Benchling
Security Compliance Analyst
Job Description
Biotechnology is rewriting life as we know it, from the medicines we take, to the crops we grow, the materials we wear, and the household goods that we rely on every day. But moving at the new speed of science requires better technology.
Benchling’s mission is to unlock the power of biotechnology. The world’s most innovative biotech companies use Benchling’s R&D Cloud to power the development of breakthrough products and accelerate time to milestone and market.
Come help us bring modern software to modern science.
ROLE OVERVIEW
As a Security Compliance Analyst at Benchling, you will be joining a team responsible for supporting the security program and safeguarding highly sensitive scientific research and development data. You will collaborate with engineers and auditors to ensure that we can effectively meet our security compliance controls as well as enhance our overall program. We're looking for candidates who are excited to apply their skills to building and maintaining security compliance programs that will scale with Benchling to meet our internal and external objectives.
RESPONSIBILITIES
- Maintain comprehensive compliance programs for SOC 2 Type 2, ISO 27001/17/18 (or relevant ISO standards), and other applicable security frameworks.
- Conduct regular risk assessments and internal audits to identify compliance gaps and recommend remediation measures.
- Manage the end-to-end process for external audits, including coordinating with auditors, providing necessary documentation, and tracking remediation efforts.
- Develop and maintain comprehensive documentation, including ISMS policies, procedures and controls descriptions
- Act as a liaison between internal teams and external auditors or customers.
- Monitor changes in regulatory requirements and industry standards, and ensure the organization’s compliance programs are updated accordingly.
- Serve as the subject matter expert for security and security compliance-related inquiries in customer RFPs and security questionnaires.
- Work closely with cross-functional teams, including engineering, business technology, legal and human resources, to ensure compliance requirements are integrated into key business processes.
- Monitor and report on key compliance metrics and relevant compliance remediation efforts
- Maintain a third-party risk management program, including vendor risk assessments, due diligence, and ongoing monitoring.
- Contribute to the development and implementation of security awareness programs.
QUALIFICATIONS
- 3-5 years of experience in Security Compliance or a related role, with exposure to various security tools and technologies.
- Minimum 3+ years leading industry standard (ISO 27001, SOC 2) security audits from either side
- Strong knowledge of applicable privacy laws (CCPA/GDPR)
- Strong knowledge of security frameworks and standards including NIST, ISO 27001, and SOC 2.
- Experience with GRC tools such as Drata, Hyperproof, or Anecdotes.
- Experience working in a cloud-based environment (i.e AWS, Azure, GCP)
- A collaborative mindset with the ability to work cross-functionally with other teams, including software and infrastructure engineering.
- Strong communication skills, with the ability to articulate security compliance issues and solutions to both technical and non-technical audiences.
HOW WE WORK
Flexible Hybrid Work: We offer a flexible hybrid work arrangement that prioritizes in-office collaboration. Employees are expected to be on-site 3 days per week.
SALARY RANGE
Benchling takes a market-based approach to pay. The candidate's starting pay will be determined based on job-related skills, experience, qualifications, interview performance, and work location. For this role the base salary range is $114,000 – $150,000.
To help you determine which zone applies to your location, please see this resource. If you have questions regarding a specific location's zone designation, please contact a recruiter for additional information.
Total Compensation includes the following:
- Competitive total rewards package
- Broad range of medical, dental, and vision plans for employees and their dependents
- Fertility healthcare and family-forming benefits
- Four months of fully paid parental leave
- 401(k) + Employer Match
- Commuter benefits for in-office employees and a generous home office set up stipend for remote employees
- Mental health benefits, including therapy and coaching, for employees and their dependents
- Monthly Wellness stipend
- Learning and development stipend
- Generous and flexible vacation
- Company-wide Winter holiday shutdown
- Sabbaticals for 5-year and 10-year anniversaries
#LI-Hybrid
#BI-Hybrid
#LI-EN1
Benchling welcomes everyone.
We believe diversity enriches our team so we hire people with a wide range of identities, backgrounds, and experiences. We are an equal opportunity employer. That means we don’t discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. We also consider for employment qualified applicants with arrest and conviction records, consistent with applicable federal, state and local law, including but not limited to the San Francisco Fair Chance Ordinance.
Please be aware that Benchling will never request personal information, payment, or sensitive details outside of Greenhouse or via email. All official communications will come from an @benchling.com email address or from an approved vendor alias. If you are contacted by someone claiming to represent Benchling and are unsure of their legitimacy, please reach out to us at [email protected] to verify the communication.