GRC Leader

Summary

Join GoodLeap's security team as the GRC (Governance, Risk, and Compliance) team lead. Shape the security vision for compliance, governance, and privacy, driving innovation across processes, technology, and people. You will work with diverse technologies and processes, implement predictive compliance controls, and automate privacy processes. Responsibilities include managing compliance programs (SOC2, CCRA, GDPR, ISO27001, SOX-404), partnering with finance and legal teams, leading audits, and building a GRC team. This role requires extensive GRC, audit, and security experience, strong communication skills, and a deep understanding of technology control frameworks. A competitive salary, bonus, and equity are offered.

Requirements

• Strong communicator that can lead both technical and operational/business discussions and help drive technical, governance, and compliance decisions
• At least 8 years of proven experience in the GRC, internal audit, security, and/or privacy space, with significant experience in performing, running, and executing audits, certification programs, and control assessments, including but not limited to, scope planning, defining control procedures based on requirements, policies and standards, control testing, and mapping issues to risks and socializing results
• Ability to establish credibility and build trust across the organization, particularly with engineers, product managers, and G&A functions; you are confident, without being arrogant
• Hands‐on experience with technology control frameworks, from NIST to SSAE18, HITRUST, privacy regulations, e.g., GLBA, CCPA, GDPR, and understanding the operational concerns and opportunities associated with these frameworks and regulations
• A non‐dogmatic mindset
• Excellent understanding of cloud‐based B2B, B2C, and B2B2C environments and the associated technologies and security controls
• Passionate about learning new things – while you’re not expected to know everything you will face, it is expected that you will learn new things when appropriate
• Desire and/or ability to write automation scripts to increase operational efficiency and effectiveness of compliance and privacy controls
• Ability to see the big picture, yet recognize the importance of details and make sure t’s are crossed and i's dotted

Responsibilities

• Execute, maintain and improve the technology governance and compliance program, with a focus on automation, control right-sizing, and proactive compliance monitoring/enforcement, e.g., lead, rather than lag compliance controls
• Own compliance processes for cyber security and privacy (e.g., SOC2, CCRA, GDPR, ISO27001, SOX‐404) and drive compliance activities, such as SOC2 control operations and testing, 3rd party risk assessments, etc
• Partner with the finance and audit team to define and implement effective, yet practical ITGCs for in‐scope environments
• Lead and/or coordinate partner and internal/external audits across all functional areas/GoodLeap business units
• Partner with the legal team to implement and streamline privacy processes and controls
• Build and lead a GRC team
• Select, implement, and manage GRC solutions for the organization

Preferred Qualifications

Broad industry experience, inclusive of Big 4 and in‐house compliance/oversight roles is a significant plus

Benefits

• $164,000 - $204,000 a year
• Bonus
• Equity