87 491
8 234
At Asana, security is foundational to our mission of helping teams work together effortlessly. Our security team protects Asana’s employees, users, and customers by proactively addressing threats, ensuring compliance with legal and regulatory requirements, and fostering a culture of security throughout our product and operations. We are a team of security engineers and risk and compliance practitioners who build innovative safeguards and collaborate across the organization to build and maintain trust at scale.
As the Security Risk and Compliance Lead at Asana, you’ll play a critical and high-impact role in building and maintaining trust with Asana’s global customers. You will lead and continuously improve our vendor risk assessment and security risk management programs, ensuring we maintain a strong security posture and meet both compliance requirements and customer expectations.
This is a highly cross-functional role where you’ll partner closely with Legal, Privacy, Finance, R&D, and other key stakeholders. We offer a Contract of Employment (UoP) for our employees in Poland.
Vendor Risk Management: Own and operate Asana’s vendor risk management program, including performing due diligence for new vendors, ongoing monitoring and reporting, and reviewing vendor contracts for security and compliance requirements.
Security Risk Management: Support the execution of periodic assessments across the organization to identify, evaluate, and track risks—driving mitigation and treatment efforts with business and technical owners.
Assist in maintaining the central security risk register to promote and drive accountability across the organization.
Compliance Audit Support: Partner with internal teams to support annual compliance audits such as SOC 2 and ISO 27001, providing evidence and program documentation as needed.
Policy Management: Draft, update, and maintain security policies, standards, and procedures that align with evolving business needs and industry best practices.
Define, track, and report on key metrics that demonstrate program effectiveness and operational excellence—using insights from data to continuously refine and improve risk and compliance processes.
5+ years of experience in Governance Risk and Compliance, with a focus on risk assessments and risk management.
~ Demonstrated understanding of security compliance frameworks and audits (e.g., Experience with enterprise SaaS applications, cloud infrastructure, modern software engineering practices and tools, databases, operating systems, secure network design, and public cloud models such as AWS
~ Experience performing third-party vendor security reviews and due diligence processes
~ Proven ability to drive operational process improvements and develop metrics for tracking success.
~ Excellent communicator and influencer, with the ability to translate complex security and compliance requirements to both technical and non-technical stakeholders.
Contract of Employment (with 50% tax deductible costs for author’s rights usage for Engineers)
Home office setup budget
For this role, the estimated base salary range is between 22 000 - 28 000 PLN gross monthly on the contract of employment (UoP). Asana helps teams orchestrate their work, from small projects to strategic initiatives. With 11+ offices all over the world, we are always looking for individuals who care about building technology that drives positive change in the world and a culture where everyone feels that they belong.
Our goal is to ensure that Asana upholds an inclusive environment where all people feel that they are equally respected and valued, whether they are applying for an open position or working at the company. We provide equal employment opportunities to all applicants without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by law. We also comply with the San Francisco Fair Chance Ordinance and similar laws in other locations.
Our comprehensive compensation package plays a big part in how we recognize you for the impact you have on our path to achieving our mission.