ButterflyMX is hiring a
Cybersecurity GRC Manager

Summary

ButterflyMX is seeking an experienced Compliance Manager to oversee their Governance, Risk, and Compliance (GRC) programs. The role involves managing daily compliance operations, conducting assessments and audits, identifying and mitigating risks, developing policies, delivering training, incident management, reporting, collaboration with various departments, and continuous improvement of the GRC framework.

Requirements

• 5+ years of experience in governance, risk management, and compliance roles in a startup company using Cloud Technologies
• Successful completion of a SOC2 Type 2 audit for a startup company providing SaaS on AWS, Mobile &/or IoT solutions
• Strong knowledge of regulatory requirements and industry standards (e.g., SOC2, ISO 27001, SOX, GDPR)
• Experienced managing GRC with a modern tech stack including AWS, Google Workspace, Github, JIRA, Windows, Linux, Kubernetes, Terraform
• Proven experience in developing and implementing GRC frameworks and programs
• Analytical mindset with the ability to assess and prioritize risks
• Excellent communication skills, with the ability to influence and educate stakeholders at all levels of the organization
• Proactive and strategic thinker with strong problem-solving skills
• Certifications: Relevant certifications such as CISSP, CISA, CISM
• Experience with GRC tools and platforms such as Drata, Vanta or something similar
• Experience Managing Third Party Risk

Responsibilities

• Oversee compliance programs to ensure adherence to relevant laws, regulations, and industry standards
• Manage internal and external audits, and ensure findings are addressed
• Identify, assess, and prioritize risks to the organization, and implement risk mitigation strategies across all business units
• Develop and maintain governance frameworks that support business objectives while ensuring compliance with internal policies and external regulations
• Create, update, and enforce policies and procedures related to governance, risk, and compliance to maintain a robust control environment
• Develop and deliver training programs to educate employees on GRC principles, policies, and best practices
• Lead the response to compliance-related incidents, including investigations, remediation, and reporting
• Prepare regular reports for senior management and the board on the status of GRC initiatives, risk assessments, and compliance audits
• Work closely with legal, finance, IT, and other departments to integrate GRC practices into all aspects of the business
• Continuously monitor and improve the GRC framework to adapt to changes in the business environment, regulations, and emerging risks

Preferred Qualifications

Implementation of Cyber Risk Quantification Program

Benefits

• Comprehensive Medical (ButterflyMX covers 90% of the cost) starting day 1
• Dental and Vision plans (ButterflyMX covers 100% of the cost) starting day 1
• 401(k) plan with a match
• 13 paid holidays and 25 days of PTO
• Paid Family Leave
• Employee Assistance Program
• Quarterly self-care stipends
• HealthAdvocacy Program
• Access to optional benefits, including pre-tax flexible healthcare spending accounts (FSA and HSA), Dependent Care FSA, and Commuter Benefits, as well as optional Supplemental Life, AD&D, Hospital Indemnity, Disability, Legal, Accident, Critical Illness, Pet, and Personal Liability Insurance
• Collaborative, dynamic work environment filled with kind, intelligent people who are working hard on an industry-defining product