Senior GRC

About The Position

Requirements

• 5+ years of experience in governance, risk management, and compliance roles in SaaS environment using Cloud Technologies
• Must have successful completion of a SOC2 Type 2 audit for a company providing SaaS on AWS, GCP, Mobile &/or IoT solutions
• Must have strong knowledge of regulatory requirements and industry standards (e.g., SOC2, ISO 27001, PCI, GDPR,IRAP).
• Experience auditing and applying control processes to networks and applications
• Knowledge of compliance regulations (GDPR, CCPA, etc.) and security frameworks (ISO27001, NIST, SOC2)
• Experience developing corporate security policies, standards, and procedures
• Experience with security and risk management
• Ability to apply knowledge by reading and interpreting regulations to formulate real world controls
• Understanding of cloud environments (GCP, AWS, Azure)
• Strong teamwork and collaboration skills with the ability to work across multiple business units (Engineering, HR, Legal, etc.) with multiple stakeholders to drive remediation of security gaps
• Strong facilitation and presentation skills and experience influencing and presenting at all levels including Senior business executives.
• Excellent written and verbal communication skills
• Strong critical thinking/problem solving skills

Nice To Haves

• Previous consulting, legal, and audit experience is a plus
• Experience in vendor management is a plus
• Understanding of solution delivery lifecycle and architecture is a plus
• Industry recognized certifications in security is a plus (CRISC, GRCP, CGEIT, ITIL, CISSP, CISM, CISA)

Responsibilities

• Establish and maintain Exabeam’s governance, risk, compliance, and security awareness programs
• Work with key stakeholders to ensure compliance with various regulations, such as the Global Data Protection Regulation (GDPR)
• Maintain or develop Exabeam’s various compliance certifications, such as TRUSTe, Privacy Shield, SOC2, ISO27001, FedRamp, HIPAA, PCI, and CCPA
• Develop and maintain corporate policies, standards, and procedures in alignment with ISO27001, NIST, and SOC2 frameworks and controls
• Ensure business units are in compliance with all policies, standards, and procedures
• Prioritize and drive remediation of security gaps; across all departments
• Monitor and report on the compliance and risk landscape of the company
• Liaison for completion of third-party risk questionnaires, contracts, and management of our response database
• Work closely with other team members in completing cross functional projects and ensuring that other teams are accountable to governance, risk, and compliance regulations
• Define security strategies, metrics, reporting mechanisms and program services; and create maturity models and a roadmap for continual program improvements
• Create and manage the education and awareness programs; content, delivery, compliance, phishing and other testing, etc.
• Provide leadership, direction and guidance in assessing and evaluating information security risks and monitor compliance with security standards and appropriate policies
• Participate in risk remediation efforts across business units
• Manage vendors and third party risk
• Establish processes to review implementation of new technologies to ensure security compliance

Benefits

• Extensive medical, dental and vision coverage to meet your healthcare needs and employer Health Savings Account contribution to help pay for health expenses now or in the future
• Generous 401(k) employer match to help you save for your future
• Paid Time off including “take what you need” flex time, volunteer day of service, your birthday, parental leave, holidays and more
• Widespread learning center for career planning and skill development to grow your career
• A culture of passionate, diverse, committed professionals