Compliance Manager - Governance and Risk
SpyCloud is the leader in account takeover (ATO) prevention, protecting billions of consumer and employee accounts either directly or through product integrations. Our award-winning solutions proactively defeat fraud attempts and disrupt the criminals' ability to profit from stolen information.
Our security team is looking for a Governance Risk & Compliance Manager We are looking for a creative, diligent, technical, and experienced IT compliance and security risk professional with a background in SOX/SOC controls implementation, regulatory controls requirements, process improvement, and security risk analysis to join our team.
Responsibilities
Evaluate and maintain procedures, and controls for SpyCloud systems (internally developed and third-party).
Help define SpyCloud’s GDPR, data handling, data protection, and privacy standards.
Help define the direction and the selection of a control framework. (CIS 20, SOC 2).
Collaborate with partners across the business (Finance, Accounting, Security, Engineering, etc.) to track remediation of controls and security control gaps.
Conduct self-assessments/audits to confirm SpyCloud adherence to internal policies, compliance goals, and industry best practices.
Help support external audits of our and control environments.
Develop workflow to address customer questionnaires and SpyCloud’s overall response strategy.
Perform detailed control testing for in scope systems. Document and communicate findings with the GRC team and, where necessary, process owners.
Assist with security and enterprise risk assessments across the organization.
Partner with Security Engineering to formally document security policies and procedures.
Conduct vendor security risk assessments for any third-party SaaS software solutions being considered for use. Provide feedback to the key stakeholders based on the assessment and a recommendation to move forward or disengage.
Grow and establish the GRC function at SpyCloud through collaboration with Engineering teams and cross functional partnerships with Finance, Accounting, Legal, Product, and Research.
Track project status and communicate road blocks with proposed solutions.
Qualifications
2+ years relevant experience in an IT audit/compliance/risk management role
Experience with IT controls implementation in the context of SOX and SOC 2/3
Experience working in a full Linux environment, Git, and CI/CD
PCI controls implementation & SAQ experience is a plus
Experience identifying, tracking, reporting and remediating IT procedural and technical risk
Working knowledge of web-based technologies and cloud environments is a plus
Big-4 is preferred
CISA certification (or at a minimum, successful completion of the CISA examination) is strongly preferred