Senior Manager, Data Governance and Information Security
BigCommerce is disrupting the e-commerce industry as the SaaS leader for fast- growing, mid-market businesses. We enable our customers to build intuitive and engaging stores to support every stage of their growth.
More than 60,000 merchants rely on BigCommerce to secure billions in annual online sales. We are seeking a Manager, Data Governance and Information Security who wants to empower innovators, creative thinkers, entrepreneurs and business owners around the world to be successful at each stage of their business.
You’ll be solving interesting compliance challenges in a complex SaaS environment, where you will help us drive to a stronger, complaint, and secure solution overall.
What you’ll do
- Provide vision, leadership, and management to the Governance Risk and Compliance team, developing and setting the team strategy in alignment with BC’s overall business strategy.
- Establish strong, productive relationships with stakeholders across functions and across the globe to lead collaboration when developing compliance and information security solutions.
- Provide privacy and data security leadership and guidance to cross-functional colleagues, including infosec, commercial, procurement, product, and engineering teams.
- Remain up-to-date on relevant consumer protection, privacy and data security laws and regulations, as well as on technological developments, threat vectors, and evolving industry standards to ensure an ongoing ability to build sound compliance policies and procedures, and enable compliance throughout the organization.
- Establish and maintain oversight of the BC information security governance and compliance program.
- Assess and improve compliance programs across the business.
- Establish an enterprise-wide view of gaps, ensure on-time and continuous visibility to critical business stakeholders, and continuously improve overall risk response strategies.
- Streamline compliance programs across the enterprise to gain efficiencies to meet current and future business needs within the organization.
- Ensure policies and standards meet our required standards for ISO 27001, PCI DSS and future compliance programs.
- Lead business units in developing and adhering to regulatory compliance requirements in association with the global compliance policy.
- Lead stakeholders across functions and across the globe in the development of global information security programs.
Who you are:
- Undergraduate degree or equivalent experience.
- Experience as a PCI-DSS QSA or ISA, or holding equivalent information security audit credentials.
- Experience providing pragmatic and actionable advice to clients on various legal risks and obligations under privacy and data security laws in the U.S., Canada, and Europe (including Privacy Shield and GDPR).
- Experience with APAC privacy and data security laws a plus.
- IAPP CIPP/E certification.
- Experience with SOC and SOX audits.
- Minimum 7 years' experience in a GRC role, the ideal candidate will have at least 11 years.
- Minimum 3 years' experience directly managing a Compliance team, the ideal candidate will have at least 5 years
- Demonstrated success in both leading and serving on cross-functional teams driving a single outcome.
- Experience providing leadership across global teams, and in successfully influencing outcomes where no formal leadership structure exists.
- Have an excellent ability to communicate and to coordinate.
- Will speak up when something just doesn’t feel right with productive feedback.
- A deep understanding of corporate governance, policies, and procedures.
- Strong program management skills with experience in managing complex projects with multiple stakeholders.
Diversity & Inclusion at BigCommerce
We have the opportunity to build not only a great business, but a great company, with soul. Our beliefs and commitment to diversity and inclusion are a central part of achieving that.
Our dedication to diversity and inclusion is grounded in two things: a moral belief in the dignity, value, and potential of every individual, and a practical belief that diverse, inclusive teams will create the best outcomes for our customers, partners, employees, and company. We welcome everyone to be a part of our journey.