Key responsibilities:
- Examine, evaluate, and document internal controls based on various security standards (NIST CSF, SOC2, ISO-27001, etc
) - Lead IT-related audits and examinations conducted by external parties
- Align policies, standards and procedures with compliance objectives
- Prepare metrics and reports for management on the status of GRC objectives
- Evaluate and respond to customer/prospect questions and audits
Assist in aligning compliance reports and public-facing Trust Page to reduce the overall number of customer requests - Remain up to date on current security laws, regulations and standards
- Represent the GRC Team by participating directly with projects and provide guidance, requirements and documentation for security-related purposes when requested
- Create, evaluate, document and maintain standards, processes and procedures relative to security and privacy
- Engage with management to identify possible resolutions to control weaknesses and opportunities for improvement
- Perform GRC recurring tasks as requiredÂ
- Provide consultative guidance and oversight to project teams to design, develop, deploy and sustain solutions that meet compliance requirements, including but not limited to a set of technical deliverables, cost, schedule, quality, and status reporting
- Assist in selecting, configuring and/or administering program via GRC tools
- Prepare, update and maintain customer-facing documentation
- Assist with building and/or testing integrations and automations with SaaS/IaaS platforms to collect evidence for security audits and monitor for security configurations
- Assist with developing configuration monitoring capabilities for SaaS and IaaS platforms
What We’re Looking For
- Degree or equivalent in Computer Science or related field
- 5-8 years of experience in Information Security with a specialization in one area of GRCÂ
- Co-create and help articulate Information Security strategy across the company
- A broad understanding of all security domains, CISSP or similar certification preferred
- Experience working with engineering teams to understand issues and prioritize remediations
- Proficiency with common information security frameworks including SOC2, NIST CSF, and ISO 27001
- Demonstrated ability to collaborate effectively across teamsÂ
- Familiarity and experience with IT/Security/GRC toolset, such as : Jira, Confluence, Whistic, GRC platforms,risk ratings tools, data collection tools
- Ability to analyze empirical evidence and technical reports, identify root causes, recommend solutions, prioritize projects according to risk and compliance drivers, and drive technical projects through to completion
 - Familiarly with different cloud concepts and tooling including AWS, GCPÂ
- Experience in a remote-first and distributed environment
- Someone willing to adapt to change in a fast moving environment
- Experience with cloud-native pre-IPO startup companies
- Experience with AWS security services and tooling
WHAT WE OFFER:
- The chance to work in a fast-paced start-up environment with experienced industry leaders
- A learning environment where you can dive deep into the latest technologies and make an impact
- Competitive salary and equity
- 100% paid medical and dental and 95% paid vision insurance for employees starting on your first day
- 401k (with match), commuter benefits
- Industry-leading parental leave policies
- Generous wellness reimbursement and weekly onsite programs
- Flexible vacation policy – work with your manager to take time off when you need it
- Employee giving match
- Modern office in San Francisco’s Financial District
- Fully-stocked kitchen with organic snacks, beverages, and coffee drinks
- Weekly company meeting – ask me anything style discussion with our Leadership Team
- Team outings to sports games, happy hours, game nights and more!
Â