Events  Deals  Jobs 
    Sign in  

Pindrop has an exciting opportunity for a GRC Lead to create & manage an enterprise wide GRC program. This role will be responsible for enhancing, maturing & managing programs addressing the following areas: Policy, Compliance, Security Awareness, Information Security Risk Management, Business Resiliency, Data Protection, & Vendor Risk Management. Yes, this is a lot of responsibility; we are a small company that is targeting the security program maturity of a Fortune 100 company. We run lean & wear a lot of hats.

We are looking for someone with strong hands-on experience in policy, risk & compliance to varied security standards & frameworks who is looking to own a lot of responsibility & make a big impact in a dynamic environment.

what youll do

  • Serving as the thought leader on policy & controls to provide security guidance to internal departments & our product teams
  • Collaborating with engineering, operations, legal, etc. to ensure the security of our products, services, & corporate environment
  • Raising security awareness across the enterprise
  • Measuring, managing & reporting on risk
  • Engaging leadership across Pindrop to maintain awareness of projects & initiatives that require security & privacy assessment & direction
  • Maintaining enterprise compliance to major regulations & standards (e.g., PCI, SOC2, ISO 27001/2, HIPAA) through both assessment & management of remediation of controls
  • Managing a holistic data protection program to ensure the confidentiality, integrity & availability of our sensitive data
  • Collaborates with procurement, contracting & business units to perform security assessments of our critical partners
  • Serve as a risk advisor & consultant to Pindrop departments by providing recommendations on risk mitigation & security controls to reduce risk

who you are

  • Accountable & empowered risk professional
  • Curious & always looking to learn
  • Highly interested in how things work
  • Gets excited by control frameworks & risk models
  • Strong communication skills whether talking to executives or software engineers
  • At least 5 years of professional risk, audit, and/or compliance experience including 3+ years in information security, information security risk & risk frameworks, IT/security governance, audit, and/or compliance function
  • Experience with control frameworks such as ISO 2700x, PCI DSS, SOC2, HIPAA, NIST, & privacy law
  • Demonstrated ability to develop & manage security policies, standards, guidelines & procedures
  • Demonstrated capability to learn & adapt to new situations & requirements in a dynamic environment
  • Demonstrated experience driving risk based decisions supporting business owner expectations & needs
  • Experience working across business lines to engage team members
  • Hands on experience driving security awareness programs & content
  • Networking experience, including TCP/IP, routing, switching preferred
  • Working knowledge of Linux & security procedures & controls for Linux preferred
  • Experience with Amazon AWS, EC2, S3 & other cloud platforms preferred
  • Application architecture & coding development preferred
  • Experience in a DevOps/Agile environment preferred
  • Bachelors Degree or equivalent in Business, Computer Science or a related field
  • At least one certification such as CISSP, CISM, and/or CISA preferred
Apply To Job
© 2020 GarysGuide      About    Feedback    Press    Terms