Senior Manager, Risk & Compliance


Medallia was founded on a simple idea: that companies can win by putting the customer before everything else. Our cloud-based platform does this by capturing customer feedback, analyzing it in real-time, and then delivering it to everyone in a company — from the c-suite to the frontline — to help them improve. We’re now considered the leaders in a space we helped to create, we’re Sequoia backed, and we’re growing like crazy, doubling in size every 12 months. We’ve got a culture focused on smarts, kindness, continual learning, irreverence…and our people love it. Come find out why! 


The Security Risk and Compliance Specialist role is a key part of the Information Security Group and will be responsible for leading all risk and compliance related activities at Medallia. The role will be at the forefront of information security internally as well as lead the information security discussions with clients. This role has potential to significantly contribute to Medallia’s information security journey as we build and grow information security compliant to Medallia’s high standards, client requirements as well as a number of industry regulations.



  • Develop Information Security policies, standards and procedures in collaboration with various internal teams
  • Create a consolidated controls framework that fits the fast moving startup culture but also aligns with current and future compliance needs
  • Create client facing whitepapers and technical documentation on information security and compliance at Medallia
  • Primary lead for working with sales teams and responding to external audits, onsite security assessments and third party penetrating testing activities
  • Considering the rapid growth of Medallia, develop and implement a program to optimize the effort needed for responding to client security reviews, and develop solutions to scale the process globally
  • Work closely with Sales, Marketing, Product Management and General Counsel Team to ensure appropriate security and privacy verbiage is included in contracts
  • Lead the security awareness and training program across the enterprise
  • Develop employee facing technical documentation, internal wiki pages, periodic security oriented communication to spread awareness about Information Security policies and standards
  • Manage and maintain external and internal web portals for Medallia Information Security
  • Work with the larger information security team to conduct security workshops, periodic hackathons and security bug bounty programs
  • Responsible for performing SSAE16/SOC2 compliance activities
  • Work with teams across Medallia, to validate security controls are implemented and drive remediation of missing controls to achieve compliance



  • Minimum 5+ years of experience in information security, compliance and/or risk management
  • Experience creating consolidated policies and controls framework
  • Knowledge of privacy and compliance regulations PCI, ISO 27002, SOC 2, HIPAA, Safe Harbor, GLBA, EU DPA, GAPP
  • Excellent written and oral communication skills with an ability to effectively communicate security topics to a variety of audiences
  • Experience responding to and performing vendor security assessments
  • Experience with contract negotiations and ability to work with legal and sales teams

Meet Some of Medallia's Employees

Natalie N.

Sales Development Representative

Natalie works on the Inside Sales Team to find new customers interested in partnering with Medallia. She helps these partners improve customer experience at their respective companies.

Tung V.

Senior Director, Engineering

Tung manages two teams of Medallia engineers. He works to deliver rapid solutions to solve real customer needs—from innovative data visualization to special security features.

Back to top