Senior Compliance Analyst

Overview Medallia is the pioneer and market leader in Experience Management. Our award-winning SaaS platform, Medallia Experience Cloud, leads the market in the management of experiences, insights, and actions for candidates, customers, employees, patients, and residents alike. We believe that every experience is a memory that can last a lifetime. Experiences shape the way people feel about a company. And they greatly influence how likely people are to advocate, contribute, and stay. At Medallia, we are committed to creating a world where organizations are loved by their customers and their employees. We empower exceptional people to create extraordinary experiences together.  Bring your whole self.The Role and Team As a Senior Compliance Analyst, you will be the primary lead for the operational execution of our Information Security and Compliance programs. You will take ownership of the audit lifecycle, design scalable controls, and ensure our SaaS platforms maintain a state of continuous compliance. You will act as a bridge between the technical engineering teams and external auditors, translating complex technical configurations into auditable evidence. Responsibilities Key Responisibilities Audit Lifecycle Ownership: Lead and coordinate multiple concurrent IT security audits (e.g. SOC 2, ISO 27001, HITRUST). Manage the end-to-end process from readiness assessments and evidence collection to auditor walkthroughs and remediation tracking ensuring the timely delivery of high-quality evidence. Control Design & Harmonization: Build and maintain the Common Controls Matrix. You will ensure that a single control implementation satisfies multiple frameworks (e.g. mapping a single access review process to SOC 2, ISO, and HIPAA requirements). GRC Platform Power-User: Act as the lead administrator for the GRC tool, currently AuditBoard. Optimize the platform for automated evidence collection and real-time dashboarding of compliance posture. Framework SME: Serve as the subject matter expert for framework standards (e.g. ISO, SOC2 and HITRUST). Lead the preparation and execution of assessments and manage the lifecycle of Corrective Action Plans (CAPs). Scalable Compliance Automation: Partner with Engineering and DevOps to automate control testing, identify manual processes and replace them with automated API-based evidence pulls from internally used tools. . Policy Governance: Lead the annual review and update of security policies. AI Governance: Proactively draft and implement AI governance policies and guardrails to ensure compliant use of emerging technologies within our SaaS platform. Remediation & Risk Advisory: Conduct periodic internal audits and gap analyses. Advise business owners on control deficiencies and provide actionable, risk-based recommendations for remediation. A growth mindset and critical thinking: the flexibility to adapt to evolving processes and the skills to identify inefficiencies followed by a proactive approach to refining scalable processes and continuous improvement. Teamwork and Professional Development Success in this role requires a collaborative mindset and a dedication to continuous improvement: Collaborative Environment & Mentorship: Actively participate as a key member of the Compliance team, contributing to team goals and supporting colleagues through mentorship. Provide guidance and peer review for junior team members and contractors to ensure high-quality documentation and professional development. Acceptance of Review: Must be open and responsive to peer review and direct feedback on work quality, documentation, and performance from senior team members and managers. Coachability: Demonstrate the ability to actively listen to, absorb, and immediately apply feedback on performance to improve accuracy and efficiency. Accountability: Take full ownership and accountability for tasks and mistakes, documenting lessons learned and implementing corrective actions to prevent recurrence. Certifications and Standards Supported You will be involved in supporting the compliance efforts for the following critical standards: ISO Standards: ISO 27001 (Information Security Management), ISO 27017 (Cloud Security), ISO 27018 (PII Protection in the Cloud), and ISO 27701 (Privacy Information Management). PCI: PCI DSS US Compliance: HITRUST, SOC 2 Type II, HIPAA (Health Information Portability and Accountability Act). Global Privacy: GDPR (General Data Protection Regulation), CBPR/PRP (Cross-Border Privacy Rules/Privacy Recognition Program), PIPEDA (Personal Information Protection and Electronic Documents Act - Canada). UK/Financial: FSQS (Financial Services Qualification System), Cyber Essentials Plus. Candidates based in the Buenos Aires vicinity will be prioritized as this role is Hybrid, 3 days per week onsite. Qualifications Minimum Qualifications Experience: At least 4 years of experience in IT, Governance, Risk, and Compliance (GRC), IT Audit, or Information Security, preferably in a Cloud/SaaS environment. Framework Expertise: Demonstrated experience leading audits for ISO 27001, SOC 2 Type II, PCI or similar frameworks. Technical Literacy: Deep understanding of cloud security controls and infrastructure, Identity Management (IAM), and Secure SDLC. Communication: Exceptional ability to translate technical security configurations into business/compliance terms for auditors and stakeholders. Documentation: Proven ability to document technical procedures, integrations and overall policies and standards.. Detail Oriented: High level of professional skepticism and attention to detail when reviewing evidence for "audit-readiness." Organizational Skills: Excellent time management, organizational skills, and the ability to prioritize tasks in a fast-paced environment. Preferred Qualifications Certification: Currently hold or are actively pursuing CISA, CISSP, CISM, CompTIA Security+, CCSK, or ISO 27001 Lead Auditor. Tools: Advanced experience with any GRC tool (Auditboard, Vanta, Drata, etc), Jira, and G-Suite (specifically advanced Google Sheets/Excel for data mapping). Privacy: Familiarity with global privacy regulations including GDPR and ISO 27701.