GRC Operations, Sr Analyst (New York, NY)
Our GRC team is growing & were looking for a talented technology audit, compliance, & risk professional to join the team!
The Squarespace GRC teams initiatives have wide ranging visibility & provide a unique opportunity to actively partner with departments across the organization. The GRC Operations role compliments the GRC Implementation & Analysis team. GRC Operations focuses primarily on developing ongoing audit/monitoring plans for the controls in place throughout our Engineering department. Specifically, the GRC Operations function will be involved in the evaluation of internal control design & operating effectiveness to ensure compliance with security, privacy, & financial reporting programs. In addition to a strong partnership with GRC & Engineering team members, the GRC Ops role will also liaise with teams across the organization (Internal Controls, Finance, Security Engineering) in order to execute technical audits that address the organizations current needs. Additionally, the GRC Ops role will be involved with the vendor risk management & enterprise security questionnaire processes.
You will report to the Director of GRC & will work closely with them to develop a roadmap for the growth of this function. This role will be based remotely until we return to the NYC office on June 1st, 2021.
- Assist with ongoing maintenance of information security policies.
- Conduct regular self-assessments/audits throughout engineering to confirm adherence to company policy.
- Work closely with engineering teams to understand & document the controls within their particular environment(s).
- Develop roadmaps that outline audit approaches & plans for each quarter.
- Clearly document & communicate the results of audits along with control and/or process improvement recommendations.
- Liaise with Finance, Accounting, & Internal Controls teams to understand business processes & assist with IT controls development & implementation.
- Display in depth & working knowledge of regulatory & compliance reporting & frameworks such as SOX, SOC 1, SOC 2, PCI & ISO27001.
- Work closely with the Security Engineering team to understand their audit needs & build those needs into quarterly roadmaps.
- Provide regular status updates to the Director of GRC & proactively communicate delays in work as they occur.
- Co-manage the vendor security risk management process at Squarespace, with the potential of owning the function in its entirety.
- Co-manage the enterprise customer security questionnaire process at Squarespace, with the potential of owning the function in its entirety.
- Work closely with the Data Privacy team at Squarespace to develop audit & monitoring activities for controls related to GDPR, CCPA, etc.
- Partner with external audit firms on audit & compliance initiatives.
- Roles at this level require a university/college degree.
- 5+ years relevant experience in an IT audit/compliance/risk management role.
- Must have experience in controls testing in line with SOX & SOC 1/2/3 frameworks.
- Proven ability to lead & project manage all phases of audit, including planning, execution, & reporting.
- Familiarity with coordinating across departments (Internal Controls, Finance, Accounting, People).
- Ability to effectively communicate audit findings & recommendations to stakeholders.
- Experience in assisting in the implementation of an IT internal audit function is a plus.
- Data privacy experience is a plus.
- Experience with technical security audits is a major plus.
- Should have experience with identifying, tracking, reporting & remediating IT procedural & technical risk.
- Working knowledge of web based technologies & cloud environments is desired to achieve success in this role.
- Big-4 experience is a plus.
- CISA or CISSP certification is strongly preferred.
Squarespace makes beautiful products to help people with creative ideas succeed. By blending elegant design & sophisticated engineering, we empower millions of people from individuals & local artists to entrepreneurs shaping the worlds most iconic businesses to share their stories with the world. Squarespaces team of more than 1,200 is headquartered in downtown New York City, with offices in Dublin & Portland. For more information, visit www.squarespace.com/about.
Benefits & Perks
- Health insurance with 100% premium covered for you & your dependent children
- Flexible vacation & paid time off
- Up to 20 weeks of paid family leave
- Equity plan for all employees
- Retirement benefits with employer match
- Fertility & adoption benefits
- Free lunch & snacks at all offices
- Education reimbursement
- Dog-friendly workplace in New York office
- Commuter benefit in the form of reduced tax (Ireland) & pretax (US)
Today, more than a million people around the globe use Squarespace to share different perspectives & experiences with the world. Not only do we embrace & celebrate the diversity of our customer base, but we also strive for the same in our employees. At Squarespace, we are committed to equal employment opportunity regardless of race, color, ethnicity, ancestry, religion, national origin, gender, sex, gender identity or expression, sexual orientation, age, citizenship, marital or parental status, disability, veteran status, or other class protected by applicable law. We are proud to be an equal opportunity workplace.