Senior Customer Security Assurance Analyst at Medallia

Campo Número Diez, chihuahua, Mexico -

Full Time

Start Date

Immediate

Expiry Date

19 Jun, 26

Salary

0.0

Posted On

21 Mar, 26

Experience

5 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

Security Assurance, Questionnaire Management, Technical Translation, GRC, Auditing, Risk Posture Management, Contract Negotiation Support, Sales Enablement, Process Improvement, Data Privacy Regulations, Cloud Infrastructure, Vulnerability Interpretation, Trust Center Governance, Stakeholder Management, SaaS Security, Accountability

Industry

Software Development

Description

Overview Medallia is the pioneer and market leader in Experience Management. Our award-winning SaaS platform, Medallia Experience Cloud, leads the market in the management of experiences, insights, and actions for candidates, customers, employees, patients, and residents alike. We believe that every experience is a memory that can last a lifetime. Experiences shape the way people feel about a company. And they greatly influence how likely people are to advocate, contribute, and stay. At Medallia, we are committed to creating a world where organizations are loved by their customers and their employees. We empower exceptional people to create extraordinary experiences together. Bring your whole self. The Role and Team The Customer Security Assurance (CSA) team at Medallia focuses on building confidence through security, transparency, and reliability, involving tasks like managing security questionnaires, handling audits, resolving client-driven concerns, creating trust-related content, and collaborating with Sales, Legal, Engineering, and Product teams to ensure customer data protection and compliance. You will be responsible for owning key deliverables during sales cycles and to support existing customer relationships. This role is designed for a business-savvy professional who enjoys working with highly technical resources and embraces the challenge of distilling those topics into language and content that is easy to understand for a wide audience. This is an excellent opportunity for an ambitious individual looking to build a career in Customer Trust, GRC (Governance, Risk, and Compliance), and information security within a fast-paced, metrics-driven technology environment. Responsibilities Key Responsibilities Customer Advocacy & Technical Translation: Serve as the primary translator of complex security topics for current and prospective clients. You will distill concepts such as network security, application security, encryption, and global regulations into clear, compelling narratives that demonstrate how Medallia adheres to industry standards. Questionnaire Management & Automation: Efficiently respond to customer TPRM/assurance requests and security questionnaires. You will not only answer these requests but also actively maintain and curate our Security Knowledge Base to ensure high-quality, automated responses and reduce manual workload for the team. Vulnerability & Infrastructure Inquiries: Field specific inquiries regarding penetration test results, infrastructure security, and vulnerability scans. You will review external-facing reports and provide necessary context on remediation timelines, false positives, or compensating controls to satisfy customer concerns regarding our risk posture. Customer Audit Orchestration: Own the end-to-end evidence collection and inquiry process for customer-led audits. You will act as the face of the security team, coordinating with internal stakeholders to demonstrate the effectiveness of our internal processes and controls. Trust Center & Documentation Governance: Maintain our external-facing online Trust Center to ensure the most accurate data, whitepapers, and certifications are readily available for self-service. You will also develop trust-focused documentation, FAQs, and materials for sales enablement. Contract Negotiation Support: Protect the company's risk posture by supporting the legal team during contract negotiations. This includes reviewing and redlining Security Addendums (ISAs) and Data Processing Addendums (DPAs) to ensure alignment with operational realities. Cross-Functional Sales Enablement: Seamlessly navigate the organization to solve customer inquiries by partnering with legal, product security, engineering, sales, and client success teams. You will provide "white-glove" support to sales teams, presenting technical concepts to executives and large groups to help unblock revenue. Process Improvement: Identify gaps and automate processes to improve efficiency for customer due diligence and response times. Teamwork and Professional Development Success in this role requires a collaborative mindset and a dedication to continuous improvement: Collaborative Environment: Actively participate as a key member of the CSA team, contributing to team goals and supporting colleagues with evidence collection and documentation needs. Acceptance of Review: Must be open and responsive to peer review and direct feedback on work quality, documentation, and performance from senior team members and managers. Coachability: Demonstrate the ability to actively listen to, absorb, and immediately apply feedback on performance to improve accuracy and efficiency. Accountability: Take full ownership and accountability for tasks and mistakes, documenting lessons learned and implementing corrective actions to prevent recurrence. Candidates based in the Mexico City OR Buenos Aires vicinity will be prioritized as this role is Hybrid, 3 days per week onsite. Qualifications Required Qualifications English Proficiency: Fluent or business conversational Experience: Five (5) years of experience in Customer Trust, Sales Engineering, IT, GRC, IT Audit, or Information Security within a SaaS or technology-focused company. Audit Exposure: At least one cycle of experience participating in an external audit such as SOC 2 or ISO 27001. Technical Literacy and Regulatory Prowess: Deep subject matter expertise in various security and security adjacent topics such as: global data privacy and protection regulations, including GDPR, CCPA/CPRA, and emerging international frameworks; a proven track record of translating complex legal requirements into actionable operational security policies and customer-facing trust initiatives; comprehensive understanding of cloud infrastructure (AWS/Azure) and knowledge on SaaS companies software development life cycle such as secure coding controls (GitHub, Jira, etc); familiarity with interpreting vulnerability scan reports (e.g., BitSight, SecurityScorecard, Tenable, Qualys, or similar) and explaining remediation SLAs or false positives to external parties. Tool Proficiency: Experience with Knowledge Base, GRC, and Trust Center platforms such as Responsive, AuditBoard, Anecdotes, SafeBase, Vanta, or similar as well as familiarity with Salesforce Presentation Skills: Must have comfort speaking to a wide variety of audiences. A demonstrated ability to clearly communicate technical concepts to both technical and non-technical stakeholders is critical to the role. Sales Enablement Experience: Previous experience working directly in a pre-sales capacity including a demonstrated ability to manage stakeholder expectations on timelines as well as overcoming deal-blocking inquiries and managing competing priorities. Preferred Qualifications Privacy Expertise: CIPP/US, CIPP/E, or CIPM certifications (IAPP). Cloud & Trust Knowledge: CCSK (Certificate of Cloud Security Knowledge) or CCAK (Certificate of Cloud Auditing Knowledge). Language Skills: Proficiency in other languages (e.g., German, French, Japanese) to support regional sales teams and localized questionnaires. Documentation: Proven ability to document technical procedures, integrations and overall policies and standards. Detail Oriented: High level of professional skepticism and attention to detail when reviewing evidence for "audit-readiness." Organizational Skills: Excellent time management, organizational skills, and the ability to prioritize tasks in a fast-paced environment. Automation Mindset: Proven ability to use GRC tools, Generative AI responders, or API-based integrations to streamline manual tasks. At Medallia, we celebrate diversity and recognize the value it brings to our customers and employees. Medallia is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age (40 and over), disability, genetic information, veteran status or military service, or any other status protected by state or local law. Individuals with a disability who need an accommodation to apply please contact us at ApplicantAccessibility@medallia.com. For information regarding how Medallia collects and uses personal information, please review our Privacy Policies. Applications will be accepted for 30 days from the date this role was posted or until the role has been filled.

Responsibilities

The analyst will serve as the primary translator of complex security topics for clients, distilling concepts like encryption and regulations into clear narratives, while also managing security questionnaires and automating responses.