• Lead MacStadium’s operational and strategic information security GRC efforts as defined by the GRC Service Catalog 
• Develop and guide implementation of control systems to support legal requirements, internal policies, and other relevant stakeholder interests 
• Conduct periodic internal reviews and/or audits against identified compliance targets Serve as lead contact for MacStadium’s internal and/or external compliance audit(s) efforts 
• Assess product, compliance, or operational risks and develop risk management strategies 
• Identify compliance issues and conduct or direct internal compliance investigations 
• Verify that systems/solutions are in place to adequately provide oversight and continuous monitoring in all required areas 
• Monitor compliance systems to ensure their effectiveness
• Identify and communicate with management regarding emerging compliance requirements
• Advise internal management or business partners on the implementation or operation of compliance programs
• Serve as a confidential point of contact for employees to communicate with management, seek clarification on issues or dilemmas, and report irregularities related to Governance, Risk and Compliance 
• Manage employee security awareness training efforts
• Prepare management reports regarding compliance operations from both a business unit and corporate perspective 
• Manage and fulfill vendor risk analyses in a timely manner 
• Manage content shared in the MacStadium Trust Center and related customer security inquiry processes 
• Manage customer security questionnaire response library

• Bachelor's degree in computer science, Information Security, Information Technology, Risk Management, Engineering, or related field required (experience and certifications may substitute for degree) 
• 5 years’ experience as a compliance officer, risk manager/analyst, or related position 
• Certified in Risk and Information Systems Control (CRISC), and/or Certified Information Systems Security Professional (CISSP) preferred
• Experience with compliance frameworks (e.g., ISO27001/27017/27018, SOC, GDPR or similar) 
• Proven success in the risk management and compliance field 
• Accountable to work independently with minimum supervision. 
• Previous experience with software tools like Safe Base, Loopio and Jira a plus 
• Previous experience with cloud infrastructure products and software development a plus 

• Problem solving/analysis
• Excellent verbal and written communication skills 
• Personal effectiveness/credibility 
• Time management 
• Presentation skills 
• Planning and execution 

• Day one benefits. Coverage starts on day one. We offer competitive medical insurance, health and dependent care spending accounts, health savings account, disability insurance, and company paid and voluntary life insurance. 
• Balanced life. We offer employees generous paid time-off policies, parental leave, holiday schedule, and a flexible work environment; MacStadium understands life also happens outside of work. Did we mention free company swag?
• Solid future. Beyond competitive salary and 401(k) matching, MacStadium offers continuing education, professional development, and wellness reimbursements.

___________________________________________________________________________________________________

MacStadium has a defined Information Security Policy and all employees are required to adhere to this policy and sign an acknowledgment and receipt of this policy upon hire.

All offers of employment are conditioned upon successful completion of a background screening process and all employees must comply with the immigration rules and laws in the jurisdiction in which he/she/they will provide MacStadium services.

MacStadium is an Equal Opportunity Employer. All applicants are considered without regard to race, color, ancestry, national origin, gender/gender identity, sexual orientation, marital and family status, religion and religious belief, age, disability, results of genetic information, and service in the military.

___________________________________________________________________________________________________

No agencies please.