Cloud Security Analyst (GRC)

Hey you! Want to work for one of the fastest growing SaaS companies in the world? We’re building the next generation of learning software that companies like AWS, Netflix, Opentable, and L’Oreal rely on to deliver training. We believe learning is for everyone, and that we all have something to learn from each other. We rely on one another to continuously innovate our products and processes to create an exceptional experience for our employees, customers, and partners.

We are a culture where values are at the center of everything we do, embodying what we call the Docebo Heart. We trust our teammates, assume the best of one another, and hold space for all differences that make us better. So what are you waiting for? Apply today! Join 900+ global Docebians and change the way people learn. Are you ready to be part of the learning revolution?

This role focuses on demonstrating the business value of compliance and security programs to prospects and customers, working closely with Sales & Legal teams to improve cybersecurity posture, enhance customer experience, and unlock business value. Ensuring Docebo adheres to regulatory frameworks and maintains robust security measures is essential. The role involves collaboration with internal teams and external stakeholders, addressing compliance and security requirements, safeguarding operations and reputation, and staying updated on emerging regulations and threats. It also includes training internal teams on compliance and security protocols.

Reports to: Business Enablement Manager - Security

Location: Biassono, Lombardy, Italy (hybrid)

1. Customer Engagement and Response: Respond to security and privacy inquiries, compile responses for RFI, RFP, RFQ, and compliance questionnaires, ensuring timely and accurate communication, supporting sales.
2. Customer Audit Support and Documentation: Coordinate compliance audits, assist with agreements, and prepare management reports with the GRC team.
3. Support Internal Compliance Management: Maintain compliance documentation, conduct risk assessments, and facilitate internal audits.
4. Vendor Risk Assessment and Monitoring: Evaluate third-party risks, monitor controls, and maintain risk reports in collaboration with the GRC team.
5. Security Awareness: Develop and implement security and privacy awareness programs with the GRC team.
6. Cross-functional Collaboration: Work across departments to align compliance, security, and privacy efforts, assess changes, and support updates to compliance programs.
7. Documentation and Reporting: Keep thorough records of compliance activities, policies, procedures, audit findings, and prepare reports for management and authorities.
8. Trust Page Management: Define and update content, gather feedback from clients and prospects to ensure relevance and adherence to standards.

• Fluent in English, experienced with contracts and documentation in English, with strong communication skills.
• 4+ years of relevant experience supporting audits, compliance, and security in SaaS companies.
• Knowledge of information security principles, cloud environments (AWS, Azure, GCloud), and compliance standards like GDPR, CCPA, PIPL.
• Familiarity with ISO/IEC standards, SOC 2, PCI, CFR21 Part 11.

• Bachelor’s degree in relevant fields.
• Certifications such as CISA, CIPP, CIPT, Security+.
• Experience with tools like Drata, and familiarity with NIST or FedRAMP standards.

Includes generous vacation, employee share plans, career growth, employee resource groups, WeWork partnership, and a hybrid work model supporting collaboration and focus.

We power learning experiences for over 3000 customers globally with our AI-powered Suite. Recognized as a top SaaS e-learning solution, we value innovation, simplicity, accountability, togetherness, curiosity, and impact. Join us and be part of a fast-growing learning technology leader. We are committed to diversity and inclusion, providing accommodations to applicants as needed.