Formstack improves people’s lives with practical solutions to their everyday work. We are looking for the next Stacker to help us accomplish this mission.

Formstack is a remote-first company with team members who live and work across the U.S., Canada, and the globe. We offer more than just a job; we provide a community where you can learn, grow, and thrive your way. Join a dynamic and diverse team that values relationships as much as results. Come build what matters with Formstack.

Who You Are

We are seeking a motivated Trust & Compliance Analyst with a solid foundation in information security and compliance frameworks to join our growing team. This role is ideal for a self-motivated individual with a technical background and a keen interest in the fields of software customer trust, compliance, and information security. The role involves analyzing, communicating, and improving our risk environment and system of controls, with a focus on alignment against key control frameworks and standards such as NIST 800-53, Trust Services Criteria, PCI-DSS 4.0, HIPAA, ISO 27017, and ISO 27701. The successful candidate will play a crucial role in reporting on control health, maturity, residual risk, and remediation status and will collaborate across teams to enhance our compliance posture.

What You Will Do

Understand, analyze, and report on the company's risk environment, system of controls, control health, maturity, residual risk, and remediation status.

Operate and contribute to the processes assessing alignment against key control frameworks and assurance standards, evangelizing their importance across the organization.

Maintain and continuously improve Trust Center content to support customer self-serve enablement and contribute to the creation and update of pre-filled questionnaires.

Facilitate and support periodic security reviews for vendors and system access, reporting on review status, deviations, and remediation efforts.

Collaborate with internal teams to maintain effective security testing, reporting, and remediation practices, including static and dynamic security testing and network penetration testing.

Engage in professional development opportunities, including completing specific product onboarding, security training, and certifications.

What We Are Looking For

Proactive self-starter with a strong technical aptitude and excellent problem-solving skills.

Exceptional written and verbal communication skills, with a keen attention to detail.

Demonstrated ability to manage projects and tasks with minimal supervision, delivering results in a fast-paced environment.

Strong collaborative spirit, with the ability to work effectively across various teams and departments.

A history of self-managed results showcasing a commitment to continuous learning and improvement.

Bachelor’s degree in Information Security, Computer Science, or a related field, or equivalent experience.

Familiarity with security, tech, or engineering disciplines through diplomas, certifications, or relevant work experience.

2-4 years of experience in information security, compliance, or a related field in a healthcare SaaS environment, with a solid understanding of compliance frameworks and standards.

Experience with Python, Bash, Ruby, or other scripting languages; familiarity with artificial intelligence, data analytics, cloud technologies, and IT operations.

Relevant certifications (e.g., CCSK, CISM, CISA, CISSP) are highly desirable.

An understanding of, or experience with, relevant security frameworks and standards.

Must be fluent in written and spoken English

Bonus Points

A strong research background or contributions to security and tech communities (e.g., meetups, online forums, publications, open source projects).

Experience working on a software or DevOps team, including internships, co-op placements, or open-source projects.

Any additional certifications or training relevant to information security, such as CSA CCSK Plus or Portswigger Web Security Academy Apprentice Path.

Additional Information

Please submit your resume and a cover letter highlighting your relevant experience and interest in the Trust & Compliance Analyst role. Include any certifications, projects, or community involvement that demonstrate your competencies and assets for this position.

What Formstack Offers for Full-Time Employees in the US and Canada:

- Competitive health plans, Dental, Vision, Disability, and Life Insurance Benefits for US and Canadian full-time employees.

- Monthly Health & Wellness and Technology stipends

- Half-day Fridays

- Unlimited PTO for all employees.

- 401k & Roth w/ safe harbor match (the US and Canada)

- The most up-to-date technology, including company-issued Macs, the latest software, and other tools needed to excel at your job

- Company-paid conferences and extended learning opportunities

- Yearly company and team gatherings

Don’t meet every single requirement? Studies have shown that women and people of color are less likely to apply to jobs unless they meet every qualification. Formstack is dedicated to building a diverse, inclusive, and authentic workplace. if you’re excited about this role, but your experience doesn’t align perfectly with every qualification in the job description, we encourage you to apply anyway. You may be just the right candidate for this or other roles.

Formstack is an equal-opportunity employer. We are passionately committed to equitable hiring and boldly dedicated to diversity in our work and staff. We do not discriminate in employment opportunities or practices based on actual or perceived race, color, religion, national origin, sex (including pregnancy, childbirth, or related conditions), age, marital status, sexual orientation, gender identity or expression, veteran status, uniform service member status, disability or any other characteristic protected by law. Women, people of color, bilingual and bicultural individuals, LGBTQ+ persons, and people with disabilities are encouraged to apply.

All data collected in our application process, from resume collection to application questions, is used for recruitment purposes only. We will store it in our applicant tracking system, Lever, and will not share this data with anyone else. We will keep your data until the role is filled and only continue to store it if we feel you may fit future roles.