Compliance Analyst
at Five9
Manila, Philippines (Hybrid)
Join us in bringing joy to customer experience. Five9 is a leading provider of cloud contact center software, bringing the power of cloud innovation to customers worldwide.
Living our values everyday results in our team-first culture and enables us to innovate, grow, and thrive while enjoying the journey together. We celebrate diversity and foster an inclusive environment, empowering our employees to be their authentic selves.
Why Join Us
This is a unique opportunity for a talented compliance professional to step into a high-visibility, hands-on role that blends operational responsibility with strategic influence. You'll be more than a contributor—you'll be a builder, shaping the frameworks and processes that support our global compliance objectives.
Whether you're a seasoned analyst ready for a bigger challenge or an emerging leader looking to expand your scope, this role offers the chance to grow with purpose and advance your career in a forward-thinking, high-impact environment.
About the Role
We are seeking a proactive, detail-oriented Compliance Sr Analyst to join our global Governance, Risk & Compliance (GRC) team. You will take ownership of key elements of our Continuous Monitoring (ConMon) program, partner with technical teams to track risks and improve control effectiveness, and maintain the common control framework (CCF) that underpins our security, privacy, and compliance posture.
This role is designed for someone who enjoys getting into the details while also thinking strategically about how to optimize compliance processes, scale efficiently, and contribute to audit readiness and regulatory alignment.
Key Responsibilities
- Own and evolve the enterprise-wide Continuous Monitoring (ConMon) program, ensuring that vulnerabilities are identified, tracked, and remediated, with accurate reporting and documentation.
- Conduct recurring control assessments to evaluate the effectiveness of technical, administrative, and operational safeguards, and use results to improve the CCF.
- Develop and maintain the Common Control Framework (CCF), ensuring alignment across regulatory and certification requirements (e.g., SOC 2, ISO 27001, PCI-DSS, NIST 800-53, DORA, C5).
- Manage the risk exception and deviation process, including intake, review, documentation, and tracking of compensating controls.
- Facilitate compliance syncs with internal teams, including Security, Engineering, IT, Legal, and Privacy. Drive action item closure, escalate risks, and promote visibility.
- Support audit and assessment readiness by aligning evidence to controls, updating documentation, and coordinating with process owners to demonstrate compliance posture.
- Maintain core compliance documentation, including policies, SOPs, control narratives, risk registers, and corrective action plans.
- Assist in incident response documentation, focusing on compliance impacts, reporting obligations, and post-incident reviews.
- Collaborate with Security and Engineering to review vulnerability scans and threat intelligence, helping assess risk exposure and prioritize remediation.
- Develop and manage compliance dashboards, metrics, and POA&M-style tracking to communicate program health and maturity.
- Continuously improve compliance processes, identifying automation opportunities, reducing manual tasks, and evolving the CCF to keep pace with a changing risk landscape.
Qualifications
- 3+ years of experience in compliance, audit, security assurance, or a related field within a technology or SaaS environment.
- Knowledge of major regulatory and industry frameworks (e.g., NIST SP 800-53, SOC 2, ISO 27001, PCI-DSS).
- Experience with vulnerability management, risk assessments, and control testing.
- Strong communication and collaboration skills with the ability to work across business and technical teams.
- Proven ability to manage multiple priorities, with attention to detail and a structured, documentation-driven approach.
- Bachelor’s degree in a relevant field or equivalent professional experience.
Preferred Skills
- Familiarity with tools like Tenable, Wiz, or other vulnerability scanners.
- Experience with GRC platforms (e.g., OneTrust, Drata, ServiceNow).
- Certifications such as CISA, CISSP, CRISC, or ISO 27001 Lead Auditor/Implementer.
- Knowledge of data protection regulations like GDPR, HIPAA, or DORA.
Company Benefits
- Company stocks
- Annual merit increase based on performance
- 15% night shift differential pay
- Paid Leave with Cash Conversion
- HMO with free dependents
- Retirement Plan
- Life Insurance
- While on work from home setup: Internet and meal allowance are provided
- Employee Assistance Program for mental and social well-being
- Government-mandated Benefits (SSS, PhilHealth, PagIBIG, 13th month pay, Solo parent leave, Special leave for women)
#LI-MB1
Five9 embraces diversity and is committed to building a team that represents a variety of backgrounds, perspectives, and skills. The more inclusive we are, the better we are. Five9 is an equal opportunity employer.
View our privacy policy, including our privacy notice to California residents here: https://www.five9.com/pt-pt/legal.
Note: Five9 will never request that an applicant send money as a prerequisite for commencing employment with Five9.