Trust Operations Analyst

Gloo was founded as a mission-driven organization with the goal to release the passion in every person to Champion the growth of another so they can be all they were born to be.

Today, organizations of all sizes in the faith space use Gloo’s products to become more informed, better connected, and fully equipped to overcome their greatest challenges and achieve powerful outcomes, helping people progress through their personal growth journeys.

By building a common platform, we are creating a shared infrastructure that removes friction, promotes collaboration, and equips leaders with the right tools to galvanize personal growth and change lives. We are a fast-moving and passionate team that is looking for more talented professionals who are driven to make a positive impact. 

The Opportunity:

As a member of the Trust Operations Team, you will own and manage certain SOC 2 control categories, while also operationalizing roadmaps and objectives set forth by the other Trust teams (Security, Privacy, Legal). Serving on the front-line, you understand compliance and own specific Trust programs while also having an appreciation for balancing business value and partnering with our business teams (including but not limited to: procurement, product, engineering, marketing, support, finance, accounting, legal).

The Team:

You will join a team that is developing, operating and improving a Trust program that must meet and exceed the expectations of Gloo’s champions and the community we serve. Our business and ability to serve our champions is dependent upon the trust we develop and you are central to that core value proposition.

What You'll Be Doing:

• Become the company’s vendor risk management expert - the majority of the role will be focused on the company’s vendor risk management program. Inheriting, owning, and improving the  program, working with other members of the Trust team, internal stakeholders and the vendors themselves to ensure the program operates as intended and executive management has a clear understanding of risks associated with vendor engagements. Understand the business use-case for each proposed vendor and all data that will be involved in the arrangement. Establish a baseline vendor risk, identifying areas of potential exposure. Review contracts/agreements/documentation, noting areas of potential concern for Gloo and other Gloo business teams. Lead assessment of vendor risk via pre-contract due diligence, report on high level risks and inadequate controls to executive management, develop and maintain workflow processes to ensure controls are adequate and meet internal baselines. Provide guardrails or risk mitigation requirements where required; manage vendor risk in accordance with internal policy and regulatory requirements; monitor vendor implementation to ensure Trust requirements are met. Support development and deployment of a training program to facilitate the effective application and awareness of vendor risk management. Perform annual re-evaluations for critical vendors.

• Inheriting, managing, and improving the company’s incident response program and activities, working closely with Security, management, engineering, support, and other stakeholders to ensure the program operates as intended. Triage events and determine event severity. Take appropriate steps to investigate any Trust event, including forming an incident response team and coordinating with internal and external stakeholders. Document investigation of a Trust event, manage the work plan, track tasks to completion. Communicate incident status and recommendations to executive management, including risks and obligations connected to an incident. Conduct a Post Mortom to determine areas of improvement including potential training opportunities. In coordination with Security, coordinate an annual incident response/business continuity tabletop.

• Monitoring, educating about, and improving the company’s logical access controls. Understanding and improving the company’s logical access control requirements, identifying areas for improvement. Educating and guiding internal teams regarding logical access control requirements and providing guidance for compliance.

• Operationalizing roadmaps and objectives as set forth by the Security and Privacy teams.

• Assisting in administering and improving a variety of the company’s other Trust Operations programs, including, without limitation, understanding Gloo’s multiple control frameworks (SOC 2, NIST, NYMITY, HIPAA, others) - developing and maintaining knowledge of security and privacy regulatory environments applicable to the company, internal auditing of Trust programs, maintaining an accurate system inventory, Trust policy development and communication, risk identification and management.

• Serving as a full-time member of the Trust Operations team, collaborating with other team members from Trust, Product, Engineering, Data, IT, and Support Services to administer and improve the company’s Trust programs.

What We're Looking For:

• Two to five years of program management for a vendor risk management program, or acute knowledge as a contributor or auditor

• Preference for BS in vendor management, finance, accounting, privacy, risk management, information security, procurement, risk management or related discipline

• Understanding of information systems audit requirements and frameworks (with preference for SOC 2, HIPAA).

• Strong communication skills with the ability to share your knowledge and encourage others to embrace our Trust programs

• Strong attention to detail and project management skills: ability to drive projects from beginning to closure with auditable documentation

• A trust mindset with a business sense, you understand the cost-benefit of implementation

• Risk, compliance, and/or privacy domain expertise demonstrated by coursework, experience, or certifications like CISA, CIPP, CRISC, IAPP

• Some experience with the privacy aspects of HIPAA, state, federal and international privacy regulations

Compensation: $100,000 - $125,000

Our Team Members Enjoy:

• Compensation and bonus commensurate with experience

• Plenty of time off to keep you balanced

• Medical benefits with multiple plan offerings, HSA contribution, and Dental and Vision plans

• A dynamic, talented team, dedicated to changing the world and building an incredible business

• Onsite and virtual social events to keep us connected in our hybrid work environment

• Beautiful office space in downtown Boulder on Pearl Street, steps from coffee shops and blocks from hiking trails

Applicants offered employment will be required to provide evidence of authorization to work in the United States, and will be required to work from a physical location within the United States in accordance with Gloo’s Remote Work Policies.