Security and Privacy Compliance Specialist

Cloudinary was founded in 2012 to solve a simple problem: making it easy for software developers to manage images programmatically with code.

Today, Cloudinary is the image and video technology platform that enables the world’s most engaging brands to deliver transformative visual experiences on a global scale. Nearly 10,000 companies rely on Cloudinary’s cloud-based product suite – built for developers, digital product owners, creatives, and marketing leaders – to effortlessly manage the lifecycle of visual assets and bring their imaginations to life.

Cloudinary’s DNA is in the developer world. The company built a passionate following among developers by offering the most powerful APIs in the industry – and investing in the documentation and technical resources to make every software engineer successful. That’s why over 1.2 million developers today rely on Cloudinary to bring their imagination to life.

Our security team is growing and we’re looking for a Security and Privacy Compliance Specialist to join our team, lead the compliance efforts across all business units and be the focal point for all internal and external compliance related needs.

This is an opportunity to take an end-to-end ownership of our compliance posture in which you’ll promote and facilitate excellence in governance with all applicable laws and regulations while ensuring maximum alignment between business needs and regulatory requirements.

Cloudinary is certified for seven (8!) different ISO certifications and is also SOC 2 Type II certified. This position's role is not to establish the basic compliance framework, it is to proactively own all of Cloudinary’s security and privacy compliance aspects and take the compliance operations to the next levels while focusing on quality and excellence in all related operations.

You’ll have the needed support from relevant stakeholders, helping you to succeed in your role, making this a once-in-a-career opportunity - to take an end-to-end ownership of a very mature compliance organization and push it to new heights and achievements.

Responsibilities:

• Own the security and privacy compliance domain, end-to-end
• Be a go-to-person and THE focal point for internal and external stakeholders around everything compliance, security and privacy. This is a customer facing role
• Own all aspects and ensure quality and consistency in Cloudinary’s operations, practices, policies and procedures
• Establish, assess and evaluate the effectiveness of compliance controls across ALL business units
• Take end-to-end ownership and manage internal and external compliance audits
• Creatively overcome obstacles so that the compliance controls will operate alongside business activities
• Supervise and monitor risk operations and performance
• Work closely with Cloudinary’s Sales, Customer Success, BizDev and legal teams on security and privacy agreements, playing a crucial role in enabling the company’s continued growth
• Work closely with Cloudinary’s Product and R&D teams on promoting security and privacy roadmaps
• Work together with Cloudinary’s IT team in verifying that Cloudinary’s vendors and service providers are onboarded and managed according to best practices and our own related guidelines which you’ll help define
• Own Cloudinary’s compliance management SaaS service
  
  

• Extremely proactive, independent and with the highest execution standards. This is an end-to-end ownership position
• Customer facing with a business enablement mindset
• Fast learner and fast executer with the ability to clearly communicate milestones and progress with all relevant stakeholders, internally and externally
• Multitasker with the ability to handle multiple projects and manage varying timelines and deadlines in a dynamic and fast pacing environment
• A people person, able to execute cross-team collaboration and establish relationships across the organization and with external entities
  
  

• 3+ years of security governance, risk, and compliance management experience
• Experience working for a global SaaS/Cloud company in a compliance related role
• Experience in working with global enterprise customers
• Vast experience in implementing and maintaining security standards and frameworks (ISO/IEC 27001, SOC 2, NIST, etc.).
• Solid understanding of relevant privacy regulations, such as GDPR and CCPA, including first hand experience in working on achieving compliance with their requirements
• Project and/or product skills and experience
• Fluent English, written and verbal - mandatory. Work interfaces are in English
  
  

• Experience working for one of the top global consultancy firms
• Managing (hands-on) data mapping related processes
• Hands-on Cloud Service Providers technical background
• FedRAMP/HIPAA requirements implementation experience
• Experience with the EU different local privacy laws and legislations
• Previous experience as a project/product manager
• Experience working with governance/compliance supporting SaaS services
• Certified ISO 27XXX Lead Auditor