Responsibilities
- Own, manage and be accountable for supporting our revenue team both on net new deals as well as renewals and RFIs when it comes to customer security reviews.
- Build automation into GRC
- Deploy GRC-as-Code / Policy-as-Code
- Deploy AI into our GRC processes where appropriate
- Lead and build a high performing team
- Manage our public trust center.
- Maintain a high level of customer service for both internal and external stakeholders and customers.
- Lead our annual external audits such as SOC2, ISO 27001, ISO 27701, CJIS, FedRAMP and others and serve as primary point of contact for external auditors.
- Lead our internal audits
- Lead and manage vendor security reviews for our entire supply chain
- Lead cyber risk management for the business and oversee the cybersecurity risk register.
- Draft and manage all cybersecurity related policies, procedures, and standards.
- Partner closely with Product Security & Privacy, Engineering and Product teams to conduct privacy threat modeling
- Define and track key performance indicators (KPIs) and key risk indicators (KRIs) from engineering and cloud telemetry data to provide measurable, risk-based insights to leadership
- Lead and maintain compliance with NCIC (National Crime Information Center) requirements, ensuring proper access controls, auditability, training, and operational alignment with applicable criminal justice information standards.
Requirements
- 5+ years of people leadership experience
- 10+ years general GRC experience
- Ability to delegate and dive deep with your team to solve problems quickly
- Define and execute the multi-year vision, strategy, and roadmap for the GRC Engineering function, aligning it with overall business objectives and the security program's evolution.
- Mentor and coach team members, fostering a culture of continuous learning, automation-first thinking, and professional growth in both GRC and technical engineering skills.
- Manage the GRC Engineering budget, external vendor relationships, and resource allocation to ensure optimal efficiency and effectiveness of the compliance program.
- Drive a proactive, security-minded, and compliance-aware culture across the entire engineering and product organization.
- Strong experience in reviewing and redlining contracts
- Ability to strike a balance between customer requirements and organizational risk when considering contracting
- Strong negotiation skills when managing vendor and supply chain risks
- Proven ability to to build business-centric Third Party Risk programs
- Experience with and deep knowledge of CJIS Security Policy or NIST 800-53
- Experience and knowledge of HIPAA, GDPR, CCPA, LINDDUN
- Understanding of product development, SDLC and CD/CI
- Deep knowledge of AWS
- Familiarity with tools like Terraform or CloudFormation for managing and auditing infrastructure configuration as code.
- Experience integrating GRC processes with vulnerability management and security configuration tools to track remediation and ensure control coverage.
- Strong communication and diplomatic skills in building consensus from dispersed teams with competing priorities.
Work Arrangement
Hybrid
Additional Information
- If an offer is extended and accepted, this position requires the ability to obtain and maintain Criminal Justice Information Services (CJIS) certification as a condition of employment. Applicants must meet all FBI CJIS Security Policy requirements, including a fingerprint-based background check.
