SpyCloud is the leader in account takeover (ATO) prevention, protecting billions of consumer and employee accounts either directly or through product integrations. Our award-winning solutions proactively defeat fraud attempts and disrupt the criminals' ability to profit from stolen information.

Our security team is looking for a Governance Risk & Compliance Manager  We are looking for a creative, diligent, technical, and experienced IT compliance and security risk professional with a background in SOX/SOC controls implementation, regulatory controls requirements, process improvement, and security risk analysis to join our team.

Responsibilities

• Evaluate and maintain procedures, and controls for SpyCloud systems (internally developed and third-party).

• Help define  SpyCloud’s GDPR, data handling, data protection, and privacy standards.

• Help define the direction and the selection of a control framework. (CIS 20, SOC 2).

• Collaborate with partners across the business (Finance, Accounting, Security, Engineering, etc.) to track remediation of controls and security control gaps.

• Conduct self-assessments/audits to confirm SpyCloud adherence to internal policies, compliance goals, and industry best practices.

• Help support external audits of our and control environments.

• Develop workflow to address customer questionnaires and SpyCloud’s overall response strategy.

• Perform detailed control testing for in scope systems. Document and communicate findings with the GRC team and, where necessary, process owners.

• Assist with security and enterprise risk assessments across the organization.

• Partner with Security Engineering to formally document security policies and procedures.

• Conduct vendor security risk assessments for any third-party SaaS software solutions being considered for use. Provide feedback to the key stakeholders based on the assessment and a recommendation to move forward or disengage.

• Grow and establish the GRC function at SpyCloud through collaboration with Engineering teams and cross functional partnerships with Finance, Accounting, Legal, Product, and Research.

• Track project status and communicate road blocks with proposed solutions.

Qualifications

• 2+ years relevant experience in an IT audit/compliance/risk management role

• Experience with IT controls implementation in the context of SOX and SOC 2/3

• Experience working in a full Linux environment, Git, and CI/CD

• PCI controls implementation & SAQ experience is a plus

• Experience identifying, tracking, reporting and remediating IT procedural and technical risk

• Working knowledge of web-based technologies and cloud environments is a plus

• Big-4 is preferred

• CISA certification (or at a minimum, successful completion of the CISA examination) is strongly preferred