Security GRC Lead

About The Position

Requirements

• A Bachelor's degree in a technical/security field or a non-technical degree with combination of governance, risk and compliance-related work experience
• At least 5-7+ years of experience in risk, compliance management or in an Information Security environment
• Knowledge of security controls frameworks such as ISO 27001/27002 and NIST 800-53
• Generally adept at picking up new technologies and experience working with a GRC tool
• Excellent interpersonal communication, teamwork and project management skills
• Strong written and verbal communication skills
• Strong sense of accountability with the ability to work independently with minimal direction and follow-up
• Demonstrated ability to perform process analysis and experience in documenting controls
• Proven analytical and troubleshooting skills
• A broad understanding of information security risk and controls
• Personal integrity, accountability, and the ability to take ownership of specific tasks and activities
• Able to foster a collaborative working relationship with multiple areas and complex business lines, globally and remotely

Responsibilities

• Manage audit engagements (e.g. SOX, ISO 27001, C5 PCI-DSS, SOC 2, HIPAA), the audit request lists and ensure requests are being fulfilled appropriately by stakeholder management
• Coordinate and collate required evidence for external and internal audit support
• Managing the control and process libraries, and assisting the business in implementing internal controls
• Contribute to meetings by preparing agendas, document meeting minutes, and help track the completion of follow up
• Lead junior staff to ensure critical tasks are completed on time and per requirements
• Lead Internal/External Audits as it relates to documenting or evidencing control management practices
• Lead/participate in Risk Assessments and documenting risks within the risk register, and identifying and documenting the risk treatment
• Assist the business to document, assess, and remediate any issues raised during audit examinations and risk assessments
• Assist in management of Sprinklr security standards and policies
• Update and maintain the GRC Confluence and share drives
• Assist with management of risks, controls and requests in the GRC tool
• other duties or tasks as assigned by management

Benefits

• voluntary healthcare coverage
• paid time off
• Mentoring Program
• 401k plan with 100% vested company contributions
• flexible paid time off
• holidays
• generous caregiver and parental leaves
• life and disability insurance
• health benefits including medical, dental, vision, and prescription drug coverage