Technical InfoSec Compliance Analyst

(Menlo Park, CA)

Facebook's mission is to give people the power to build community and bring the world closer together. Through our family of apps and services, we're building a different kind of company that connects billions of people around the world, gives them ways to share what matters most to them, and helps bring people closer together. Whether we're creating new products or helping a small business expand its reach, people at Facebook are builders at heart. Our global teams are constantly iterating, solving problems, and working together to empower people around the world to build community and connect in meaningful ways. Together, we can help people build stronger communities — we're just getting started.

Facebook is seeking an experienced Information Security Policy and Compliance Analyst to join the Information Security team. This position will be responsible for understanding and supporting the design of Facebook's organizational, procedural, and technological security controls within the context of the global regulatory frameworks applicable to our business. The position will also help implement, automate, maintain, and document controls while supporting and responding to inquiries from internal and external stakeholders. An ideal Information Security Policy and Technology Compliance Analyst is someone that has a passion for deepening their technical knowledge of the broad aspects of information security, not just checking the box, while working for a company that provides products and services to over a billion users. This role requires a broad mix of business and technical acumen coupled with polished communication and a strong desire to learn. This role is located at our headquarters in Menlo Park, CA.


  • Help demonstrate Facebook's commitment to security within the company and to external parties
  • Understand technical implementation details necessary to assess and design practical security controls
  • Participate in the development and oversight of required corrective action plans relating to security compliance issues
  • Support the identification, implementation, and maintenance of automated technical security controls required by various technical regulatory compliance frameworks
  • Identify, research, and evaluate new compliance requirements and present them to the team and business
  • Partner with team members and cross functional groups to ensure successful security programs align with compliance requirements
  • Understand the security needs of internal and external stakeholders, regulators, and auditors
  • Support security assessments, develop mitigation plans, and work with internal stakeholders to assign responsibility
  • Assist with responding to external requests inquiring about Facebook's Information Security program including activities like project management, evidence gathering, scoping, control implementation, etc.
  • Assist with daily technical security activities and functions such as assessing vendor security risks, provisioning and reviewing access, creating and maintaining security reports/dashboards, etc.

Minimum Qualifications

  • Passion for technology, information security, and how Facebook protects its over 1.5 billion users
  • Does not take a check the box mentality to security
  • Excellent communication and project management skills a must
  • Experience and passion for working with fragmented data to report meaningful metrics and identify actionable insights
  • Minimum 2 years experience leading and successfully delivering technology security assessments for highly distributed web applications
  • Strong understanding of most of the following common security compliance frameworks, controls, and best practices: AICPA Trust Principals (SSAE 16 - SOC 2 and 3), ISO 27000 Series, OWASP Top 10, PCI DSS, SANS CIS Critical Security Controls, regulations governing personally identifiable information (PII), and other applicable regulatory compliance frameworks
  • Experience working with security controls across all security domains such as access management, encryption methods, vulnerability management, network security, etc.
  • Demonstrated leadership skills with the ability to work independently and collaboratively across various levels
  • Strong desire to learn and deepen technical skills
  • Security consulting experience or related professional services/consulting background strongly preferred
  • Bachelors in computer science, computer engineering, or business technology strongly preferred
  • Experience with scripting languages, SQL, PHP, and web development strongly preferred
  • Certifications in one or more of the following areas preferred: CISSP, CISA, CISM, GISO, GCIH, CIPP

Meet Some of Facebook's Employees

Peipei Z.

Manager, Global Client Solutions

Peipei helps Facebook’s top clients devise solution-based and results-driven social media strategies. She creates strategic partnerships to help people and brands connect in a more meaningful way.

Cristina T.

Sr. Manager, WhatsApp Customer Support & Localization

Cristina manages the WhatsApp customer experience, translating the application into multiple languages and troubleshooting communication services worldwide.

Back to top