Platform.sh

Senior Risk & Audit Specialist

Platform.sh$90K — $120K *
US-AnywhereRemote in Canada
Finance & Insurance
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • 5+ years of experience in risk, audit, compliance, or security assurance.
  • Hands-on experience supporting audits and evidence collection.
  • Working knowledge of security and compliance frameworks like ISO 27001 and SOC 2.
  • Ability to explain complex requirements to various audiences.
  • Strong organization and prioritization skills.
  • Good judgement and practical problem-solving abilities.
  • Experience in remote, cross-functional collaboration.

Responsibilities

  • Support active audits such as ISO 27001, SOC 2, and HIPAA by coordinating evidence collection.
  • Assist in risk assessments and tracking remediation efforts.
  • Conduct third-party risk management reviews for comprehensive organizational risk.
  • Maintain compliance activities across multiple frameworks and document relevant policies.
  • Collaborate with Sales and other teams on customer security and compliance inquiries.
  • Provide clear updates on audit status and look for process improvement opportunities.
  • Utilize audit and compliance tools for organized and traceable work.

Benefits

  • Flexible PTO
  • Comprehensive healthcare coverage
  • Company stock options
  • Professional development budget
  • Office equipment budget
  • Wellness budget
  • Annual team gatherings
  • Internet reimbursement
  • Inclusive parental leave
  • Remote work travel program
Full Job Description
Impact of a Senior Risk & Audit Specialist

As a Senior Risk & Audit Specialist at Upsun, you help keep our security, risk, audit, and compliance work moving with clarity, care, and consistency. Reporting to the Director, Risk & Audit, you'll work closely with teams across Security, Engineering, IT, Legal, Product, and Sales to keep key audits and certifications (including ISO 27001, SOC 2, PCI DSS, and HIPAA) on track and our global business audit-ready.

You're practical, organized, and curious; someone who enjoys making complex requirements easier to understand and thrives when balancing planned work with time-sensitive audit and customer requests. You partner with control owners across the business to coordinate evidence, monitor risk, and turn complex requirements into guidance that's easy to act on.

Beyond keeping audits on track, you contribute to the long-term evolution of our risk and compliance program by supporting readiness for new and expanding assurance needs, simplifying repeatable processes, and improving evidence quality. Your attention to detail, cross-functional mindset, and clear communication help leadership stay informed and give our customers confidence in our security posture.
What to expect
  • Audit & Certification Support: Support active and upcoming audits, including ISO 27001, SOC 2, PCI DSS, HIPAA, and other relevant assurance work by coordinating evidence collection, reviewing evidence quality, scheduling walkthroughs, and following up with control owners.
  • Risk & Control Management: Support risk assessments, risk register updates, control monitoring, issue tracking, and risk treatment follow-up by working with teams to identify control gaps, agree on practical actions, and track remediation through to completion.
  • Third-Party Risk Management: Conduct third-party risk management reviews to support a comprehensive view of organizational risk.
  • Compliance Program Support: Support ongoing compliance activities across established frameworks and emerging readiness work (including Australia ISM/IRAP/HCF, NIS2, and ISO 42001/AIM) while maintaining policies, procedures, control narratives and supporting documentation.
  • Customer & Stakeholder Support: Respond to customer and prospect security or compliance questions in partnership with Sales, Legal, Security, and Product, and support updates to the Trust Center and other trust documentation.
  • Reporting & Continuous Improvement: Prepare clear updates on audit status, risks, blockers, metrics, and remediation progress for leadership and look for opportunities to simplify repeatable processes and reduce audit friction for control owners.
  • Tooling & Process Management: Use risk, audit, and compliance tools to keep work organized, traceable, and easy to report on.
  • Internal Audit Support: Support internal audit and review activities as needed.
What you bring
  • Risk & Compliance Experience: 5+ years of experience in risk, audit, compliance, governance, security assurance, or a closely related area.
  • Audit Experience: Hands-on experience supporting audits, evidence collection, control testing or monitoring, and remediation tracking.
  • Framework Knowledge: Working knowledge of security and compliance frameworks such as ISO 27001, SOC 2, PCI DSS, HIPAA, ISO 42001, GDPR, PIPEDA or similar standards.
  • Communication Skills: Ability to explain requirements clearly to both technical and non-technical audiences.
  • Organization & Prioritization: Strong organization and prioritization skills, especially when managing several deadlines at once.
  • Judgment & Problem-Solving: Good judgement, attention to detail, and a practical approach to solving problems.
  • Remote & Cross-Functional Collaboration: Comfort working in a remote, global environment with cross-functional teams across varied timezones.


Bonus Points
  • Experience with governance, risk, and compliance tools or audit management platforms
  • Experience supporting customer assurance, security questionnaires, or trust documentation
  • Working knowledge of Third-party risk management (TPRM)
  • Relevant certifications such as CISA, CRISC, CISSP, CC, CISM, CGEIT, ISO 27001, ISO 42001 or similar
Where we hire

At Upsun, remote work isn't just a trend - it's our foundation. The freedom of remote work with the support of a diverse, global team has been our successful model for over a decade. Our culture celebrates flexibility and collaboration, and while we have team members in over 30 countries around the globe, we are currently focused on hiring for this role in Canada, Spain, Germany, France, or the United Kingdom. Although we're unable to provide visa sponsorship at this time, we welcome applications from all qualified candidates who are legally authorized to work in these countries.
How we hire

We know that a great hire won't meet every requirement that we've outlined. If you can see yourself elevating the team, we want to hear your story. Few of us would be here had we not taken a chance.
You can expect 5 interviews to follow the order below. Should you successfully move through the entire process you will have the opportunity to meet with a variety of Upsunners. Our goal is to ensure you can make the most informed decision on whether this role, and our culture aligns with what you're looking for in your future working environment.
  1. 45 Minutes with Talent Acquisition
  2. 60 Minutes with Hiring Manager (Director, Risk & Audit)
  3. 60 Minutes with Team (IC's)
  4. 60 Minutes Cross Team (Leaders)
  5. 45 Minutes with Executive (CFO)

All roles require background checks.
What we offer

A product you can believe in - Join us in transforming how businesses build and manage web applications, driven making a positive impact as a proud B Corp.

An Award-Winning Workplace - We've been recognized by Forbes' Top 30 Companies for Remote Jobs and France's Best Workplaces for Women.

A culture that values your voice - Join a flexible, open, and inclusive work environment where your voice is encouraged, and your ideas shape our growth and evolution.

A global team - Collaborate with colleagues from diverse backgrounds across the world, embracing different perspectives

Benefits and perks - Make the most of what matters to you

Flexible PTO

Comprehensive healthcare coverage (UK, Canada, France, Spain, USA)

Company stock options

Professional development budget

Office equipment budget

Wellness budget

Annual team gatherings

Internet reimbursement

Inclusive parental leave

Remote work travel program

About Platform.sh

Platform.sh is a cloud hosting platform for web applications. The platform provides a complete hosting environment for web applications, including development, testing, and production environments. Platform.sh was founded in 2010 and is headquartered in San Francisco, California.
Learn more about Platform.sh
Size
500 employees
Industry
Founded
2010

Similar Jobs

More Jobs at Platform.sh

More Finance & Insurance Jobs

Find similar Senior Risk & Audit Specialist jobs: