Overview
As Director, Governance Risk and Compliance (GRC), you will be a hands-on people leaderresponsible for our security governance, risk, and compliance programs in a technology-drivenorganization. Partnering with our technology, business and legal teams, you will play a key rolein influencing the organization’s cybersecurity posture through assessing and driving remediationof security risks and ensuring compliance with relevant frameworks and contracts. Your technicalexpertise of security frameworks and understanding of cloud infrastructure will be crucial inensuring security posture aligns with industry best practices. This role offers the opportunity tomake strategic decisions, provide valuable recommendations, and collaborate with a broad groupof bright and energetic individuals throughout the company.
Responsibilities
• Drive adoption of relevant security compliance requirements through thorough analysisand prescriptive guidance• Define and lead security risk management process, leveraging automation and partneringwith stakeholders to perform hands-on risk assessments• Oversee the policies and standards lifecycle process to ensure they address all relevantcybersecurity requirements• Define and lead cybersecurity awareness programs including annual training, topicalawareness campaigns in partnership with corporate communications, and phishingsimulations• Proactively identify compliance gaps through continuous monitoring, working closelywith control owners to identify ways to effectively monitor compliance posture throughautomation• Oversee documentation and reporting identified security or compliance issues and workwith control owners on remediation requirements, strategy, and execution, providingrecommendations that can be reasonably adopted• Regularly monitor remediation activities for noted findings, and escalate on remediationplans that are at-risk of being overdue• Develop and maintain security reporting to provide real-time and on-demand compliancestatus• Maintain an up-to-date understanding of emerging trends in information security risks;apply new techniques and trends, in-line with overall information security objectives• Establish partnerships with cross-functional teams such as IT, Legal, HR and Privacy toensure they understand their roles when supporting the security GRC programs• Partner with the broader security team in establishing annual and long-term goals,objectives, metrics, and reporting mechanisms
Qualifications
• 7-10+ years of experience in technology audit, security risk management, and/or securitycompliance role, with at least 2-4 years implementing or auditing compliance with keycybersecurity standards (e.g., PCI DSS, ISO 27001, SOC2, etc.) in a cloud-firstenvironment• Experienced with cloud infrastructure technologies and services (e.g., AWS, GCP, Azure)as well as various enterprise SaaS solutions• Functional knowledge of multiple security domains and information security industrystandards and best practices• Experienced with the implementation and/or use of control automation and compliancetools• Effective in building relationships with organizational leaders and influencing seniormanagement• Excellent organizational skills, proactive and self-sufficient with a proven ability to workindependently to effectively prioritize and execute tasks• Drive, determination, and the ability to overcome roadblocks and initial objections• Strong project management skills• Ability to work collaboratively with multiple stakeholders across different backgroundsand skill sets• Strong written, verbal communication, and presentation skills.• BS/BA in a related field (e.g., Computer Science, MIS) desirable, or equivalent relevantexperience• Security-related or cloud-related certifications such as CISA, CISSP, AWS SolutionsArchitect, etc. is a plus
