Information Security - Risk & Compliance Analyst

| Greater LA Area

Postmates is looking for an Information Security Risk & Compliance Analyst focused on the evaluation of Postmates core services and infrastructure for compliance with the NIST Cybersecurity Framework (NIST CSF) and Sarbanes Oxley IT General Controls.

In this role, you will be responsible for evaluating and documenting internal controls, assisting with internal security reviews, and working with internal teams to address compliance and audit issues.

Job Responsibilities:

  • Serve as a subject matter expert on industry standards and security compliance frameworks and standards such as SOX Section 404 IT General Controls, NIST 800-53, PCI DSS, GDPR, CCPA.
  • Conduct security risk assessments of third-party vendor services.
  • Support internal audits of Postmates Mobile and Web Applications for compliance with the NIST Cybersecurity Framework (NIST CSF), PCI DSS, GDPR, CCPA and Sarbanes Oxley IT General Controls.
  • Interact with Postmates technology, and business stakeholders to understand risks critical to infrastructure, define potential business impact and establish corrective action plans.
  • Prepare, validate and maintain security documentation including, but not limited to: Information Security Policies, Information Security Procedures, IT Compliance Corrective and Preventive Action Plans (CAPA’s), Privacy and Business Impact assessments (BIA/PIA), and Annual and Quarterly Compliance Audit Procedures.
  • Prepare weekly reports for senior leadership on the status of Postmates internal controls.


  • Knowledge in NIST and PCI DSS security standards.
  • Knowledge in Information Security industry best practices.
  • Experience with participating in compliance audits in a lead or supporting role.
  • Experience in preparing compliance audit workpapers such as artifact request lists, standard test cases and test plans.
  • Experience with managing and supporting an Enterprise Risk Management (ERM) Lifecycle.
  • Experience with managing third-party supply chain risk.
  • Familiarity with the use of Standard Information Gathering (SIG) for Third-Party Vendor Risk Assessments.
  • Experience using Atlassian Jira for team workload assignment and prioritization through Scrum or Kanban project management.
  • Experience configuring, managing and providing support for GRC or IRM tools such as Archer, ZenGRC or RSAM.
  • Experience with developing compliance and security analytics/insights through Chartio or similar BI/analytics tooling.
  • Ability to work effectively while prioritizing and juggling competing priorities in a fast-paced work environment.


  • Competitive salary and generous stock option plan
  • Medical, dental and vision insurance
  • Whatever equipment you need to work efficiently and creatively
  • Paid parental leave, vacation time, sick time, and volunteering time
  • Catered lunches
  • Impact-first work environment (no politics, no pandering)
  • Huge company vision (we need you to build the future, not just maintain the status quo)
  • Awesome office located in SOMA District just minutes from BART, Muni, AC Transit, and SamTrans
Read Full Job Description

Technology we use

  • Engineering
    • GolangLanguages
    • JavaLanguages
    • JavascriptLanguages
    • KotlinLanguages
    • PythonLanguages
    • SwiftLanguages
    • ErlangLanguages
    • FluxLibraries
    • ReactLibraries
    • ReduxLibraries
    • AngularJSFrameworks
    • DjangoFrameworks
    • HadoopFrameworks
    • Node.jsFrameworks
    • SparkFrameworks
    • PostgreSQLDatabases
    • DjangoDatabases
    • DynamoDatabases


0.2 mile walk from downtown Santa Monica Expo Line stop (direct transit from downtown LA), 0.5 mile walk to beach, close to 3rd St Promenade shopping

An Insider's view of Postmates Inc.

How does the company support your career growth?

I once read that “growth and comfort don’t coexist” and Postmates lives by it. From day one at Postmates, I felt challenged and have been given projects that impact the business. I’ve had to flex technical muscles that I have never used and it’s exciting because I’m developing into a more well-rounded engineer which only enhances my career growth.



How do you empower your team to be more creative?

Instead of assigning work/tasks to my team, we operate by having the team identify what they think are the problems that we need to be solving today, and how that will scale or change over the next few years then align those with company priorities. This forces my team to be more creative in how they approach their work on a day to day basis.



What are Postmates Inc. Perks + Benefits

Volunteer in local community
Partners with Nonprofits
Friends outside of work
Eat lunch together
Daily stand up
Open door policy
Team owned deliverables
Team based strategic planning
Group brainstorming sessions
Unconscious bias training
Health Insurance & Wellness Benefits
Flexible Spending Account (FSA)
Disability Insurance
Dental Benefits
Vision Benefits
Health Insurance Benefits
Postmates health insurance policy covers up to 100% of out of pocket expenses.
Life Insurance
Wellness Programs
Retirement & Stock Options Benefits
Company Equity
Child Care & Parental Leave Benefits
Generous Parental Leave
Flexible Work Schedule
Remote Work Program
Family Medical Leave
Adoption Assistance
Vacation & Time Off Benefits
Generous PTO
Paid Volunteer Time
Our employees receive 24 hours per year of paid volunteer time.
Paid Holidays
Paid Sick Days
Perks & Discounts
Casual Dress
Commuter Benefits
Company Outings
Social team outings monthly
Stocked Kitchen
Some Meals Provided
Meal credits provided 3x per week
Relocation Assistance
Fitness Subsidies
Professional Development Benefits
Job Training & Conferences
Tuition Reimbursement
Lunch and learns
Cross functional training encouraged
Promote from within
More Jobs at Postmates Inc.11 open jobs
All Jobs
Data + Analytics
Dev + Engineer
Los Angeles
Los Angeles
Los Angeles
Los Angeles
Los Angeles
Los Angeles
Los Angeles
Data + Analytics
Los Angeles
Los Angeles
Los Angeles