Program Manager, Governance, Risk & Compliance
Outreach
This job is no longer accepting applications
See open jobs at Outreach.See open jobs similar to "Program Manager, Governance, Risk & Compliance" Techstars.Your Daily Adventures Will Include
- Driving the Outreach Information Security Management System (ISMS) governance, risk and compliance activities.
- Contributing to our GRC strategy to keep pace with Outreach’s rapid growth while reducing audit impact on operational and engineering teams.
- Developing and evolving information security policy and helping educate teams of their responsibilities and obligations.
- Translating key internal, industry and regulatory obligations including the ISO 27001, SOC 2 and HIPAA into appropriate administrative and technical controls available to control owners.
- Working with control owners to ensure effective and efficient control monitoring, as well as appropriate visibility of control activity.
- Reviewing the operating effectiveness of current controls and developing a program of continual optimization based on feedback from both the ISMS and operational teams.
- Extending the control framework to leverage commonalities between multiple assessments and improve the overall efficiency of the Outreach audit program.
- Leading internal teams through the preparation for and successful completion of a variety of key industry and regulatory audits from audit readiness through final assessment including remediation activities.
- Coordinating key internal, industry and regulatory audits including ISO 27001, SOC 2, TRUSTe, and others.
- Ensuring all in-scope functions and teams are prepared for audits
- Managing auditor relationships.
- Incorporating audit findings and recommendations into Information Security Management System (ISMS) and Control Framework programs.
- Training and communicating responsibilities to control performers including the mapping, review and feedback of controls to specific audit requirements.
- Reviewing audit evidence and any findings to assess and improve control effectiveness.
- Working with Outreach management teams and engineers to identify and capture security risks and collaborate with risk owners to identify and put effective mitigations and remediations into place.
- Organizing and presenting security risks to appropriate teams and managing risk treatment plans from creation through implementation.
- Ensuring cross company support of all aspects of security by establishing partnerships with other Outreach teams with the overarching goal of improving trust of Outreach and its products.
- Leading risk assessment to help drive the risk program to focus on reducing risk throughout the company.
Basic Qualifications
- 4+ years of building and managing compliance programs including risk management, policy definition, and control design.
- Bachelor’s degree.
- Hands-on experience managing external auditors and on-site audits including proven experience passing ISO 27001, SOC 2 Type II and HIPAA audits.
- Experience in establishing and maintaining compliance in AWS and cloud environments.
- Technical familiarity with network, database and application security.
- Thorough understanding of the latest regulatory requirements and associated security principles.
- Familiarity with web related technologies (Web applications, Web Services, Service Oriented Architectures) and of network/web related protocols.
- Problem solving skills and ability to work under pressure.
Preferred Qualifications
- Service Now user experience
- A minimum of 3 years of experience in the technical interpretation and practical application of an information security program specifically in governance, risk, and compliance.
- Extensive information security auditing and compliance experience.
- Experience authoring and management of information security policies and standards.
- Experience managing a security risk program including the collection and identification of security risks and associated risk treatment plans.
- Strong project management experience.
- Direct experience interpreting industry and regulatory security requirements and authoring supporting controls.
- Direct experience with regulatory frameworks- including ISO 27001 and SOC2.
- Experience working as/or with auditors through complex audits.
- Have a history of successful cross-organizational efforts.
- Ability to analyze problems and make appropriate decisions quickly.
- Ability to drive large, complex programs and solutions.
- Experience managing multiple external vendors across broad and complex work engagements.
- Experience driving the development of GRC program strategies, performance metrics, and articulating the business value and costs.
- Excellent interpersonal and management skills.
- Strong written and verbal communication skills.
- Ability to work flexibly and independently to achieve results within the dynamic Outreach culture.
- Ability to maintain extreme confidentiality.
- SOX ITGC Controls
This job is no longer accepting applications
See open jobs at Outreach.See open jobs similar to "Program Manager, Governance, Risk & Compliance" Techstars.