Senior Risk & Audit Specialist

<h1><span style="font-size: 14pt; font-family: helvetica, arial, sans-serif;"><strong>About Upsun (formerly Platform.sh)&nbsp;</strong></span></h1> <p><span style="font-size: 12pt;">Upsun is the cloud application platform humans and robots love. It is built for today’s hybrid teams, where AI agents write and test code and humans focus on solving the problems that really matter. Developers, DevOps engineers, and platform teams use Upsun to build, ship, and scale confidently without wrestling with backend infrastructure. We give you your time back. You get:</span></p> <ul> <li style="font-size: 12pt;"><span style="font-size: 12pt;">Predictable performance, even at scale </span></li> <li style="font-size: 12pt;"><span style="font-size: 12pt;">Secure, compliant environments by default&nbsp;</span></li> <li style="font-size: 12pt;"><span style="font-size: 12pt;">Real-time observability and profiling built in </span></li> <li style="font-size: 12pt;"><span style="font-size: 12pt;">Cloning, configuration, and provisioning in seconds&nbsp;</span></li> <li style="font-size: 12pt;"><span style="font-size: 12pt;">AI-ready features that plug directly into your stack </span></li> </ul> <p><span style="font-size: 12pt;">The name says it all. "Up" means uptime, reliability, and acceleration. "Sun" reflects our follow-the-sun-support, a 24x7, globally distributed support team keeping the lights on while you rest. Our core belief is that software should power brighter solutions and greater innovation. </span></p> <p><span style="font-size: 12pt;">Upsunners are a remote, global workforce, and we thrive in a multicultural team. We are committed to open source and an open, welcoming environment. Our team spans the globe and the experience spectrum. </span></p> <p><span style="font-size: 12pt;">What's our commonality, our cultural fabric? A curious spirit and a thirst for knowledge; an eagerness for innovative ideas and cultures. We believe we can build anything together in an environment that frees you to do your best work. </span></p> <p><span style="font-size: 12pt;">Our values:&nbsp;</span></p> <p><span style="font-size: 12pt;">🌿 We make a positive impact.</span></p> <p><span style="font-size: 12pt;">✨ We aim for the stars.</span></p> <p><span style="font-size: 12pt;">💚 We care for each other.&nbsp;</span></p> <h1><span style="font-size: 14pt; font-family: helvetica, arial, sans-serif;"><strong>Impact of a Senior Risk &amp; Audit Specialist&nbsp;</strong></span></h1> <p><span style="font-size: 12pt;">As a Senior Risk &amp; Audit Specialist at Upsun, you help keep our security, risk, audit, and compliance work moving with clarity, care, and consistency. Reporting to the Director, Risk &amp; Audit, you'll work closely with teams across Security, Engineering, IT, Legal, Product, and Sales to keep key audits and certifications (including ISO 27001, SOC 2, PCI DSS, and HIPAA) on track and our global business audit-ready.</span></p> <p><span style="font-size: 12pt;">You're practical, organized, and curious; someone who enjoys making complex requirements easier to understand and thrives when balancing planned work with time-sensitive audit and customer requests. You partner with control owners across the business to coordinate evidence, monitor risk, and turn complex requirements into guidance that's easy to act on.</span></p> <p><span style="font-size: 12pt;">Beyond keeping audits on track, you contribute to the long-term evolution of our risk and compliance program by supporting readiness for new and expanding assurance needs, simplifying repeatable processes, and improving evidence quality. Your attention to detail, cross-functional mindset, and clear communication help leadership stay informed and give our customers confidence in our security posture.</span></p> <h1><span style="font-size: 14pt; font-family: helvetica, arial, sans-serif;"><strong>What to expect</strong></span></h1> <ul> <li> <p><span style="font-size: 12pt;"><strong>Audit &amp; Certification Support:</strong> Support active and upcoming audits, including ISO 27001, SOC 2, PCI DSS, HIPAA, and other relevant assurance work by coordinating evidence collection, reviewing evidence quality, scheduling walkthroughs, and following up with control owners.</span></p> </li> <li style="font-size: 12pt;"> <p><span style="font-size: 12pt;"><strong>Risk &amp; Control Management:</strong> Support risk assessments, risk register updates, control monitoring, issue tracking, and risk treatment follow-up by working with teams to identify control gaps, agree on practical actions, and track remediation through to completion.</span></p> </li> <li style="font-size: 12pt;"> <p><span style="font-size: 12pt;"><strong>Third-Party Risk Management:</strong> Conduct third-party risk management reviews to support a comprehensive view of organizational risk.</span></p> </li> <li style="font-size: 12pt;"> <p><span style="font-size: 12pt;"><strong>Compliance Program Support:</strong> Support ongoing compliance activities across established frameworks and emerging readiness work (including Australia ISM/IRAP/HCF, NIS2, and ISO 42001/AIM) while maintaining policies, procedures, control narratives and supporting documentation.</span></p> </li> <li style="font-size: 12pt;"> <p><span style="font-size: 12pt;"><strong>Customer &amp; Stakeholder Support:</strong> Respond to customer and prospect security or compliance questions in partnership with Sales, Legal, Security, and Product, and support updates to the Trust Center and other trust documentation.</span></p> </li> <li style="font-size: 12pt;"> <p><span style="font-size: 12pt;"><strong>Reporting &amp; Continuous Improvement:</strong> Prepare clear updates on audit status, risks, blockers, metrics, and remediation progress for leadership and look for opportunities to simplify repeatable processes and reduce audit friction for control owners.</span></p> </li> <li style="font-size: 12pt;"> <p><span style="font-size: 12pt;"><strong>Tooling &amp; Process Management:</strong> Use risk, audit, and compliance tools to keep work organized, traceable, and easy to report on.</span></p> </li> <li style="font-size: 12pt;"> <p><span style="font-size: 12pt;"><strong>Internal Audit Support:</strong> Support internal audit and review activities as needed.</span></p> </li> </ul> <h1><span style="font-size: 14pt; font-family: helvetica, arial, sans-serif;"><strong>What you bring</strong></span></h1> <ul> <li style="font-size: 12pt;"> <p><span style="font-size: 12pt;"><strong>Risk &amp; Compliance Experience:</strong> 5+ years of experience in risk, audit, compliance, governance, security assurance, or a closely related area.</span></p> </li> <li style="font-size: 12pt;"> <p><span style="font-size: 12pt;"><strong>Audit Experience:</strong> Hands-on experience supporting audits, evidence collection, control testing or monitoring, and remediation tracking.</span></p> </li> <li style="font-size: 12pt;"> <p><span style="font-size: 12pt;"><strong>Framework Knowledge:</strong> Working knowledge of security and compliance frameworks such as ISO 27001, SOC 2, PCI DSS, HIPAA, ISO 42001, GDPR, PIPEDA or similar standards.</span></p> </li> <li style="font-size: 12pt;"> <p><span style="font-size: 12pt;"><strong>Communication Skills:</strong> Ability to explain requirements clearly to both technical and non-technical audiences.</span></p> </li> <li style="font-size: 12pt;"> <p><span style="font-size: 12pt;"><strong>Organization &amp; Prioritization:</strong> Strong organization and prioritization skills, especially when managing several deadlines at once.</span></p> </li> <li style="font-size: 12pt;"> <p><span style="font-size: 12pt;"><strong>Judgment &amp; Problem-Solving:</strong> Good judgement, attention to detail, and a practical approach to solving problems.</span></p> </li> <li style="font-size: 12pt;"> <p><span style="font-size: 12pt;"><strong>Remote &amp; Cross-Functional Collaboration:</strong> Comfort working in a remote, global environment with cross-functional teams across varied timezones.</span></p> </li> </ul> <p>&nbsp;</p> <h1><span style="font-size: 14pt; font-family: helvetica, arial, sans-serif;"><strong>Bonus Points</strong></span></h1> <ul> <li> <p><span style="font-size: 12pt;">Experience with governance, risk, and compliance tools or audit management platforms</span></p> </li> <li style="font-size: 12pt;"> <p><span style="font-size: 12pt;">Experience supporting customer assurance, security questionnaires, or trust documentation</span></p> </li> <li style="font-size: 12pt;"> <p><span style="font-size: 12pt;">Working knowledge of Third-party risk management (TPRM)</span></p> </li> <li style="font-size: 12pt;"> <p><span style="font-size: 12pt;">Relevant certifications such as CISA, CRISC, CISSP, CC, CISM, CGEIT, ISO 27001, ISO 42001 or similar</span></p> </li> </ul> <h1><span style="font-size: 14pt; font-family: helvetica, arial, sans-serif;"><strong>Where we hire</strong></span></h1> <p><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;">At Upsun, remote work isn't just a trend - it's our foundation. The freedom of remote work with the support of a diverse, global team has been our successful model for over a decade. Our culture celebrates flexibility and collaboration, and while we have team members in over 30 countries around the globe, we are currently focused on hiring for this role in <strong>Canada, Spain, Germany, France, or the United Kingdom.&nbsp;</strong>Although we’re unable to provide visa sponsorship at this time, we welcome applications from all qualified candidates who are legally authorized to work in these countries.&nbsp;</span></p> <h1><span style="font-size: 14pt; font-family: helvetica, arial, sans-serif;"><strong>How we hire</strong></span></h1> <p><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;">We know that a great hire won’t meet every requirement that we’ve outlined. If you can see yourself elevating the team, we want to hear your story. Few of us would be here had we not taken a chance. <br>You can expect <strong>5 interviews</strong> </span><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;">to follow the order below. Should you successfully move through the entire process you will have the opportunity to meet with a variety of Upsunners. Our goal is to ensure you can make the most informed decision on whether this role, and our culture aligns with what you’re looking for in your future working environment.&nbsp;</span></p> <ol> <li style="font-family: helvetica, arial, sans-serif; font-size: 12pt;"><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;">45 Minutes with Talent Acquisition&nbsp;</span></li> <li style="font-family: helvetica, arial, sans-serif; font-size: 12pt;"><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;">60 Minutes with Hiring Manager (Director, Risk &amp; Audit)</span></li> <li style="font-family: helvetica, arial, sans-serif; font-size: 12pt;"><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;">60 Minutes with Team (IC's)</span></li> <li style="font-family: helvetica, arial, sans-serif; font-size: 12pt;"><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;">60 Minutes Cross Team (Leaders)</span></li> <li style="font-family: helvetica, arial, sans-serif; font-size: 12pt;"><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;">45 Minutes with Executive (CFO)</span></li> </ol> <p><em style="font-size: 12pt;">All roles require background checks.</em></p> <h1><span style="font-family: helvetica, arial, sans-serif; font-size: 14pt;"><strong>What we offer</strong></span></h1> <p style="padding-left: 40px;"><span style="font-size: 12pt;">💡 <strong>A product you can believe in</strong> - Join us in transforming how businesses build and manage web applications, driven making a positive impact as a proud <strong>B Corp</strong>.</span></p> <p style="padding-left: 40px;"><span style="font-size: 12pt;"><strong>🏆 An Award-Winning Workplace</strong> - We’ve been recognized by Forbes’ Top 30 Companies for Remote Jobs and France’s Best Workplaces for Women.</span></p> <p style="padding-left: 40px;"><span style="font-size: 12pt;">🗣️ <strong>A culture that values your voice </strong>- Join a flexible, open, and inclusive work environment where your voice is encouraged, and your ideas shape our growth and evolution.</span></p> <p style="padding-left: 40px;"><span style="font-size: 12pt;">🌎 <strong>A global team </strong>- Collaborate with colleagues from diverse backgrounds across the world, embracing different perspectives</span></p> <p style="padding-left: 40px;"><span style="font-size: 12pt;"><strong>🎉 </strong><strong>Benefits and perks</strong> - Make the most of what matters to you</span></p> <blockquote> <p>🏝 Flexible PTO</p> <p>🩺 Comprehensive healthcare coverage (UK, Canada, France, Spain, USA)</p> <p>📈 Company stock options</p> <p>🧠 Professional development budget</p> <p>💻 Office equipment budget</p> <p>💆‍♀️ Wellness budget</p> <p>🧳 Annual team gatherings</p> <p>🛜 Internet reimbursement</p> <p>👶 Inclusive parental leave</p> <p>✈️ Remote work travel program</p> </blockquote> <h1 style="text-align: justify; line-height: 1;"><span style="font-size: 14pt; font-family: helvetica, arial, sans-serif;"><strong>You belong here</strong></span></h1> <p><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;">At Upsun, we celebrate diversity in all its forms and are committed to fostering an inclusive, equitable, and supportive workplace where everyone can thrive. We embrace and value different perspectives, backgrounds, and experiences, because they make us stronger as a team. Whoever you are, wherever you're from, and whatever path you've taken, you are welcome here. We encourage you to bring your whole self to work, connect with others, and share your passion. </span><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;">If you need accommodations at any stage of our hiring process, please let us know. We're here to ensure an accessible and comfortable experience for you.<br></span></p>