Risk & Compliance Engineer

Our Security teams support the unwritten fourth tenet of Slack’s mission: make people’s working lives more secure. We’re serious about protecting our infrastructure, operations, and most importantly, our customers’ data. We take a systemic approach to security, and strive to ensure we provide low friction high-impact security across everything we do.

As a member of the Risk & Compliance Team, you understand that building user trust is critical to Slack’s success. You are passionate about privacy and maintaining customer confidence. You get excited about learning new legal policy frameworks, building processes to address new regulatory and compliance requirements, and jump at the chance to use your technical knowledge to answer customer questions. Your work directly impacts the way millions of users, teams and businesses get things done.


  • Develop various regulatory and compliance attestation and/or certification programs
  • Develop and raise awareness of internal security policies and practices
  • Develop and maintain the following components of an information security program:
    • IT Risk methodology & processes, risk assessments and treatment plans
    • Compliance documentation, compliance check calendar, compliance check program
    • Security Training & Awareness Program
    • Issues & corrective action plans
    • Risk and Compliance metrics program, dashboard & reporting
  • Work with the Accounts and Customer Experience teams to translate and transform informal practices into attestable practices and policies
  • Support customer inquiries about Slack’s compliance and regulatory programs
  • Partner with legal and policy counterparts in all aspects of your work
  • Develop and organize internal security, compliance, and policy resources (e.g., policy documentation, tools, protocols)  


  • Extensive professional experience in addressing technical policy, compliance and regulatory issues
  • Experience implementing, participating in or conducting technical assessments of compliance programs (e.g.: SOC 2, FedRAMP, ISO 27001, HIPAA, PCI DSS, FINRA, etc.)
  • Ability to work independently, communicating across multiple time zones
  • Experience working with a broad array of cross-functional stakeholders
  • Familiar with generally-accepted security methods, concepts and techniques
  • Possess a general understanding of underlying Slack infrastructure including AWS, LAMP, Chef, JAMF, ELK, etc.
  • Excellent communicator with great interpersonal and presentation skills, as well as the ability to write well and translate complex issues into simple language that people who are not experts can understand
  • Experience interacting directly with both enterprise and small business customers

Bonus Points

  • Bachelor’s degree in computer science or equivalent educational or professional experience and/or qualifications
  • 3+ years of information security experience
  • 3+ years of experience with information technology audits and assessments
  • Excellent time management and related organizational skills

Back to top