Senior Compliance Analyst

Medallia is the pioneer and market leader in Experience Management. Our award-winning SaaS platform, Medallia Experience Cloud, leads the market in the management of experiences, insights, and actions for candidates, customers, employees, patients, and residents alike.  

We believe that every experience is a memory that can last a lifetime. Experiences shape the way people feel about a company. And they greatly influence how likely people are to advocate, contribute, and stay. At Medallia, we are committed to creating a world where organizations are loved by their customers and their employees.

We empower exceptional people to create extraordinary experiences together. 

Bring your whole self.

The Role and Team

As a Senior Compliance Analyst, you will be the primary lead for the operational execution of our Information Security and Compliance programs. You will take ownership of the audit lifecycle, design scalable controls, and ensure our SaaS platforms maintain a state of continuous compliance. You will act as a bridge between the technical engineering teams and external auditors, translating complex technical configurations into auditable evidence.

Key Responisibilities

• Audit Lifecycle Ownership: Lead and coordinate multiple concurrent IT security audits (e.g. SOC 2, ISO 27001, HITRUST). Manage the end-to-end process from readiness assessments and evidence collection to auditor walkthroughs and remediation tracking ensuring the timely delivery of high-quality evidence.
• Control Design & Harmonization: Build and maintain the Common Controls Matrix. You will ensure that a single control implementation satisfies multiple frameworks (e.g. mapping a single access review process to SOC 2, ISO, and HIPAA requirements).
• GRC Platform Power-User: Act as the lead administrator for the GRC tool, currently AuditBoard. Optimize the platform for automated evidence collection and real-time dashboarding of compliance posture.
• Framework SME: Serve as the subject matter expert for framework standards (e.g. ISO, SOC2 and HITRUST). Lead the preparation and execution of assessments and manage the lifecycle of Corrective Action Plans (CAPs).
• Scalable Compliance Automation: Partner with Engineering and DevOps to automate control testing, identify manual processes and replace them with automated API-based evidence pulls from internally used tools. .
• Policy Governance: Lead the annual review and update of security policies.
• AI Governance: Proactively draft and implement AI governance policies and guardrails to ensure compliant use of emerging technologies within our SaaS platform.
• Remediation & Risk Advisory: Conduct periodic internal audits and gap analyses. Advise business owners on control deficiencies and provide actionable, risk-based recommendations for remediation.
• A growth mindset and critical thinking: the flexibility to adapt to evolving processes and the skills to identify inefficiencies followed by a proactive approach to  refining scalable processes and continuous improvement.

Teamwork and Professional Development

Success in this role requires a collaborative mindset and a dedication to continuous improvement:

• Collaborative Environment & Mentorship: Actively participate as a key member of the Compliance team, contributing to team goals and supporting colleagues through mentorship. Provide guidance and peer review for junior team members and contractors to ensure high-quality documentation and professional development.
• Acceptance of Review: Must be open and responsive to peer review and direct feedback on work quality, documentation, and performance from senior team members and managers.
• Coachability: Demonstrate the ability to actively listen to, absorb, and immediately apply feedback on performance to improve accuracy and efficiency.
• Accountability: Take full ownership and accountability for tasks and mistakes, documenting lessons learned and implementing corrective actions to prevent recurrence.

Certifications and Standards Supported

You will be involved in supporting the compliance efforts for the following critical standards:

• ISO Standards: ISO Information Security Management), ISO Cloud Security), ISO PII Protection in the Cloud), and ISO Privacy Information Management).
• PCI: PCI DSS
• US Compliance: HITRUST, SOC 2 Type II, HIPAA (Health Information Portability and Accountability Act).
• Global Privacy: GDPR (General Data Protection Regulation), CBPR/PRP (Cross-Border Privacy Rules/Privacy Recognition Program), PIPEDA (Personal Information Protection and Electronic Documents Act - Canada).
• UK/Financial: FSQS (Financial Services Qualification System), Cyber Essentials Plus.

Candidates based in the Buenos Aires vicinity will be prioritized as this role is Hybrid, 3 days per week onsite.

Minimum Qualifications

• Experience: At least 4 years of experience in IT, Governance, Risk, and Compliance (GRC), IT Audit, or Information Security, preferably in a Cloud/SaaS environment.
• Framework Expertise: Demonstrated experience leading audits for ISO 27001, SOC 2 Type II, PCI or similar frameworks.
• Technical Literacy: Deep understanding of cloud security controls and infrastructure, Identity Management (IAM), and Secure SDLC.
• Communication: Exceptional ability to translate technical security configurations into business/compliance terms for auditors and stakeholders.
• Documentation: Proven ability to document technical procedures, integrations and overall policies and standards..
• Detail Oriented: High level of professional skepticism and attention to detail when reviewing evidence for "audit-readiness."
• Organizational Skills: Excellent time management, organizational skills, and the ability to prioritize tasks in a fast-paced environment.

Preferred Qualifications

• Certification: Currently hold or are actively pursuing CISA, CISSP, CISM, CompTIA Security+, CCSK, or ISO 27001 Lead Auditor.
• Tools: Advanced experience with any GRC tool (Auditboard, Vanta, Drata, etc), Jira, and G-Suite (specifically advanced Google Sheets/Excel for data mapping).
• Privacy: Familiarity with global privacy regulations including GDPR and ISO 27701.

At Medallia, we celebrate diversity and recognize the value it brings to our customers and employees. Medallia is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age (40 and over), disability, genetic information, veteran status or military service, or any other status protected by state or local law. Individuals with a disability who need an accommodation to apply please contact us at For information regarding how Medallia collects and uses personal information, please review our Privacy Policies. Applications will be accepted for 30 days from the date this role was posted or until the role has been filled.