Security & Compliance Specialist

Dovetail's mission is to improve the quality of every thing. We empower 85,000+ people, from agencies to universities to Fortune 100 companies, to make sense of their customer research in one collaborative and powerful research platform.

We’re all about sweating the details on delightful experiences, tackling ambitious challenges, and delivering customer value. We're growing rapidly and looking for a Security & Compliance Specialist to join our operations team and to take ownership of Dovetail’s security posture.

This is a highly cross functional role where you’ll be working across IT, Legal, Engineering and Revenue. We are looking for someone who’s excited by the opportunity to be part of establishing a security & compliance team from scratch, and tackling diverse technical & strategic challenges.

Who you’ll work closely with

Jan van der Kolk
IT Manager
Bradley Ayers
Co-founder / CTO
Bethany Lo Russo
Legal Counsel

What you’ll do

  • Step into the role of Dovetail’s Security Officer and HIPAA Security Officer. As Security Officer, you’ll be responsible for creating, maintaining, enforcing and approving security policies and procedures, leading various security initiatives (such as monitoring, vulnerability management, incident detection and response), and tracking and reducing security risk across our organization. As HIPAA Security Officer, you’ll also be responsible for approving or disapproving proposed activities that may require Dovetail to process protected health information.

  • Oversee compliance activities. You’ll help ensure we comply with applicable privacy laws, particularly in relation to data management and data breach processes. You’ll also oversee and manage our compliance with security standards like SOC2 and HIPAA (including conducting regular access reviews, risk assessments, and business continuity and disaster recovery testing), progress new compliance activities (like obtaining ISO 27001 compliance), and own the relationship with any vendors we engage to assist our compliance efforts or assess us against such standards.

  • Lead employee security awareness training. You’ll lead training on our security policies and procedures with employees when they start at Dovetail and annually thereafter. You’ll ensure that all employees are aware of their responsibilities with regard to personal information and protected health information.

  • Be an internal subject matter expert on our security posture. You’ll provide a wide range of subject matter expertise across privacy, security and data protection. This includes partnering closely with Revenue and Legal teams to support our high-touch sales motion by reviewing security requirements in customer contracts, providing guidance on customer queries about our security and data practices, and stepping in to speak on customer calls when needed. You’ll also support our self-serve sales motion by ensuring the security content on our help center stays up to date and relevant for our customers.

  • Take ownership of customer security reviews. You’ll support our Revenue and Legal teams and take ownership of any security reviews requested by our high-touch customers as part of their procurement processes. This includes reviewing, approving and maintaining the accuracy of of security questionnaire response library and managing the relationship with the third party vendors we engage to help us with this work.

  • Vendor procurement and management. You’ll play an important part in our vendor risk assessments at the procurement stage and throughout the lifecycle of our vendor relationships. As part of this, you’ll review and sign-off on vendor security documentation and manage and maintain security reports for critical vendors.

  • Collaborate cross-functionally. You’ll help bridge the divide between our Engineering, Legal, Security, Operations and Revenue teams by translating complex Security concepts to understandable concepts for stakeholders, and interpreting legal documents as they relate to these concepts.

  • Own our automated security and compliance platform, Vanta. You’ll own Vanta, the platform we use for automated security and compliance. You’ll ensure the platform is properly set up, and follow up on failing security tests. You’ll work together with the legal department to make sure our policies are up to date, and you will execute our periodic risk assessments.

Our company values, from the inside out

Watch video

Values cover image 2

Your background

  • Relevant industry experience. Ideally, you have worked in SaaS or a regulated industry (such as financial services) and have extensive experience in a similar role or roles. You have led or contributed to the creation, management or enforcement of internal security policies and programs.

  • Knowledge and awareness. You have a foundational knowledge of key security programs, such as SOC 2, ISO and HIPAA as well as a demonstrable familiarity with global privacy laws and regulations, including the GDPR (EU & UK), CCPA-CPRA, LGPD and the Australian Privacy Act. CIPP/E or CIPP/US certification is a plus!

  • Leadership qualities. You are comfortable influencing and educating an organization on the importance of implementing and maintaining privacy and security initiatives.

  • Cross-functional and commercially minded. You have an appreciation for commercial drivers, which informs a pragmatic and common sense approach to problem solving without sacrificing technical accuracy.

  • Subject matter expertise. You understand complex IT concepts (including networking and infrastructure) and can interpret and explain these concepts to non-technical internal stakeholders and customers.

  • Attention to detail. You are extremely detail-oriented, and understand the importance of technical accuracy when it comes to protecting the information assets of Dovetail and our customers.

  • Willingness to learn. You know that privacy, data and security practices are constantly evolving and you are eager to keep up with any developments and subsequently implement organizational change.

  • A great attitude to support others. A willingness to help other people, with an open attitude, will be essential to your success.

At Dovetail, we’re passionate about building and fostering an environment where every team member feels supported and valued. We celebrate individualism, welcoming everyone to show up as their authentic selves every day. It’s no secret that diversity builds the best teams, large or small, so we highly encourage applications from people who identify as part of an under-represented group. Please take a peek at Dovetail’s commitment to Program 50/50 and hear why we’re officially a Great Place to Work on our careers page for more info!

All roles
Sydney, Australia
Full time
Operations
Apply for this role

Benefits

Equity for everyone

No matter your role, we provide equity for all along with competitive salaries. See your investment grow as Dovetail grows.

Annual retreats

We aim to go away every year to celebrate achievements and have some fun as a team, from NZ to the Whitsundays.

Equal parental leave

We offer an inclusive framework of 20 weeks equal paid leave to support new parents.

Modern and pet friendly offices

Bring your pooch to our modern, ergonomic offices in the heart of Surry Hills, plus enjoy organized monthly events.

Flexible work life balance

Whether you're a parent, student, or juggling a million things, we get it. While we're an office-first culture, we work together to make your schedule work for you.

Develop and grow

Take a course, attend a lunch and learn, or head to a conference! We love to support you any way we can.

Extra paid days off

Enjoy ad-hoc KitKat days to take a step back and spend it however you like.

Health is wealth

Every Dovetailer has access to Uprise (Employee Assistance Program) for themselves as well as their families.

Apply for this role
Get started, free forever

Start free
A few of our customers

See more customers →
Atlassian
autodesk
canva
gitlab
glossier
shopify
universalmusic
vmware
Products

PlaybackMarkupBackstageEnterpriseIntegrationsPricing