Security and Compliance Coordinator

Espressive redefines how employees get help by delivering exceptional employee
experiences. We were founded on the belief that getting help at work shouldn’t be so hard. While
others have focused on solving the problems faced by help desk analysts, Espressive shifted the
focus to the employee — because you can’t have self-service if employees are not engaged.Barista,
our virtual support agent (VSA), brings the ease of consumer virtual assistants, such as Alexa and
Google Home, into the workplace, delivering a personalized user experience that results in
employee adoption rates of 80-85% and reduced help desk call volume of 40-60%.We've raised our
series B and are funded by some of the best VCs in the world. We have a highly experienced, small
team, led by a CEO and executive team with a proven track record of building successful companies.

**About the Role**

As a Security & Compliance Coordinator, you are responsible for maintaining and continuously
improving Espressive’s security and compliance framework, policies, and processes. You and the team
will lead control implementations that support the confidentiality, integrity and availability of customer

We are not a “check the box” organization. If business value is your primary driver, we want to talk to
you

**About the Responsibilities**
- Leading vulnerability management process, including running vulnerability scans, analyzing findings,

and tracking, coordinating, and negotiating remediation efforts with various organizational
stakeholders
- Supporting internal and external (e.g., customers, auditors) information gathering sessions

associated with information security risk assessments, questionnaires, and general inquiries
- Creating and maintaining the following, including managing the review, and approval process with

stakeholders:

- Policies, Procedures, Standards and Playbooks
- Plan of Action and Milestones (POAM’s) or comparable documentation
- System Security Plans (SSP) or comparable documentation
- Knowledge base articles, blogs, white papers or handbooks that help the organization continuously

improve security & compliance knowledge and awareness
- Coordinating audit and security testing engagements and serving as the primary point of contact

between third parties and the organization
- Administration and configuration of Governance, Risk Management and Compliance (GRC) tools,

including integration with other enterprise tools
- Continuous process improvement, automation, and scripting
- Ability to leverage your technical background to partner with highly technical teams (e.g.,

engineering, and technical operations) in the pursuit of practical implementations of technical
controls
- Partner and consult with non-technical business functions to help arrive at practical solutions and

control implementations that provide business value and meet regulatory requirements.

**Hard Skills or Qualifications Required**

following areas:

- Security standards and regulatory frameworks (in at least two of the following areas: SOC 2,

FedRAMP/NIST 800-53, ISO 27001, PCI, HIPAA or comparable)
- Vulnerability management scanning tools and familiarity with industry standard risk scoring

frameworks
- Maintaining security and compliance policies, procedures, and standards in a SaaS infrastructure (e.g.,

AWS, GCP, Azure).
- Experience implementing or supporting various aspects of a security operations center
- Knowledge of the SDLC and secure coding practices and standards
- General scripting and database knowledge (e.g., Python/Bash, PostgreSQL)
- General understanding of networking and computing infrastructure
- CISSP, CISM or comparable industry-standard information security certifications
- Strong English written and verbal communications skills

**Nice to Have**
- Experience supporting FedRAMP readiness, authorization, or continuous monitoring with a sponsoring

agency, the FedRAMP PMO or 3PAO
- Previous hands-on experience as a systems or network administrator managing configurations and

implementations in direct response to security control requirements
- Knowledge of containerization platforms and web search and analytics engines and their respective

security characteristics
- BS in Computer Science or Software Engineering