Address
Form of work
SalaryJoin a team that's making an IMPACT
Lumivero offers custom-built software solutions that allow users to leverage tools to answer the important questions they are working to decode. We bring trusted research, decision-making, and organizational tools together that enable professionals to do their work efficiently and productively and to make decisions more confidently. With a focus on transforming data, empowering real-time collaboration, and creating impactful insights, Lumivero creates a central data landscape across which its users can identify patterns and trends on which they can take decisive action.
We're looking for an experienced Governance, Risk, and Compliance (GRC) Manager to join our team! The GRC Manager will lead Lumivero's technology risk management program. They will own our response to cybersecurity issues, ensure regulatory alignment with data privacy and and information security standards, and foster a company culture or proactive risk management.Our ideal candidate has experience in supporting cybersecurity, risk management, and Compliance in the SaaS space. They must be an effective collaborator who can communicate easily across the organizition, able to adapt to technical acumen of their audience. This person should be experienced with third party audit projects in a cloud-centric environment, particularly SOC 2. We're also looking for someone who can think strategically and drive a company culture dedicated to effective risk management and cybersecurity.
This role is full-time, Exempt, and fully remote in the USA. It reports to the Vice President, Enterprise IT and Applications.
Responsibilities
- Lead the Lumivero technology risk management program, providing risk oversight to the Lumivero DevOps, R&D, IT and HR teams.
- Own the organization's response to cybersecurity issues identified through various inputs, including, but not limited to, control gaps, external and internal audits, and incidents.
- Coordinate Lumivero’s collective responses to customer information security questions and requests.
- Provide strategic guidance to information-security stakeholders, fostering a culture of proactive risk management, sound decision-making, and critical-issues management planning.
- Manage and own all remediation and report on the progress of finding closure activities.
- Lead risk management initiatives to ensure regulatory alignment to SOC 2, HIPAA, TX RAMP, and other data-privacy and information-security standards.
- Implement policies, procedures, standards, and controls to govern the protection of corporate information systems, networks, and data.
- Partner and engage with departments across the organization, including CISO, IT, R&D, Legal, HR, Accounting and Finance, educating and advocating for compliance considerations and adherence to internal policies.
- Make an impact on the organization’s security program and services through experience with various cybersecurity concepts and frameworks including data governance, risk management, metrics, audit, policy, and standards development.
- Act as liaison with internal and external auditors for regulatory audits/assessments, facilitating meetings, walkthroughs, and discussion of remediation activities for identified deficiencies.
- Support in the execution of the general data privacy assessment processes (including third-party assessments), internal control reviews, and risk assessments to monitor compliance with IT and cybersecurity policies/standards.
- Maintain our security and Compliance trust management platform, Vanta.
- 5+ years of IT audit and Compliance programs experience in a global organization with in-depth knowledge and experience of cybersecurity frameworks such as ISO 27001, SOC 2, NIST CSF, and other regulatory requirements.
- Experience in supporting third-party audit projects in a cloud-centric environment, with a strong aptitude to understand emerging technologies to assure regulatory and Compliance requirements are met.
- Experience collaborating closely with security partners, including incident response, architects and engineers to seamlessly incorporate cybersecurity controls and risk management processes into their day-to-day operations.
- Excellent written communication skills with the ability to document, communicate, and report security assessments as well as the status of the implementation and effectiveness of cybersecurity controls with product and business leaders.
- Ability to communicate with all levels of the organization from C level executives to individual contributors.
- Strong project management skills with the ability to lead and execute security assessment projects and initiatives on time with multiple stakeholders.
- Relevant industry certifications (i.e. CISM, CISA, CISSP, CFE)
Salary
- $105,000 - $120,000 a year, depending on experience.
- This role is eligible for an annual performance bonus.
Benefits
We’re committed to making a positive impact on our employees by cultivating an engaging, satisfying, and rewarding workplace. This includes providing a robust benefits portfolio and other perks that support your career goals as well as your health and well-being.
- Remote-first working opportunities.
- 401(k) with a generous match.
- Flexible time off.
- Generous parental and family leave.
- Professional development opportunities, training, and support.
- Comprehensive health insurance plans.
All these benefits help us empower each person to IMPACT our products, our customers, and our world.
Creating insights is the core of everything we do.
At Lumivero, our mission is to enable customers to organize, analyze and report on data to gain compelling new insights that spark action. Lumivero leverages the combined capabilities of leading data software solution providers, QSR International, Palisade, Tevera and Addinsoft, to empower customers in business and academia to make an impact like never before.
Lumivero team members are operating across five continents in a remote-first work environment. This global commitment helps us to continuing to keep our users our top priority, and positions us to provide better experiences, better support, and better products with global impact.
caIKCJjhw5
