We are Duo, and we’re here to democratize security for everyone. Our mission is to protect the mission of our customers like Facebook, Twitter, and Etsy by making security simple. We’re a diverse crew of makers and builders, skaters and coders, filmmakers and DJs, teachers and students brought together by a shared belief in adding value to the world. This diversity allows us to bring an empathetic approach to solve some of the most complex global business and security challenges we face today.

• You will recommend and help develop appropriate information security policies, standards, procedures, checklists, and guidelines using generally-recognized security concepts tailored to meet the requirements of the organization and assist IT process owners in the creation and maintenance of these policies/procedures.
• You will provide approved responses to client compliance inquiries and maintain library of responses.
• You will work closely with departments, SMEs, vendors, & auditors/assessors to continuously identify and manage risks while ensuring readiness to satisfy internal & external audit requirements.
• You will work with various departments to ensure controls-related documentation in support of information assurance and compliance activities is maintained.
• You will coordinate evidence gathering within Security and all business units
• You will work directly with auditors
• You will provide support for internal Security Awareness and continued employee education.

• 3 - 5 years of information security experience required
• 3 - 5 years of experience with information technology audits and assessments preferred
• Familiarity with privacy laws, data protection/security regulations, and frameworks, such as BITS, SOC 2, NIST 800-53, PCI-DSS, FedRAMP
• Negotiation skills needed to obtain commitments to remediate risks and vulnerabilities from leadership of other teams
• Familiar with and able to apply generally-accepted security methods, concepts and techniques
• Excellent communication and listening and facilitation skills.
• Excellent time management and related organizational skills, including appropriate sense of urgency, a proactive approach, and a suitable ability to anticipate and manage project lifecycle events, issues and obstacles
• Able to identify and document specific security issues, propose resolution options, and interpret matters from the perspective of involved stakeholders

• Are ready to take on just about anything, and figure things out one way or another
• Care about contributing to an amazing work culture and environment
• Enjoy building and evolving organizational policies and have the drive to teach

• If you are serious about secure software development and you are interested in making sure that these principles are reflected in Duo's product, then you should actually apply for our Application Security Engineer role as that will be the best fit!
• If you want to spend your days hacking the planet, take a look at one of the researcher roles our on Duo Labs team.
• If you find yourself easily distracted by security incidents and would prefer spending your time responding to and investigating indicators of compromise you should apply for our Information Security Analyst role instead.

Does this sound like it was written for you? Excellent! Please apply and let’s explore this together.