rely on the company’s cloud-based software and services to solve their most critical challenges: engage the people they serve, simplify operations, and grow revenue. Built with reliability at the core and strategically focused on events, careers, fundraising, financials, and operations, our solutions suite is bound by a common purpose to serve the organizations that make our communities a better place to live. Learn more at momentivesoftware.com

Why Work Here?

At Momentive Software, we’re a team of passionate problem-solvers, innovators, and volunteers who believe in using technology to make a real difference. We dream big, support each other, and take pride in creating solutions that help our customers drive meaningful change. If you’re looking for a place where your work matters and your ideas are valued, you’ll find it here.

Medical, Dental & Vision Benefits
401(k) Savings Plan & Company Match
Flexible Planned Paid Time Off
Generous Sick Leave
Casual Environment
Purpose-Driven Culture
Work-Life Balance
Passionate About Community Involvement
Company Paid Parental Leave
Company Paid Short Term Disability
Remote Flexibility

Momentive Software actively embraces diversity and equal opportunity in a meaningful way. We are committed to building a team that represents a variety of backgrounds, perspectives, and skills. The more inclusive we are, the better our work will be, which is why we do not discriminate based on race, color, religion, marital status, age, national origin, ancestry, physical or mental disability, medical condition, pregnancy, genetic information, gender, sexual orientation, gender identity or expression, veteran status, or any other status protected under federal, state, or local law.

All persons hired will be required to verify identity, minimum age of 18, eligibility to work in the United States (without sponsorship), and to complete the required employment eligibility verification form upon hire.