Plaid4 дня назад
Senior Security Analyst, Customer Assurance
Полная занятостьУдалёнка
Обязанности
- 01Lead security contract reviews across customer MSAs, DPAs, security addenda, and security exhibits by identifying unacceptable clauses, forming a clear security position, and providing Legal with actionable feedback they can take directly into negotiations
- 02Design and own the end-to-end Security Contracts program infrastructure, including intake processes, tiered SLAs, security positions runbooks, and handoff protocols with Legal and GTM
- 03Track security contract asks across deals, identify recurring patterns, and determine whether they represent gaps in Plaid’s program or non-standard customer requests
- 04Assess feasibility and propose recommendations to leadership when recurring asks point to program gaps, and codify existing capabilities into standard security addenda where appropriate to reduce future negotiation cycles
- 05Join customer and data partner calls as Plaid’s security subject matter expert, building trust through patient, clear, and collaborative communication
- 06Define KPIs, build dashboards, and deliver regular reporting on program health to Security and GTM leadership, including visibility into deal friction, SLA adherence, and improvement opportunities
- 07Build and scale AI-assisted workflows for security assurance, contract review, questionnaire completion, clause library maintenance, pattern analysis, and reporting
- 08Support customer security questionnaires and external audit calls with customers and data partners, ensuring Plaid presents a consistent and credible security posture across customer-facing assurance activities
Требования
- 016+ years of experience in security assurance, security GRC, security compliance, or a related information security role with meaningful ownership of customer- or partner-facing security workflows
- 02Experience reviewing security provisions in MSAs, DPAs, and security addenda — and translating that expertise into clear positions Legal can take directly into negotiations
- 03Deep familiarity with common security clause types: e.g. incident notification windows, audit rights, encryption requirements, subprocessor obligations, data retention, and penetration testing provisions
- 04Ability to translate a company's security posture and risk appetite into clear, defensible contract positions and hold those positions through multiple negotiation cycles
- 05Experience representing a company's security program directly to customers and financial institution partners on calls — fielding questions about security controls, compliance posture, and contractual obligations
- 06Working knowledge of SOC 2, ISO 27001, NIST CSF, PCI DSS, GLBA, GDPR/CCPA, NIST 800-53, etc.
- 07Deep understanding of what "standard" security contract language looks like in fintech and banking agreements
- 08Prior experience in fintech, payments, or financial services — you understand the security expectations of data partners and regulated entities, and know how to navigate those relationships with the patience and credibility they require
- 09Experience building security assurance programs — designing intake processes, tiered SLAs, escalation paths, and runbooks, not just executing within existing ones
- 10Strong analytical skills: ability to identify patterns across a high volume of security contract asks, track pushback rates and cycle counts, and translate findings into process improvements