• Perform operational tasks, such as handling high volume intake queues or labeling machine learning data, in a timely manner • Propose improvements for processes, workflows, product and policies • Support investigation efforts across a range of critical issues • Learn about email fraud attack strategies and patterns to prevent an event from occurring • Works on (a subset) Live Queue, POV data sets, ATO cases, VAC cases • Task work to help team grow, scale, and mature

Role Description So if wanting to do more, own more, and make a bigger impact comes naturally to you, then you may be the person we're looking for to join us in our next stage of growth. - Maintain a deep understanding of our platform and its supporting infrastructure and processes, as well as how our compliance obligations apply to that environment. - Provide responses to and maintain reference material for customer inquiries and due diligence procedures that involve technology compliance and participate in discussions for security and compliance assessments. - Continuously confirm and refine MNTN’s internal control framework and related documentation (e.g., policies, procedures, narratives, training material) and contribute to ongoing controls development and improvement. - Own evidence collection for our various audits, especially SOX and SOC2. Qualifications - 5+ years of security or compliance analysis, or assurance/advisory experience, including building controls in the technology space. - A thorough understanding of technical environments, and the ability to communicate with subject matter experts about technical and operational security controls. - Experience mapping and rationalizing controls to meet requirements across multiple information security/technology compliance standards (SOX, SOC2, ISO 27001, GDPR, IT General Controls). - Excellent written and verbal communication skills to communicate details of a security program to a wide spectrum of audiences, including customers. - Strong analytical skills and attention to detail. - Be flexible and can adapt to a changing environment. - Self-directed and take initiative on projects and tasks, and in identifying gaps related to security controls, with minimal day-to-day oversight/direction. - Knowledge of Amazon Web Services, Google Cloud Services and Container technologies. - CISA, CISM, CISSP, or related certification. - Experience using governance, risk management, and compliance (GRC) tools. Benefits - 100% remote within the US. - Flexible vacation policy. - Annual vacation allowance for travel related expenses. - Three-day weekend every month of the year. - Competitive compensation. - 100% healthcare coverage. - 401k plan. - Flexible Spending Account (FSA) for dependent, medical, and dental care. - Access to coaching, therapy, and professional development. Company Description MNTN provides advertising software for brands to reach their audience across Connected TV, web, and mobile. MNTN Performance TV has redefined what it means to advertise on television, transforming Connected TV into a direct-response, performance marketing channel. Our web retargeting has been leveraged by thousands of top brands for over a decade, driving billions of dollars in revenue. - Our solutions give advertisers total transparency and complete control over their campaigns all with the fastest go-live in the industry. - As a result, thousands of top brands have partnered with MNTN, including Tarte, Decked, and National University.

• Act as primary responder and technical specialist within a staff augmentation model • Focus on day-to-day monitoring, investigation, and refinement of a security stack centered on AWS/Azure, Rapid7, and Proofpoint • Provide deep-dive forensic analysis and proactive threat hunting • Ensure cloud infrastructure remains resilient against emerging threats • Mentor junior analysts in improving incident response workflows

Role Description Senior associates are primarily responsible for hands-on project execution. Experienced senior associates have, or are working towards, specialization in one or more service lines and are assigned to projects accordingly. Senior associates are assigned to a specific service delivery principal that is responsible for supervising the associate’s career development. Additionally, senior associate’s daily activities are closely supervised by the management teams of their assigned projects. Senior associates may supervise associates and/or senior associates when serving as a member of a project management team. There is no typical day for our SOC teams. While our lead focus is on SOC examinations, our clients also rely on us to perform multiple types of attestations similar to SOC across a variety of network, application, or cloud environments. The benefit of being exposed to so many different situations is that you are constantly building your knowledge base and skill set while keeping up with the latest technologies. Our teams are mostly remote (yet extremely collaborative) and work together to utilize their unique backgrounds and experience to provide the high level of quality service that our clients have come to expect. In addition to the hands-on knowledge you’ll develop with each project, Schellman also promotes a continuous learning environment. Team members are encouraged to attend at least one training event every year to build upon their skills and acquire new certifications. A Senior Associate will hold the following roles and responsibilities as part of their role: - Demonstrate proficiency in Schellman Methodology - Serve as a guide to Associates and peers through information sharing, support, and thought leadership. - Earn Schellman-approved certifications CCSK (minimum requirement for SD, ISO Lead Auditor, one of the following three – CCSP/CISA (CCSP may be accepted in place of the CISA), CISSP, AWS CCP, etc.), the ISO LA within second year in the role - Successfully run a project from fieldwork through completion including the following: - Demonstrate the ability to successfully complete all assigned testing, workpaper documentation, testing exception documentation, draft report creation, and management representation letter preparation - Understand and demonstrate ability to speak to Schellman's service lines at a high level and their leaders - Demonstrate proficiency of SOC 1 ITGCs and each Security, Availability, Processing Integrity, Confidentiality, and Privacy SOC 2 criteria - Demonstrate understanding of Principal Service Commitments and System Requirements (PSCRs) and how they impact scope of a SOC 2 - Demonstrate the ability to derive PSCRs through client documentation and interviews - Know all four report opinion outcomes and ability to draft modified opinions - Demonstrate ability to identify if exception(s) would potentially yield a qualified opinion - Demonstrate self-organization, consistently and proactively look ahead to future projects, and prepare accordingly - Accurately manage and report time worked to each project / initiative - Define a clear communication strategy with the project manager to ensure any testing delays, disclosures, etc. are discussed timely Qualifications - Working knowledge of Schellman’s services, methodology, and relevant professional standards - Requisite knowledge of applicable technology and security domains - High level of attention to detail and quality of work product - Client service oriented - Excellent time management, organizational, and verbal and written communication skills - Ability to work on-site or remotely as a valuable contributor to a collaborative team - Capable of simultaneously managing assigned tasks for multiple projects - Proficient using Microsoft Word, Excel, and PowerPoint, as well as Schellman’s service delivery applications - Full understanding and application of ethics, independence and Schellman’s values Requirements - Bachelor's degree in accounting, finance, business management, technology, or other relevant subject area, or equivalent years of experience directly related to the duties and responsibilities specified - 2+ years of related professional services experience in information security auditing, assessment, consulting or compliance, focused on ITGC or SOC controls - Ability to work well independently, within a team and with clients as well as travel ~40-50% (M-Th) - Maintains (preferred) or working towards obtaining at least one certification relevant to Schellman's services (i.e. CPA, CCSK or CISA) Benefits - Flexible and balanced environment with the opportunity to work remotely - Continuous education and training opportunities - Travel for in-person training, team meet-ups, and strategy meetings