Full Job Description
Job Description –
You will be part of an energetic and dynamic team of information security, privacy, risk, compliance, and IT professionals supporting a global business and customer base. You will provide the glue that binds our fast-paced software development and SaaS business to our compliance, privacy and risk reduction requirements. You will work closely with multiple groups including Engineering, DevOps, Legal, Finance, HR, and Sales to assess risks and to develop sound security policy and implement the controls necessary to satisfy external audit requirements and our own internal continuous auditing business objectives. Our ideal candidate takes an extremely pragmatic approach to GRC and is able to balance the needs of a very dynamic engineering culture with that of protecting the company and our customer’s data.
What you need:
Strong initiative, drive and self-direction
Comfort with change and a fast-paced environment
Relentless attention to detail
Ability to influence and persuade
Ability to adapt quickly to new technologies and changing regulatory landscape
Key Responsibilities:
Participate in GRC team efforts to plan, design, implement, and maintain Governance, Risk and Compliance capabilities and their supporting elements
Execute IT and application risks assessments, including: planning, context definition, identification, analysis, evaluation, treatment, communication, and monitoring risks
Consult and assist to risk and control owners in the planning, design, implementation, operation, maintenance & remediation of control activities and other supporting requirements (e.g. policies, standards, processes, system configurations, etc.) as appropriate
Assist and advance the business’s compliance accreditations such as ISO 27001 and SOC 2
Assist with the creation and maintenance of corporate and IT policies, standards, procedures, and guidelines
Perform third-party risk assessments, track remediation and compliance
Develop, test, and review business continuity and disaster recovery plans
Respond to customer security questionnaires and attestation requests
Develop strategies to address awareness and training for all stakeholders
Support the Incident Response teams creating and maintaining policies, plans, processes and procedures, training, testing, and monitoring, identifying and documenting lessons learned, and improving the program
Work with key business units to drive the adoption, design, implementation, operation, and remediation of control activities and other supporting requirements like policies, standards, processes, system configurations and reporting
We would like to talk with you if you possess:
Bachelor’s degree with at least 5+ years of prior experience in IT security, information security, governance, risk and compliance in a SaaS environment.
Deep understanding of risk assessment frameworks, IT risk assessments, enterprise risk assessments, and risk calculation and reporting.
Previous experience developing and testing business continuity and disaster recovery plans.
Experience running third-party risk assessments and understanding of SIG and CAIQ questionnaires
Experience with controls definition, design, implementation, and assessment
Familiarity with incident response and handling
Previous exposure to security standards such as ISO 27001/2, NIST 800-53 and 800-171
Ability to manage complex local and international security requirements
Experience using GRC tools is preferred
GRCP, CISSP, CCSP, CCSK, CISA, CISM, CRISK, or other relevant certification is preferred, or ability and willingness to achieve one after hire