GRC Director

About The Position

Requirements

• Bachelor's Degree in Computer Science, IT or other relevant degree or equivalent work experience
• 7+ years of experience in Information Security and/or Data Privacy Compliance positions
• Practical, hands-on expertise implementing and managing Federal compliance frameworks such as FedRAMP, CMMC, etc.
• Deep expertise in common compliance standards, eg. ISO27001/270017/270018, SOC 2, NIST CSF
• Strong knowledge of the global data security regulatory environment
• Strong knowledge of global privacy regulations and requirements (eg. CCPA, GDPR, HIPAA, PIPEDA, UK DPA and Privacy Shield, and others)
• Highly skilled at making analytical risk-based decisions and recommendations
• Demonstrated ability to convey complex information in a clear and concise manner both verbally and in written form
• Demonstrated ability to engage directly with auditors and customers and address sensitive situations
• Demonstrated track record of managing a team of highly motivated, independent analysts/SMEs
• Experience with Objectives and Key Results (OKRs) and/or kanban principles

Nice To Haves

• Bonus points for hands-on, practical knowledge of PCI DSS

Responsibilities

• Proactively and consistently manage the Tanium’s mission critical compliance frameworks, including ISO 27001, SOC2 Type 2, FedRAMP, and other frameworks
• Develop, enhance, and operationalize security, risk and privacy policies as well as associated business processes to mitigate risk and comply with applicable laws and regulations
• Own and manage the Tanium’s risk quantification & management program
• Own and manage GRC’s role in responding to client audit and RFP/RFI requests in a timely and effective manner
• Own and implement a vision for GRC tactics and methods which scale with Tanium’s business needs and balance efficient execution with comprehensive and repeatable processes
• Manage, support and inspire a team of GRC professionals
• Oversee third party technical risk assessments and related audit activity
• Serve as a subject matter expert for information security risk management principles and practices
• Collaborate with executives and key stakeholders across Tanium to review projects, assess business critical systems and ensure compliance with compliance frameworks and data privacy laws
• As necessary, perform and advise on privacy impact assessments
• Perform internal technical risk assessments/audits
• Proactively assesses potential items of risk and opportunities
• Promote a culture of information security across all business units
• Understand the role of systems and technology within the firm and the value they deliver to the business
• Stay abreast of impending changes to compliance & regulatory frameworks to guide annual planning cycles

Benefits

• In addition to an annual base salary, team members will receive equity awards and a generous benefits package consisting of medical, dental and vision plan, family planning benefits, health savings account, flexible spending account, transportation savings account, 401(k) retirement savings plan with company match, life, accident and disability coverage, business travel accident insurance, employee assistance programs, disability insurance, and other well-being benefits.