Our GRC team is seeking forward thinking, creative, technical, & talented IT compliance & security risk professionals with a strong background in regulatory controls requirements, process improvement, controls implementation, & security risk analysis.
- Evaluate, develop, manage & maintain ITGC policies, procedures, & controls for Squarespace systems (internally developed & vendor provided).
- Actively work with stakeholders across the business (Finance, Accounting, Internal Controls, Engineering, etc.) to identify, document, & track remediation of ITGC & security control gaps.
- Conduct periodic self-assessments of Squarespaces adherence to internal policies, compliance reporting objectives & industry best practices.
- Work closely with the Squarespace Internal Controls team & external auditors.
- Communicate policy & procedure requirements to stakeholders.
- Leverage knowledge of published risk & control frameworks (ISO, NIST, CIS, SOC, etc.) to develop a customized security risk & control framework for Squarespace based on the companys risk profile.
- Conduct security risk assessments across the organization, rank security risks, articulate risk in terms of business impact, & suggest reasonable strategies to mitigate risks.
- Work closely with Squarespace Security Engineering teams to automate control processes & integrate the process side of security with the technical side of security.
- Apply technical knowledge of Linux & access control by configuring & managing auditd access monitoring & accounting rules
- Formally document & develop security policies (outside the scope of ITGC policies) & procedures.
- Conduct vendor security risk assessments, provide risk based recommendations to the organization, & evaluate the company third party risk posture.
- Grow & establish the GRC group within Squarespace & contribute to the GRC community through participation in conferences & sharing knowledge & approaches developed through our work at Squarespace.
- Actively track project status & proactively communicate road blocks.
- Experience with IT controls implementation in the context of SOX & SOC 2/3
- Data analytics background utilizing NoSQL, SQL, and/or Python is strongly preferred
- Experience working in a full Linux environment, Git, & CI/CD
- Self-motivated & capable of coaching/mentoring staff as the team grows in size
- PCI controls implementation, SAQ, & RoC experience is a plus
- Experience identifying, tracking, reporting & remediating IT procedural & technical risk
- Working knowledge of web based technologies & cloud environments is desired to achieve success in this role
- Big-4 is preferred
- CISA and/or CRISC certification is strongly preferred
Squarespace makes beautiful products to help people with creative ideas succeed. By blending elegant design & sophisticated engineering, we empower millions of people from individuals & local artists to entrepreneurs shaping the worlds most iconic businesses to share their stories with the world. Squarespaces team of more than 800 is headquartered in downtown New York City, with offices in Dublin & Portland. For more information, visit www.squarespace.com/about.
- Health insurance with 100% premium covered
- Flexible vacation & paid time off
- Up to 18 weeks of parental leave
- Equity plan
- 401(k) plan with employer match
- Free lunch & snacks
- Squarespace sends engineers to speak at & attend the most relevant & impactful conferences throughout the year
- Dog-friendly workplace
- Gender Affirmation Surgery
- Education reimbursement
Today, more than a million people around the globe use Squarespace to share different perspectives & experiences with the world. Not only do we embrace & celebrate the diversity of our customer base, but we also strive for the same in our employees. At Squarespace, we are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender, gender identity or expression, or veteran status. We are proud to be an equal opportunity workplace.