Policy and Compliance Specialist (CA remote)

Compliance and Business Analyst

Who We Are:

CXAPP is a forward-thinking technology company that leverages AI and data science to drive innovation and deliver cutting-edge solutions. At CXApp, we are the innovators of Indoor Intelligence, delivering actionable insights for people, places and things. Our flagship product “CXAI” (formerly CXApp)  is a workplace experience platform for the enterprise. Our technologies and solutions help enterprise customers deliver a comprehensive business journey in a work ‘from-anywhere’ world for employees, partners, customers, and visitors.

We take pride in the way we positively impact the daily lives of our customers and continue to push the boundaries of how our platform can benefit others.

The technology:

The CXAI platform tech stack uses AI enabled native mapping, analytics, on-device positioning and app technologies. The overall solution helps organizations provide a frictionless work environment to employees with features such as: hot desk and room booking, indoor navigation with turn-by-turn directions on a digital map, company-wide news feeds, an in-app company directory of colleagues and workplace amenities, as well as bookable opportunities and experiences.

Role Overview:

As a Policy and Compliance Specialist, you will be responsible for developing and implementing company policies, managing ISO 27001 and SOC 2 audits, and coordinating with external auditors. You will play a key role in fostering a culture of compliance within the organization while utilizing tools for security training and the security assurance platform for policy management.

Key Responsibilities:

1. Policy Development and Management:
   
   
   
   1. Lead the development, implementation, and maintenance of company policies and procedures to ensure compliance with industry standards and regulations.
   
   
   2. Conduct regular reviews of policies to ensure they remain effective and relevant.
   
   
   3. Collaborate with stakeholders to communicate policy changes and provide guidance on compliance-related matters.
   
   
   
   


2. Audit Coordination:
   
   
   
   1. Manage and lead ISO 27001, and SOC 2 audits, including planning, execution, and follow-up.
   
   
   2. Coordinate with external auditors to facilitate audit processes and ensure timely completion of audits.
   
   
   3. Prepare necessary documentation and reports for audit findings, ensuring transparency and accountability.
   
   
   
   


3. Compliance Monitoring:
   
   
   
   1. Develop and implement compliance monitoring processes to track adherence to policies and standards.
   
   
   2. Identify areas for improvement and recommend corrective actions to enhance compliance efforts.
   
   
   3. Provide ongoing training and awareness programs for staff on compliance requirements and best practices using the security awareness and security assurance platform.
   
   
   
   


4. Reporting and Analysis:
   
   
   
   1. Prepare and present compliance reports to management and stakeholders, highlighting key findings and recommendations.
   
   
   2. Analyze compliance metrics and trends to identify opportunities for improvement in processes and policies.
   
   
   3. Maintain accurate records of compliance activities and audit findings in the security assurance platform.
   
   
   
   


5. Continuous Improvement:
   
   
   
   1. Stay updated on industry regulations and best practices related to compliance and risk management.
   
   
   2. Proactively recommend changes to enhance compliance programs and policies based on industry trends and regulatory updates.
   
   
   3. Collaborate with cross-functional teams to embed compliance into the organizational culture.
   
   
   
   


6. Customer Security Questionnaires:
   
   
   
   1. Answer and manage security questionnaires from customers and potential customers in the form of RFPs.
   
   
   2. Work with relevant teams to gather necessary information and provide accurate responses to security-related inquiries.
   
   
   
   

Required Qualifications:

• Education: Bachelor's degree in business administration, Information Technology, or a related field.


• Experience: 3+ years of experience in compliance, risk management, or business analysis, preferably in a tech environment.


• Technical Skills:
  
  
  
  • Strong understanding of ISO 27001, and SOC 2 frameworks and requirements.
  
  
  • Familiarity with compliance management tools, particularly Certification Automation by OneTrust.
  
  
  • Experience with security training tools like Ninjio is a plus.
  
  
  • Knowledge of risk management principles and best practices.
  
  
  
  


• Soft Skills:
  
  
  
  • Excellent analytical and problem-solving skills.
  
  
  • Strong communication and interpersonal skills to collaborate effectively with various teams.
  
  
  • Ability to work independently and manage multiple projects simultaneously.
  
  
  
  

Preferred Qualifications:

• Relevant certifications (e.g., Certified Information Systems Auditor (CISA), Certified Compliance & Ethics Professional (CCEP), ISO 27001 Lead Implementer) are a plus.


• Experience with external audits and managing audit relationships.

Benefits:

• Competitive salary and performance-based bonuses.


• Comprehensive health and dental plans.


• Opportunities for professional development and growth.


• A dynamic and collaborative work environment.


• Opportunity to work on cutting-edge AI projects with a talented team.

If you feel you have the qualifications we are looking for and CXApp sounds like something you want to be part of, apply now. We can't promise it will be a fit, but we do promise to consider your experience. 

At CXApp, we celebrate diversity and are committed to creating an inclusive environment for all employees. We believe that diversity & inclusion among our teammates is critical to our success, and we seek to recruit, develop, and retain people from a diverse candidate pool. We welcome and encourage applications from people of all abilities. Accommodation is available on request for candidates taking part in all aspects of the selection process.

Note To Recruiters: The company does not accept unsolicited resumes or referrals from staffing vendors, placement agencies or other external parties seeking recruiting fees without a signed formal agreement.