Lead Principal - Governance Risk and Compliance

About This Team:

We are seeking a highly skilled and experienced GRC specialist to join our dynamic Governance, Risk and Compliance team. The GRC specialist will play a critical role in managing and enhancing our Governance, Risk, and Compliance (GRC) processes and frameworks. This role will involve assessing risk exposure, managing compliance with industry standards and regulations, and supporting internal and external audits. The ideal candidate will have deep knowledge of risk management, regulatory requirements, and security controls, as well as a strong track record of leading or supporting GRC programs.

Key Responsibilities:

• Governance & Risk Management:
• Develop, implement, and maintain governance, risk management, and compliance frameworks and policies aligned with industry best practices.
• Conduct regular risk assessments to identify, evaluate, and prioritize risks across the organization, ensuring timely mitigation actions are implemented.
• Lead risk reviews with business stakeholders and senior management to ensure risks are effectively managed and mitigated.
• Compliance & Regulatory Requirements:
• Ensure compliance with relevant industry standards and regulations, including but not limited to SOC 2, ISO 27001, PCI-DSS, HIPAA, IRAP, NIST, etc.
• Stay current with changes in regulatory landscapes and assist in interpreting how changes impact business operations and compliance requirements.
• Develop and maintain documentation of compliance processes, procedures, and controls.
• Internal & External Audits:
• Lead and support internal and external audit efforts, including coordination with auditors, preparing audit materials, and tracking findings and resolutions.
• Monitor remediation activities following audits to ensure any identified gaps are addressed in a timely manner.
• Control Assessment & Reporting:
• Prepare regular compliance and risk reports for senior leadership, highlighting key risk areas, trends, and performance against key compliance metrics.
• Ensure documentation is maintained for all key GRC activities, including risk registers, audit logs, and compliance status reports.
• Collaboration & Stakeholder Engagement:
• Work closely with cross-functional teams (e.g., IT, Legal, HR, Product) to ensure alignment on risk management and compliance initiatives.
• Provide training and guidance to team members and business stakeholders on GRC processes and best practices.
• Assist in the design and implementation of risk management strategies, including business continuity and incident response plans.
• Training
• Lead the annual information security training course design and implementation.
• Continuous Improvement:
• Continuously evaluate and improve the organization's GRC processes and tools, leveraging industry best practices, automation, and innovative solutions.
• Support the implementation of a GRC platform or enhance existing systems to streamline risk and compliance management.
• Customer Assurance
• Assist and lead multiple customer security audits.
• Respond to customers security questionnaire.
  

Required Qualifications:

• Masters’s degree in Business Administration, Information Technology, Risk Management, or a related field.
• 10 years of experience in GRC, risk management, and/or compliance, ideally in a technology-driven environment.
• Strong understanding of key compliance frameworks (e.g., SOC 2, ISO 27001, NIST, PCI-DSS, GDPR, HIPAA).
• Proven experience in managing and executing risk assessments, compliance audits, and control testing.
• In-depth knowledge of risk management principles, security controls, and industry regulations.
• Experience with GRC tools (e.g., Archer, MetricStream, LogicGate, or others) is a plus.
• Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), or other relevant certifications are highly preferred
  
  

Preferred Qualifications:

• Experience with cloud security compliance (e.g., AWS, Azure, Google Cloud).
• Experience with data privacy regulations (e.g., GDPR, CCPA).
  
  

Compensation may vary depending on your location, qualifications including job-related education, training, experience, licensure, and certification, that could result at a level outside of these ranges. Certain roles are eligible for additional rewards, including annual bonus, and sales incentives depending on the terms of the applicable plan and role as well as individual performance. NY generally ranges: $167,634-$251,452 CA generally ranges: $174,922-$262,384 All other locations fall under our General State range: $145,769-$218,653 Benefits may vary depending on the nature of your employment with Cloud Software Group and the country where you work. U.S. based employees are typically offered access to healthcare, life insurance and disability benefits, 401(k) plan and company match, among others. This requisition has no specific deadline for completion.

About Us:

Cloud Software Group is one of the world’s largest cloud solution providers, serving more than 100 million users around the globe. When you join Cloud Software Group, you are making a difference for real people, each of whom count on our suite of cloud-based products to get work done — from anywhere. Members of our team will tell you that we value passion for technology and the courage to take risks. Everyone is empowered to learn, dream, and build the future of work. We are on the brink of another Cambrian leap -- a moment of immense evolution and growth. And we need your expertise and experience to do it. Now is the perfect time to move your skills to the cloud.

Cloud Software Group is firmly committed to Equal Employment Opportunity (EEO) and to compliance with all federal, state and local laws that prohibit employment discrimination. All qualified applicants will receive consideration for employment without regard to age, race, color, creed, sex or gender, sexual orientation, gender identity, gender expression, ethnicity, national origin, ancestry, citizenship, religion, genetic carrier status, disability, pregnancy, childbirth or related medical conditions (including lactation status), marital status, military service, protected veteran status, political activity or affiliation, taking or requesting statutorily protected leave and other protected classifications.

Cloud Software Group will consider qualified applicants with a criminal history and conduct the recruiting process in accordance with the California Fair Chance Act, Los Angeles County Fair Chance Ordinance for Employers and San Diego Fair Chance Ordinance. For access to the laws see the following links: California FCA and Los Angeles FCO.

If you need a reasonable accommodation due to a disability during any part of the application process, please contact us at (800) 424-8749, HR directly via (954) 229-6896 or email at AskHR@cloud.com for assistance.