Qualifications

• We're looking for a self-motivated individual who thrives in fast-paced environments, can seamlessly drive efforts with multiple stakeholders to accomplish bold things, has demonstrable experience in GRC and is comfortable working across the breadth and depth of a large, multi-cloud security compliance program
• Minimum 5 years of experience in security governance, risk management, compliance, audit, internal controls, or other security related areas and a minimum of 7-10 years of total work experience
• Knowledge of multiple regulatory compliance frameworks (NIST CSF, ISO27001, SOC, GxP, GMP etc.)

• Deep understanding of frameworks, attestations and certifications
• Considerable hands on experience with various compliance, preferably for a service provider and/or merchant
• Ability to prioritize and track multiple projects in parallel
• Ability to work effectively with a wide range of individuals including developers, systems administrators, executives, customers, regulators, auditors, etc
• Comfortable working with both deeply technical and non-technical audiences

• Experience in security related analysis, creating metrics and dashboards and summarizing large data sets
• Experience in Managing modern compliance tools like Drata
• Previous experience as a Qualified Security Assessor (QSA) or Internal Security Assessor (ISA)

Responsibilities 

• Help company successfully achieve various required compliances.
• Maintain Drata compliance management system
• Maintain & monitor compliance with the information security policies and procedures

• Proactively manage the company’s ISO 27001 Information Security Management System ensuring continual compliance and ongoing eligibility for annual recertification
• Recommend changes/enhancements to the company’s policies/procedures based upon the evolving landscape
• Develop and manage the firm's vendor risk quantification & management program
• Manage & improve process to respond to client audit and related requests in a timely manner
• Oversee third party technical risk assessments and related audit activity

• Serve as a subject matter expert for information security risk management principles and practices.
• Perform internal technical risk assessments/audits
• Produce and maintain information security documentation including, but not limited to policies, procedures, standards, guidelines and diagrams
• Proactively assesses potential items of risk and opportunities
• Promote a culture of information security across all business units

• Understand the role of systems and technology within the firm and the value they deliver to the business
• Oversee readiness for external audits