Security Risk and Compliance Lead
At Asana, security is foundational to our mission of helping teams work together effortlessly. Our security team protects Asana’s employees, users, and customers by proactively addressing threats, ensuring compliance with legal and regulatory requirements, and fostering a culture of security throughout our product and operations. We are a team of security engineers and risk and compliance practitioners who build innovative safeguards and collaborate across the organization to build and maintain trust at scale.
As the Security Risk and Compliance Lead at Asana, you’ll play a critical and high-impact role in building and maintaining trust with Asana’s global customers. You will lead and continuously improve our vendor risk assessment and security risk management programs, ensuring we maintain a strong security posture and meet both compliance requirements and customer expectations.
This is a highly cross-functional role where you’ll partner closely with Legal, Privacy, Finance, R&D, and other key stakeholders. You’ll help evolve our programs with a strategic, risk-based mindset—balancing operational excellence with agility as we grow and scale.
This role is based in our Warsaw office with an office-centric hybrid schedule - in-office days are Monday, Tuesday, and Thursday.
We offer a Contract of Employment (UoP) for our employees in Poland.
What you’ll achieve
- Vendor Risk Management: Own and operate Asana’s vendor risk management program, including performing due diligence for new vendors, ongoing monitoring and reporting, and reviewing vendor contracts for security and compliance requirements.
- Security Risk Management: Support the execution of periodic assessments across the organization to identify, evaluate, and track risks—driving mitigation and treatment efforts with business and technical owners.
- Risk Register Maintenance: Assist in maintaining the central security risk register to promote and drive accountability across the organization.
- Compliance Audit Support: Partner with internal teams to support annual compliance audits such as SOC 2 and ISO 27001, providing evidence and program documentation as needed.
- Policy Management: Draft, update, and maintain security policies, standards, and procedures that align with evolving business needs and industry best practices.
- Metrics: Define, track, and report on key metrics that demonstrate program effectiveness and operational excellence—using insights from data to continuously refine and improve risk and compliance processes.
About you
- 5+ years of experience in Governance Risk and Compliance, with a focus on risk assessments and risk management.
- Demonstrated understanding of security compliance frameworks and audits (e.g., SOC 2, ISO 27001, PCI DSS, NIST, HIPAA, FedRAMP, etc.).
- Experience with enterprise SaaS applications, cloud infrastructure, modern software engineering practices and tools, databases, operating systems, secure network design, and public cloud models such as AWS
- Experience performing third-party vendor security reviews and due diligence processes
- Proven ability to drive operational process improvements and develop metrics for tracking success.
- Excellent communicator and influencer, with the ability to translate complex security and compliance requirements to both technical and non-technical stakeholders.
At Asana, we're committed to building teams that include a variety of backgrounds, perspectives, and skills, as this is critical to helping us achieve our mission. If you're interested in this role and don't meet every listed requirement, we still encourage you to apply.
What we offer
- Generous, transparent and fair compensation system (base salary and generous Restricted Stock Unit for Asana Inc.)
- Contract of Employment (with 50% tax deductible costs for author’s rights usage for Engineers)
- Health insurance with dental and travel coverage (Lux Med)
- Lunch catering on the days that you work from the office
- Career growth budget
- Home office setup budget
- Gym/Fitness reimbursement
- Fertility healthcare and family-forming support with Carrot
- Mental health support in Modern Health
- Group life insurance
- MacBooks with all necessary accessories
For this role, the estimated base salary range is between 22 000 - 28 000 PLN gross monthly on the contract of employment (UoP). The actual base salary will vary based on various factors and individual qualifications objectively assessed during the interview process. The listed range above is a guideline, and the base compensation range for this role may be modified.
Our total compensation consists of base salary and equity (RSUs).
About us
Asana helps teams orchestrate their work, from small projects to strategic initiatives. Millions of teams around the world rely on Asana to achieve their most important goals, faster. Asana has been named a Top 10 Best Workplace for 5 years in a row, is Fortune's #1 Best Workplace in the Bay Area, and one of Glassdoor’s and Inc.’s Best Places to Work. After spending more than a year physically distanced, Team Asana is safely and mindfully returning to in-person collaboration, incorporating flexibility that adds hybrid elements to our office-centric culture. With 11+ offices all over the world, we are always looking for individuals who care about building technology that drives positive change in the world and a culture where everyone feels that they belong.
We believe in supporting people to do their best work and thrive, and building a diverse, equitable, and inclusive company is core to our mission. Our goal is to ensure that Asana upholds an inclusive environment where all people feel that they are equally respected and valued, whether they are applying for an open position or working at the company. We provide equal employment opportunities to all applicants without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by law. We also comply with the San Francisco Fair Chance Ordinance and similar laws in other locations.
Our comprehensive compensation package plays a big part in how we recognize you for the impact you have on our path to achieving our mission. We believe that compensation should be reflective of the value you create relative to the market value of your role. To ensure pay is fair and not impacted by biases, we're committed to looking at market value which is why we check ourselves and conduct a yearly pay equity audit.
#LI-Hybrid
Average salary estimate
If an employer mentions a salary or salary range on their job, we display it as an "Employer Estimate". If a job has no salary data, Rise displays an estimate if available.
At Asana, we're on a mission to help teams work together effortlessly, and security is at the heart of everything we do. If you're an expert in risk and compliance and want to make a significant impact, we invite you to join our team as the Security Risk and Compliance Lead in our vibrant Warsaw office! In this pivotal role, you'll not only oversee our vendor risk management program but also enhance our security risk management strategies. You'll work closely with various teams, including Legal, Privacy, and Finance, fostering a culture of security by proactively addressing potential threats and ensuring compliance with regulations. We believe in balancing operational excellence with agility, so your strategic approach will be essential to our success as we grow and scale. You’ll play a critical role in ensuring that Asana maintains a robust security posture while meeting customer expectations. You’ll collaborate with diverse stakeholders to evolve our programs and translate complex compliance requirements into understandable processes. With a hybrid work schedule offering flexibility, we value the health and well-being of our employees and provide generous benefits. If you’re excited about the opportunity to lead in security risk and compliance at Asana, we’d love to hear from you!
Join Asana's People Team as a People Systems Leader and shape the future of HR technology within a global organization.
Lead Asana's Communications Integrations team as an Engineering Manager, driving innovative software solutions for enhanced user collaboration.
Bitstamp seeks a Senior Information Security Officer to lead security compliance and operational resilience efforts in a remote work environment.
We are looking for a Senior Systems Analyst at Sonata Software to drive the development of transformative business technology solutions.
Become a vital part of GDIT's mission as a Systems Engineer, providing tailored technology solutions to enhance safety and efficiency for our clients.
Lead American Express's Information Security initiatives as a Technology Exam and Findings Management Manager, where your impact shapes the future of security compliance.
Join MUFG as an Infrastructure Technical Delivery and Support Engineer to impact the future of financial services through innovative Infrastructure solutions.
Seeking a skilled IT Software Developer to enhance web applications within a global life sciences leader committed to sustainability and diversity.
Join our team as an AWS Consultant specializing in API development, and contribute to creating secure and efficient solutions within the AWS ecosystem.
Join ENS Solutions as an Information Systems Security Engineer, focusing on cybersecurity within the Intelligence Community.
Asana is a software development company offering a collaborative work management platform. The company is headquartered San Francisco, California and we are committed to enabling the world's teams to work together effortlessly.
51 jobs
Subscribe to Rise newsletter
🔮
Hi, I'm Risa! Your AI Career Copilot
you, just ask me below!
Sign up for our weekly
newsletter of fresh jobs
