Governance, Risk, and Compliance (GRC) Program Manager

GRC Program Manager
US Remote
Who we are
As human beings, one of our fundamental identifiers is our voice. Pindrop's advanced voice identity technology recognizes this distinct and unique human quality with the kind of precision and certainty that's needed when information or access is essential. From preventing fraud in call centers to obtaining information from smart devices and even activating cars, Pindrop lets people use their voice to quickly and privately connect to, enter, and unlock their world. At Pindrop, we hire great people and we take care of them. All we do is guided by our Core Values: Audaciously Innovate, Evangelical Customers for Life, Execution Excellence, Win as a Company, Make a Difference.
Headquartered in Atlanta, GA, Pindrop has raised over $223M in capital by premier VCs including Andreessen-Horowitz, IVP, and CapitalG.
This is the technical leadership role for GRC and is the principal owner of all GRC topics. Pindrop offers the unique opportunity to not only help build and scale the GRC program but at the same time learn and grow as a leader. The experience offered by this role is very comprehensive and it is rare for GRC professionals to experience the full range of GRC responsibilities, and have such a significant impact on the program and the company.
What you'll do

• Build and manage the GRC program, projects and initiatives, including security controls, internal audit, metrics, reporting, tracking and effectiveness.
• Serve as the owner on policy and controls to provide GRC guidance to internal departments and our product teams
• Collaborate with engineering, operations, legal, etc. to ensure the security of our products, services, and corporate environment
• Raise security awareness across the enterprise
• Measure, manage and reporting on risk
• Engage leadership across Pindrop to maintain awareness of projects and initiatives that require security and privacy assessment and direction
• Maintain enterprise compliance to major regulations and standards (e.g., PCI, SOC2, HiTrust, ISO 27001/2, HIPAA) through both assessment and management of remediation of controls
• Manage a holistic data protection program to ensure the confidentiality, integrity and availability of our sensitive data
• Collaborate with procurement, contracting and business units to perform security assessments of our critical partners
• Document and report control failures and gaps to stakeholders. Provides remediation guidance and prepares management reports to track remediation activities.
• Implement processes, such as GRC (governance, risk and Compliance), to automate and continuously monitor information security controls, exceptions, risks, testing.
• Apply a risk-based approach to planning, executing, and reporting on audit engagements and auditing process

Who you are

• You are accountable and empowered GRC professional
• You get excited by control frameworks, control implementations, metrics and risk models
• You have strong communication skills whether talking to executives or software engineers
• You are resilient in the face of challenges, change, and ambiguity
• You are optimistic and believe that you can make a problem into a solution
• You are resourceful, excited to uncover innovative solutions and teach yourself something new when needed
• You take accountability, do the things you say you'll do, under-promise and over-deliver
• You are nimble and adaptable when priorities change and continue to see the "forest through the trees"

Your skill-set:

• At least 5 years of program, project and management experience including 3+ years in information security, information security risk and risk frameworks, IT/security governance, audit, and Compliance function
• Proven experience with control frameworks such as ISO 2700x, PCI DSS, SOC2, HiTrust, HIPAA, NIST, and privacy law
• Demonstrated ability to develop and manage security policies, standards, guidelines and procedures
• Demonstrated experience driving information security audits and risk based decisions supporting business owner expectations and needs
• Experience working across business lines to engage team members
• Hands on experience driving security awareness programs and content
• Demonstrated capability to learn and adapt to new situations and requirements in a dynamic environment
• Work independently and prioritize multiple tasks and adapt to needed changes;
• Bachelor's Degree or equivalent in Business, Computer Science or equivalent experience preferred
• At least one certification such as CISSP, CISM, and/or CISA preferred

What's in it for you:
As a Pindropper, you join a rapidly growing company making technology more human with the power of voice. You will work alongside some of the best and brightest (no joke...nearly 1 in 3 Pindrop employees has a Ph.D.). We're a passionate group committed to excellence - but that doesn't stop us from enjoying the journey as a team with chess and poker tournaments, catered lunches and happy hours, wellness programming, and more. Because we take our jobs seriously, we add in time for rest with Unlimited PTO, Focus Thursday, and Company-wide Rest Days.

• Within 30 days you'll

• Complete onboarding and attend New Employee Orientation sessions with other new Pindroppers
• Learning about Pindrop culture, values and teams
• Building relationships with key stakeholders and the team

• Within 60 days you'll

• Learning existing processes, tools and techniques
• Learning best practices based on industry guidelines and comparing with current practices

• Within 90 days you'll

• Defining best practices based on industry guidelines and planning to improve with current practices
• Teach us something new

What we offer
As a part of Pindrop, you'll have a direct impact on our growing list of products and the future of security in the voice-driven economy. We hire great people and take care of them. Here's a snapshot of the benefits we offer:

• Competitive compensation, including equity for all employees
• Unlimited Paid Time Off (PTO)
• Generous health and welfare plans to choose from - including an employer-provided "employee-only" plan!
• Best-in-class Health Savings Account (HSA) employer contribution
• Affordable vision and dental plans for you and your family
• Employer-provided life and disability coverage with additional supplemental options
• Paid Parental Leave - Equal for all parents, including birth, adoptive & foster parents
• One year of diaper delivery for your newest addition to the family! It's our way of welcoming new Pindroplets to the family!
• Remote-first culture with opportunities for in-person team events
• New hire and recurring monthly home office allowance
• When we need a break, we keep it fun with happy hours, ping pong and foosball, drinks and snacks, and monthly massages!
• Remote and in-person team activities (think cheese tastings, chess tournaments, talent shows, murder mysteries, and more!)
• Company holidays
• Annual professional development and learning benefit
• Pick your own Apple MacBook Pro
• Retirement plan with competitive 401(k) match
• Wellness Program including Employee Assistance Program, 24/7 Telemedicine

What we live by
At Pindrop, our Core Values are fundamental beliefs at the center of all we do. They are our guiding principles that dictate our actions and behaviors. Our Values are deeply embedded into our culture in big and small ways and even help us decide right from wrong when the path forward is unclear. At Pindrop, we believe in taking accountability to make decisions and act in a way that reflects who we are. We truly believe making decisions and acting with our Core Values in mind will help us to achieve our goals and keep Pindrop a great place to work:

• Audaciously Innovate - We continue to change the world, and the way people safely engage and interact with technology. As first principle thinkers, we challenge standards, take risks and learn from our mistakes in order to make positive change and continuous improvement. We believe nothing is impossible.
• Evangelical Customers for Life - We delight, inspire and empower customers from day one and for life. We create a partnership and experience that results in a shared passion. We are champions for our customers, and our customers become our champions, creating a universal commitment to one another.
• Execution Excellence - We do what we say and say what we do. We are accountable for making the tough decisions and necessary tradeoffs to deliver quality and effective solutions on time.
• Win as a Company - Every time we win, we win as a company. Every time we lose, we lose as a company. We break down silos, support one another, embrace diversity and celebrate our successes. We are better together.
• Make a Difference - Every day we have the opportunity to make a positive impact. We operate with dedication, passion, and uncompromising integrity, creating a safer, more secure world.

Not sure if this is you?
We want a diverse, global team, with a broad range of experience and perspectives. If this job sounds great, but you're not sure if you qualify, apply anyway! We carefully consider every application and will either move forward with you, find another team that might be a better fit, keep in touch for future opportunities, or thank you for your time.
Pindrop is an Equal Opportunity Employer
Here at Pindrop, it is our mission to create and maintain a diverse and inclusive work environment. As an equal opportunity employer, all qualified applicants receive consideration for employment without regard to race, color, age, religion, sex, gender, gender identity or expression, sexual orientation, national origin, genetic information, disability, marital and/or veteran status.
#LI-Remote