Security Risk and Compliance Analyst

At Asana, security is foundational to our mission of helping teams work together effortlessly. Our security team protects Asana’s employees, users, and customers by proactively addressing threats, ensuring compliance with legal and regulatory requirements, and fostering a culture of security throughout our product and operations. We are a team of security engineers and risk and compliance practitioners who build innovative safeguards and collaborate across the organization to build and maintain trust at scale.

As a Security Risk and Compliance Analyst at Asana, you’ll play a critical and high-impact role in building and maintaining trust with Asana’s global customers. You will be responsible for initiatives that continuously improve our vendor risk assessment and security risk management programs, ensuring we maintain a strong security posture and meet both compliance requirements and customer expectations.

This is a highly cross-functional role where you’ll partner closely with Legal, Privacy, Finance, R&D, and other key stakeholders. You’ll help evolve our programs with a strategic, risk-based mindset—balancing operational excellence with agility as we grow and scale.

This role is based in our San Francisco office with an office-centric hybrid schedule. The standard in-office days are Monday, Tuesday, and Thursday. Most Asanas have the option to work from home on Wednesdays. Working from home on Fridays depends on the type of work you do and the teams with which you partner. If you're interviewing for this role, your recruiter will share more about the in-office requirements.

What you’ll achieve:

• Vendor Risk Management: Own and operate Asana’s vendor risk management program, including performing due diligence for new vendors, managing ongoing monitoring and reporting, and reviewing vendor contracts for security and compliance requirements.
• Security Risk Management: Support the execution of periodic assessments across the organization to identify, evaluate, and track risks—driving mitigation and treatment efforts with business and technical owners.
• Risk Register Maintenance: Assist in maintaining the central security risk register to promote and drive accountability across the organization.
• FedRAMP Compliance: Support FedRAMP continuous monitoring activities to ensure ongoing compliance with FedRAMP moderate requirements.
• Compliance Audit Support: Partner with internal teams to support external compliance audits such as FedRAMP, SOC 2, and ISO 27001, providing evidence and program documentation as needed.
• Policy Management: Help to draft, update, and maintain security policies, standards, and procedures that align with evolving business needs and industry best practices.

About you:

• 3+ years of experience in Governance Risk and Compliance, with a focus on risk assessments and security risk management. 
• Demonstrated understanding of security compliance frameworks and audits (e.g., SOC 2, ISO 27001, PCI DSS, NIST, HIPAA, FedRAMP, etc.).
• Experience with enterprise SaaS applications, cloud infrastructure, modern software engineering practices and tools, databases, operating systems, secure network design, and public cloud models such as AWS
• Experience performing third-party vendor security reviews and due diligence processes
• Proven ability to drive operational process improvements and develop metrics for tracking success.
• Excellent communicator and influencer, with the ability to translate complex security and compliance requirements to both technical and non-technical stakeholders. 
• Demonstrates curiosity about AI tools and emerging technologies, with a willingness to learn and leverage them to enhance productivity, collaboration, or decision-making.

At Asana, we're committed to building teams that include a variety of backgrounds, perspectives, and skills, as this is critical to helping us achieve our mission. If you're interested in this role and don't meet every listed requirement, we still encourage you to apply.

What we’ll offer

Our comprehensive compensation package plays a big part in how we recognize you for the impact you have on our path to achieving our mission. We believe that compensation should be reflective of the value you create relative to the market value of your role. To ensure pay is fair and not impacted by biases, we're committed to looking at market value which is why we check ourselves and conduct a yearly pay equity audit.

For this role, the estimated base salary range is between $130,000-$160,000. The actual base salary will vary based on various factors, including market and individual qualifications objectively assessed during the interview process. The listed range above is a guideline, and the base salary range for this role may be modified.

In addition to base salary, your compensation package may include additional components such as equity, sales incentive pay (for most sales roles), and benefits. If you're interviewing for this role, speak with your Talent Acquisition Partner to learn more about the total compensation and benefits for this role.

We strive to provide equitable and competitive benefits packages that support our employees worldwide and include:

• Mental health, wellness & fitness benefits
• Career coaching & support
• Inclusive family building benefits
• Long-term savings or retirement plans
• In-office culinary options to cater to your dietary preferences 

These are just some of the benefits we offer, and benefits may vary based on role, country, and local regulations. If you're interviewing for this role, speak with your Talent Acquisition Partner to learn more about the total compensation and benefits for this role.

#LI-Hybrid