Job Description Job Title: Security Analyst (Third Party Cyber Risk Management and Cyber Diligence) Location: Bangalore Position Type: Full-time Position Level: IC3 WHO WE ARE Xactly is a leader in Sales Performance Management Solutions and a part of Vista Equity Partners portfolio companies since 2017. The Xactly Intelligent Revenue Platform helps businesses improve go-to-market outcomes through increased collaboration, greater efficiencies, and connecting data from all critical functions of the revenue lifecycle on a single platform. Born in the cloud almost 20 years ago, Xactly provides customers with extensive experience in solving the most challenging problems customers of all sizes face, backed by almost 20 years of proprietary data and award-winning AI. Named among the best workplaces in the U.S. by Great Place to Work six times, honored on FORTUNE Magazine’s inaugural list of the 100 Best Workplaces for Millennials, and chosen as the “Market Leader in Incentive Compensation” by CRM magazine. We’re building a culture of success and are looking for motivated professionals to join us! THE TEAM At Xactly, we pride ourselves on building teams that are supportive, respectful, and laser-focused on our customers. We celebrate diversity and inclusivity, ensuring everyone feels valued and heard. As a Security analyst within the team, you’ll be at the forefront of safeguarding our digital ecosystem. As a Security Analyst with specific responsibility for TPCRM and customer cyber diligence you will have a direct impact on the safety and success of our global operations, and support our worldwide sales effort. You will collaborate with key stakeholders across the organization. You’ll collaborate with key stakeholders such as our Corporate IT team, which equips our workforce with the latest technology, and our dynamic technology team which drives innovation and maintains the infrastructure that delivers outstanding value to our customers. Your role will be crucial in ensuring strong identity hygiene across these teams, safeguarding our systems and ensuring they remain resilient and secure. Our colleagues are bright, driven engineers hailing from top-tier companies and universities, known for their swift execution and high-quality output. They rely on their leaders to eliminate obstacles and provide clear guidance, allowing them to continuously build and ship superior products efficiently. The Information Security team at Xactly is a group of skilled professionals specializing in Privacy, Risk, Threat and Vulnerability, Application Security, Third Party Cyber Risk and more. They will be your allies in creating and implementing security programs, building a vibrant team of passionate engineers and analysts, and defending our computing environment from malicious activities. THE OPPORTUNITY This is a unique opportunity to join Xactly’s cutting-edge Information Security team, based in India, where your contributions will directly shape the company’s security landscape and protect its global customers. As part of a close-knit, high-performing team, you will take on the critical responsibility of managing Third Party Cyber Risk Management (TPCRM) and customer cyber diligence, while collaborating on impactful initiatives that advance the broader security mission. In this role, you will be the frontline in safeguarding Xactly’s partnerships by integrating TPCRM into the procurement process, which is essential to the company’s security, privacy, and compliance efforts. Your work will involve collaborating with stakeholders across departments, providing crucial cybersecurity expertise, and continuously developing processes to support Xactly’s global operations. You will be trusted to own the management of inbound customer cyber diligence requests, ensuring they are completed to an exceptional standard within Service Level Objectives (SLOs). Your ability to manage expectations and set appropriate boundaries will be key as you navigate varied inquiries from customers, prospects, and internal staff. In addition to managing these requests, you will have the opportunity to join customer-facing calls to address complex security issues and help secure deals by building trust with customers. This role is special because it places you at the heart of Xactly’s security efforts and revenue growth, where you will influence how the company protects and secures its partnerships around the world. You will gain valuable cross-functional exposure, working closely with teams across the business, while playing a pivotal role in shaping Xactly’s security framework. Through this, you will have the chance to grow your expertise in cyber risk management and customer security diligence—two essential areas in today’s evolving cybersecurity landscape. Additionally, you will be a champion of security best practices, contributing to a culture where innovation and insight are not only valued but expected. At Xactly, we are looking for people who take initiative, solve problems creatively, and lead by example. In this role, you will have the opportunity to make a meaningful difference in how we protect our customers and their data. If you’re passionate about cybersecurity and eager to be part of a mission that blends technical challenge with real-world impact, this is your chance to take your career to the next level. Not only do we offer strong growth opportunities for top performers, but we also have a top-notch culture, benefits and more. Our strong C.A.R.E. values – Customer Focus, Accountability, Respect & Excellence – guide our every move, allowing us to be a leader in the incentive compensation & performance management market. We set the example with excellent customer experience and deliver an award winning SaaS (Software-as-a-Service) product! At Xactly, we believe everyone has a unique story to tell, and these small differences between us have a big impact. When bright, diverse minds come together, we’re challenged to think different ways, generate creative ideas, be more innovative, and take on new perspectives. Our customers come from different cultures and walks of life all around the world, and we believe our teams should reflect that to build strong and lasting relationships Join us and lead the charge in safeguarding our innovative solutions while nurturing a culture of security excellence! RESPONSIBILITIES Keep abreast of the latest cybersecurity trends, emerging threats, and evolving standards in third-party risk management, ensuring that Xactly’s practices remain ahead of the curve. Continuously evaluate and recommend enhancements to TPCRM tools and processes, ensuring that the team uses the most efficient and effective solutions for assessing vendor risks and managing customer cyber diligence. Conduct vendor security reviews, including sub-processors in support of the TPCRM process. Complete customer cyber diligence questionnaires and requests. Support sales with customer security issues. Collaborate with cross-functional teams to inform and educate on effective security controls, best practices. Monitor and enforce adherence to security policies, managing exceptions through established approval processes. Work to reduce organizational risk, work within the organization’s risk management process to identify and escalate risks to relevant business areas. Develop and manage key risk indicators, offering detailed analysis and commentary to ensure senior stakeholders have a clear understanding of security risk levels. THE SKILL SET: Proven ability to think critically and solve complex security issues in a fast-paced environment, demonstrating resilience and creativity in addressing challenges. Experience working with international teams and knowledge of regional security and privacy practices, supporting a globally distributed workforce or customer base. Minimum of 3 years of experience information security Knowledge and experience of cloud technologies and security technologies Knowledge of regulatory privacy regulations such as GDPR, CCPA, PIPEDA etc Experience of security and compliance standards; SOC 2, ISO 27001, NIST etc Excellent analytical skills with the ability to assess and prioritize Strong communication and interpersonal skills Bachelor’s degree in Information Technology, Computer Science, or a related field, or equivalent experience. Certifications (optional but encouraged): Industry-recognized certifications such as CISSP, CISM, CRISC, or CCSP, as well as specialized certifications in privacy or cloud security (e.g., CIPM, AWS Certified Security, Azure Security Engineer). ABOUT YOU: Passionate about security, with a keen interest in identity governance and management. Capable of conveying complex technical information, to stakeholders in a clear and understandable way Proactive problem-solver who enjoys working in a fast-paced, evolving environment. Capable of handling multiple priorities and meeting deadlines in a dynamic setting. Excellent attention to detail and organizational skills. Strong collaborator who can work cross-functionally and influence others Transparent in decision-making, with the ability to defend and communicate those decisions to both technical and non-technical stakeholders. A strong ability to quickly adapt to new technologies, regulatory changes, and evolving cybersecurity threats, coupled with a willingness to continuously learn. BENEFITS & PERKS Paid Time Off (PTO) Comprehensive Health and Accidental Insurance Coverage Tuition Reimbursement XactlyFit Gym/Fitness Program Reimbursement Free snacks onsite (if you work in office) Generous Employee Referral Program Free Parking and Subsidized Bus Pass (a go-green initiative!) Wellness program OUR VISION Unleashing human potential to maximize company performance. We address a critical business need: to incentivise employees and align their behaviours with company goals. OUR VALUES Customer Focus | Accountability | Respect | Excellence (CARE) are the keys to our success, and each day we’re committed to upholding them by delivering the best we can to our customers. Xactly is proud to be an Equal Opportunity Employer. We provide equal employment opportunities to all employees and applicants without regard to race, color, religion, sex, age, national origin, disability, veteran status, pregnancy, sexual orientation, or any other characteristic protected by law. We do not accept resumes from agencies, headhunters, or other suppliers who have not signed a formal agreement with us.