Manager, InfoSec Governance Risk and Compliance (GRC)

About The Position

Requirements

• At least 7+ years of proven experience leading GRC programs and managing compliance certifications and audits (FedRAMP, ISO 27001, HIPAA, SOC1/SOC2, PCI DSS, IRAP, etc.).
• At least 3+ years experience as a direct leader, managing a team. The position will be part of an established global team with opportunity to grow the team
• Strong knowledge of security frameworks such as NIST SP 800-53, NIST 800-171, ITAR, PCI DSS, SOC2, and FedRAMP.
• Demonstrated ability to manage and influence stakeholders across multiple departments and time zones.
• Excellent project management, analytical, and problem-solving skills with keen attention to detail.
• Strong interpersonal and communication skills, capable of building trust and managing conflicts effectively.
• Self-motivated with a high degree of initiative and ability to work independently.
• Ability to handle multiple competing priorities and deadlines efficiently.
• Bachelor’s degree in related field preferred or equivalent experience with proven skills
• Excellent interpersonal, communication, and organizational skills.
• Team player with the ability to interface effectively with a broad range of individuals and roles, including IT and vendors.
• High degree of initiative, dependable, and able to work well with limited supervision.

Responsibilities

• Lead and own the Governance, Risk, and Compliance (GRC) program globally, managing and developing a high-performing team.
• Manage and drive compliance efforts and audits for certifications such as FedRAMP, IRAP, ISO 27001, HIPAA, SOC1/SOC2, PCI DSS, and others.
• Serve as the subject matter expert (SME) on security frameworks and standards including NIST SP 800-53 Rev 5, NIST 800-171, ITAR, FedRAMP, PCI DSS, SOC2, etc., providing guidance to internal stakeholders.
• Efficiently manage and respond to customer security audit and compliance requests in a timely manner.
• Maintain continuous compliance and monitoring of security controls to ensure ongoing adherence to standards.
• Collaborate closely with Sales, Marketing, and Customer Success teams to effectively communicate Ivalua’s security posture to prospects and customers.
• Review and negotiate information security exhibits and contractual terms in partnership with the legal team.
• Lead the Security Awareness and Training program to promote a culture of security across the organization.
• Track, manage, and drive remediation efforts for control deficiencies and gaps identified through internal and external audits.
• Oversee the Third Party Risk and Vendor Security Assessment program to mitigate supply chain risks.
• Develop, maintain, and enforce InfoSec policies, standards, and plans.

Benefits

• Hybrid working model (3 days in the office per week)
• Sustainable Growth, Privately Held A stable and cash-flow positive Company since 10 years
• Snacks and weekly lunches in the office
• Feel empowered to pursue your goals with improved team collaboration and increased creativity/productivity
• Unlock and unleash your full professional potential with our exceptional training and career development program
• Join a dynamic and international team of top-notch professionals who are experts in their respective fields.
• Collaborate with like-minded individuals who are deeply passionate and highly motivated about their work.
• Experience a truly diverse and inclusive work environment where your unique contributions are highly valued
• Regular social events, competitive outings, team running events, and musical activities,
• Ivalua also offers exceptional benefits including medical, dental, vision and transportation.