Information Security Analyst in Wedmore

Typeform is a refreshingly different form builder. We help over 150,000 businesses collect the data they need with forms, surveys, and quizzes that people enjoy. Designed to look striking and feel effortless to fill out, Typeform drives 500 million responses every year—and integrates with essential tools like Slack, Zapier, and Hubspot.

At Typeform, security isn’t just a requirement—it’s a core part of how we build trust with our customers. Our Information Security team plays a crucial role in ensuring our business operates securely, complies with industry standards, and supports our teams across the organization. As we scale, we’re expanding our InfoSec team to enhance our security posture, maintain compliance, and support business growth. You’ll be working closely with teams across Security, Sales, Customer Success, Legal, SRE, People, and Finance to ensure security remains a top priority in everything we do.

As an Information Security Analyst, you will help shape and execute our security and compliance strategy. You will support compliance frameworks such as ISO/IEC 27001, SOC 2, HIPAA, and GDPR, help manage risk, and ensure that security practices are embedded in our daily operations. You’ll have the opportunity to grow within the team, taking ownership of operational security work while contributing to strategic initiatives over time.

Things you will do:

• Support and manage Typeform’s compliance programs, including ISO, SOC 2, and HIPAA.
• Assist in third-party risk assessments, vendor security reviews, and customer security inquiries.
• Work closely with Vanta (our compliance automation platform) to manage security workflows and maintain compliance frameworks.
• Collaborate with GTM teams (Sales, CS, and Legal) to ensure security compliance in customer engagements.
• Monitor and support operational security processes, ensuring requests from internal teams are addressed efficiently.
• Track and report on security metrics, identifying opportunities for continuous improvement.
• Support internal audits and assessments to maintain and expand our compliance certifications.
• Work with cross-functional teams (R&D, IT, and People) to embed security best practices across the organization.

What you already bring to the table:

• Experience in information security, risk management, or compliance, preferably in a SaaS environment.
• Understanding of security frameworks such as ISO/IEC 27001, SOC 2, HIPAA, and GDPR.
• Experience with security compliance automation tools (e.g., Vanta, Drata, or similar platforms).
• Ability to work collaboratively with multiple teams, balancing compliance requirements with business needs.
• Strong problem-solving skills and attention to detail.
• Excellent communication skills with the ability to engage with stakeholders across different departments.
• Self-driven mindset with a desire to own and improve security operations over time.

Nice to Have:

• Previous experience in a SaaS or cloud-first organization.
• Understanding of security in cloud environments (AWS, GCP, Azure).
• Certifications such as CISA, CISSP, or ISO 27001 Lead Auditor/Implementer.
• Experience with third-party vendor risk management.
• Experience supporting sales and customer success teams with security-related requests.

We are proud to be an equal-opportunity employer. We celebrate diversity and stand firmly against discrimination and harassment of any kind—whether based on race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or expression, or veteran status. Everyone is welcome here.