Security Analyst

at Culture Amp

Melbourne, Australia

Join us on our mission to make a better world of work.

Culture Amp is the world’s leading employee experience platform, revolutionizing how 25 million employees across more than 6,500 companies create a better world of work. Culture Amp empowers companies of all sizes and industries to transform employee engagement, drive performance management, and develop high-performing teams. Powered by people science and the most comprehensive employee dataset in the world, the most innovative companies including Canva, On, Asana, Dolby, McDonalds and Nasdaq depend on Culture Amp every day.

Culture Amp is backed by leading venture capital funds and has offices in the US, UK, Germany and Australia. Culture Amp has been recognized as one of the world’s top private cloud companies by Forbes and most innovative companies by Fast Company.

For more information visit cultureamp.com.

How can you help make a better world of work?

As a Security Analyst focused on Governance, Risk, and Compliance (GRC), your core mission will be to maintain trust and security throughout our ecosystem. This role is primarily responsible for managing our 3rd Party Vendor Security review process and assisting with timely, high-quality responses to customer security questionnaires.

You will work closely with Sales, Legal, and Procurement teams, ensuring our security documentation is accurate and our third-party ecosystem is secure. You will also help to foster a strong security culture internally.

Skills & Experience:

Risk Management (Third-Party Focus)

Vendor Security Reviews: Complete security third-party vendor risk reviews for new and existing suppliers, gathering inputs, logging outcomes, and ensuring alignment with the Third-Party Security Management Standard in partnership with Procurement and Legal.

Customer Trust and Security Assurance

Answering Customer Security Questionnaires: Assist where required the timely completion of high-quality responses to customer and prospect security requests, due diligence questionnaires (DDQs), and information requests.
Maintaining Trust Collateral (SafeBase): Proactively assist and help maintain all security and compliance documentation, artifacts, policies, and certifications within our Security Trust Centre (e.g., SafeBase) to enable a self-service experience for customers.
Accelerating Deals: Partner with Sales and Legal to triage requests and ensure security communications are consistent and accelerate the sales cycle.
Gathering Reporting Metrics: Collect and track key performance indicators (KPIs) related to customer security review SLAs, document engagement, and overall security assurance efforts for leadership visibility.

Security Culture and Awareness

Security Awareness Campaigns: Assist with the design, coordination, and delivery of our hybrid cybersecurity awareness program
Internal Communication: Draft and schedule compelling security insights for internal newsletters, Slack, and email, translating complex policy and control requirements into clear, action-oriented guidance for all employees ("Campers").
Security Champions Initiative: Support the operationalisation of the security champions program across business units to extend program reach and reinforce secure-by-default behaviours across the organization.

Security Compliance

Program Assistance: Assist the GRC team with the ongoing management and maintenance of our key security compliance programs (e.g., ISO 27001, SOC 2), which includes coordinating evidence collection, documentation updates, and control attestations.

You have:

Experience: 1-3 years of operational experience in a role focused on Security Assurance, Third-Party Risk (TPR) Management, or GRC. Transferable skills from adjacent domains are highly valued.
Security Compliance Operations: Practical experience assisting with the management of security compliance programs (e.g., SOC 2, ISO 27001, or similar), including coordinating evidence collection from control owners and documenting attestations.
Customer Trust Platform Expertise: Proven ability to manage and update content within a Security Trust Center platform (like SafeBase or similar), including document organization, access controls, and questionnaire response management.
Third-Party Risk Process: Practical understanding of the vendor security review lifecycle, including the ability to triage, assess, and document risk findings for internal and external suppliers.
Organisational Excellence & SLA Adherence: Excellent organization and prioritization skills with a proven track record of strong follow-through and working effectively toward defined service level agreements (SLAs) in a fast-paced environment.
Enablement & Communication Skills: Clear and concise written communication, with the skill to translate complex security concepts (e.g., policy, controls) into practical, action-oriented guidance suitable for technical and non-technical internal teams.
GRC Foundations: Familiarity with common security frameworks (e.g., SOC 2, ISO 27001, or similar) is a plus, and a high degree of curiosity, a learning mindset, and a positive, security-first attitude are essential.

Desired (Highly Regarded) Qualifications:

Industry-recognised qualifications (e.g., Security+, CISA, CRISC, CSA or similar).

We believe that our employees are the heartbeat of our success. We're committed to fostering a work environment that truly cares for and develops its people, and creates lasting positive impact. In addition to providing a competitive compensation package, some of the key benefits we offer are:

Employee Share Options Program: We empower you to be an owner in Culture Amp and share in our success
Programs, coaching, and budgets to help you thrive personally and professionally
Access to external providers for mental wellbeing and coaching support to sustain the wellbeing, safety and development of our people
Monthly Camper Life Allowance: An automatic allowance paid out each month with your pay - you can spend it however you like to help improve your experience and life outside work
Team budgets dedicated to team building activities and connection
Intentional quarterly wellbeing pauses: A quarterly company-wide shutdown day in each region to to collectively pause, reset and focus on restoration and rest, without having to tap into individual vacation time
Extended year-end breaks: An extended refresh period at the end of year
Excellent parental leave and in work support program available from day 1 of joining Culture Amp
5 Social Impact Days a year to make a positive impact on the community outside of work
MacBooks for you to do your best & a work from home office budget to spend on setting up your home office
Medical insurance coverage for you and your family (Available for US & UK only)

Additionally, we don't just focus on our internal community; we believe in creating a better world of work for all. We're committed to diversity, equity, and inclusion, with Employee Resource Groups and ally communities in place.

We have a strong commitment to Anti-Racism, and endeavor to lead by example. Every step we make as a business towards anti-racism is another step we can take to support our customers in making a better world (of work). You can see our current commitments to Anti-Racism here.

Please keep reading...

Research shows that candidates from underrepresented backgrounds often don't apply for roles if they don't meet all the criteria – unlike majority candidates meeting significantly fewer requirements.

We strongly encourage you to apply if you’re interested: we'd love to know how you can amplify our team with your unique experience!

If you decide to apply, as part of your application, we will ask you to complete voluntary diversity questions (excluding roles in Germany). These questions are completely optional, but your participation truly helps. By sharing this anonymous information, you support our efforts to build a more inclusive and equitable hiring process—and help us hold ourselves accountable to that commitment. Your responses are entirely confidential and will not impact hiring decisions.

If you require reasonable accommodations or adjustments due to a disability to complete the online application or to participate in the interview process, please contact accommodations@cultureamp.com and identify the type of accommodation or assistance you are requesting. Do not include any medical or health information in this email. The Reasonable Accommodations team will respond to your email promptly. Culture Amp will retain your CV & personal information for a period of two years (four years for the US) from the date of your application process completion. Culture Amp may contact you in relation to future job opportunities during this time period. For further information please see our privacy policy here or contact privacy@cultureamp.com.