Request a Demo

Job Role
Inquiry Type

YES, I agree to receive, via email, information about Medallia solutions and success stories that show how industry-leading companies improve the customer experience and increase revenue. Read our Privacy Policy in the footer below.

Read our Privacy Policy

Thank You

Your message has been received and we will contact you shortly.

Back to all open positions

Senior Analyst, Risk & Compliance

  • Location: San Mateo, CA, USA
  • Team: Security
  • Role Type: Full-time -- Individual Contributor Role
Medallia’s mission is simple: to create a world where companies are loved by customers and employees alike. Hundreds of the world’s best-loved brands trust Medallia’s Software-as-a-Service application to help them capture customer feedback everywhere the customer is (on the phone, in store, online, mobile), understand it in real-time, and deliver insights and action everywhere—from the C-suite to the frontline—to improve their performance. Founded in 2001, Medallia is growing quickly with more than 1000 employees globally in Silicon Valley, New York, London, Paris, Sydney, Buenos Aires, Austin, Washington D.C., and Tel Aviv. 


  • Develop Medallia’s policies and standards in collaboration with internal teams
  • Build and maintain the controls matrix, in alignment with multiple compliance frameworks including SOC 2, ISO 27001, FedRAMP and HIPAA
  • Prepare compliance reports, identify issues and escalate through proper governance channels as needed
  • Support key business initiatives by identifying security and compliance related risks
  • Collaborate with teams across Medallia, validate that security controls are implemented and develop recommendations to remediate control deficiencies
  • Lead the security review component of vendor governance
  • Prepare status reports and updates for senior leadership
  • Develop employee facing technical documentation, internal wiki pages, periodic security oriented communication to spread awareness about Information Security policies and standards
  • Respond to RFP requests and client questions around security

Minimum Qualifications:

  • 3+ years experience working with technology governance, internal controls, and compliance activities including IT Audit,  ISO 27001, SOC 2, HIPAA, FedRAMP, HITRUST and Data Privacy laws and regulations.
  • Experience working with modern cloud Software as a Service (SaaS)
  • Excellent written and oral communication skills with an ability to effectively communicate security topics to a variety of audiences

Preferred Qualifications:

  • Experience in executing technology risk assessment methodologies and familiar with audit testing and relevant documentation standards.
  • Strong leadership capabilities, collaborative attitude and motivation to work in a fast paced startup environment
  • Ability to analyze, communicate, articulate governance and compliance trends and program requirements.
  • Big 4 Experience and Industry certifications such as CISA, CISSP, CISM, PMP or CRISC is a plus.
  • Ability to work closely with people at all levels of the organization and facilitate the implementation of corrective action as needed.

At Medallia, we don’t just accept difference – we celebrate it and recognize the value it brings to our customers and employees. Medallia is proud to be an equal opportunity workplace and is an affirmative action employer. Equal opportunity and consideration are afforded to all qualified applicants and employees. We won’t unlawfully discriminate on the basis of gender identity or expression, race, ethnicity, religion, national origin, age, sex, marital status, physical or mental disability, Veteran status, sexual orientation, and any other category protected by law.

Medallia is committed to working with and providing reasonable accommodation to applicants with disabilities in accordance with the American Disabilities Act and state disability laws.