Responsibilities
- Partner with teams across Security, IT, Engineering, Product, and Legal to advise on the design, effectiveness, and automation of security controls.
- Design, develop, and sustain tools for testing and ongoing monitoring of security controls across platforms such as AWS and GitHub.
- Own and advance the roadmap for continuous compliance across corporate, IT, and product systems with a focus on expanding automated coverage.
- Support the creation and upkeep of organization-wide security policies, procedures, and plans, and help communicate compliance best practices to internal teams.
- Report on progress, critical issues, and resolutions to leadership and relevant team members.
- Develop clear procedural documentation, including training resources and process guides.
- Engage with employees at all levels to support program execution and advance governance, risk, and compliance objectives.
- Lead the creation and monitoring of corrective action plans in response to security compliance findings.
- Execute yearly risk assessments and develop corresponding risk mitigation strategies.
- Evaluate third-party vendors’ security posture through security assessments for both new and existing suppliers.
- Oversee the security exception management process, including tracking, approvals, and automation improvements.
- Support the assurance component of GRCA to validate control effectiveness.
- Maintain and update responses to customer security questionnaires in a centralized FAQ format.
- Collaborate on business impact analyses and contribute to annual business continuity and disaster recovery planning.
- Apply artificial intelligence and automated solutions to enhance the scalability of GRCA operations.
- Coordinate with internal and external auditors to support compliance validation and maintain continuous control adherence.
Work Arrangement
On-site
Other
Must be willing and able to work onsite five days per week