Address
Form of workThe Governance, Risk and Compliance team is responsible for understanding compliance frameworks relevant to a database-as-a-service for customers in a wide variety of industries, interpreting the frameworks to recommend the best path to implementation, and working across the business to implement and maintain processes and systems supporting GRC programs. The team has a full remit as shown in the responsibilities below. You will have the rare opportunity to be in a hands-on role where you can put your expertise to good use, with plenty of room to expand your knowledge and grow your skills.
Responsibilities
- Work across the company to define and deliver compliance programs, including SOC 2, ISO 27001, PCI, HIPAA, GDPR, FedRAMP, etc.
- Work with engineering to validate compliance-relevant changes, including performing product testing and help draft documentation
- Perform compliance monitoring tasks, including employee security onboarding, performing vendor reviews, responding to customer surveys, and performing quarterly access reviews, ASV scans, and risk assessment refresh
- Coordinate with Operations to support access governance through Okta and Lumos onboarding and configuration
- Coordinate with Marketing and Privacy Legal to support the company's privacy tooling
- Coordinate with Security to maintain corporate security tooling and processes
Requirements
- 7+ years of experience in IT audit, GRC, and/or information security
- One or more of the following certifications CISA, PCIP, CIPP, or equivalent
- Extensive knowledge of security compliance frameworks, including interpretation and implementation
- Hands on experience using and managing GRC and security tools
- Demonstrated problem solving abilities; as shown through outsized accomplishments for the role held
- Understanding of compliance levers in cloud (AWS, GCP, Azure)
- Ability to learn quickly and adapt techniques supporting a startup environment
- Flexibility to pick up additional tasks where needed
- Deep understanding of database technologies is a plus
- Hands on experience coding (scripting, software development) is a plus
Must be a US Citizen (due to working with US government customers) and reside full-time in the United States.
