Senior Manager, Governance, Risk And Compliance (Grc)

COMPANY OVERVIEW:

Domo is a native cloud-native data experiences innovator that puts data to work for everyone. Underpinned by AI, data science, and a secure data foundation, our platform makes data actionable with user-friendly dashboards and apps. With, Domo, companies get intuitive, agile data experiences that power exponential business impact.

POSITION SUMMARY:

The Senior Manager, GRC is a key member of Domo's Information Security, Risk and Compliance team responsible for evaluating and supporting initiatives covering information security, policy, risk management, data classification, vendor management, privacy, audit, and awareness. This position assists and leads other members of the Information Security and Compliance team with identifying and assessing potential information security risks, recommending mitigations and helping the risk owners drive the implementation of mitigations to reduce the risk to an acceptable level. In addition, this position assists with performing security assessments and monitoring and tracking compliance status; developing and improving processes, procedures, standards and guidance; providing guidance on security control implementation; and defining and implementing process improvement and maturity initiatives. The position will also be responsible for assisting in developing policies and procedures and evaluating risks and controls to support the company's ISO 27001, ISO 27018, SOC 1, SOC 2, HIPAA, HITRUST and other regulatory and Compliance initiatives. Success in this role requires a good understanding of information security best practices, strong security knowledge, ability to understand and communicate Risk and controls, organization, planning, good communication and writing skills.

KEY RESPONSIBILITIES:

• Lead and manage the Governance, Risk, and Compliance (GRC) program, ensuring alignment with industry standards and regulatory requirements
• Support and oversee compliance efforts for SOC 1, SOC 2, ISO 27001, ISO 27018, HITRUST, HIPAA, and optionally FedRAMP
• Manage global teams, providing leadership, guidance, and mentorship to ensure effective execution of security compliance initiatives
• Collaborate with the Sales organization to address customer inquiries and concerns related to security and Compliance
• Drive the Third-Party Security Risk Management program, including vendor/partner assessments, audits, and ongoing monitoring
• Lead internal initiatives to enhance our cybersecurity posture, including risk assessments, security awareness training, and incident response planning;
• Design and implement security solutions and controls across the board, with a particular focus on Identity and Access Management (IAM), Secure Software Development Life Cycle (SDLC), and Security Awareness;
• Utilize expertise in Cloud platforms like AWS and Azure to ensure secure configurations and implementations;
• Leverage Cloud Security Posture Management (CSPM) tools to enhance security and Compliance in cloud environments;
• Develop and maintain relationships with external auditors, regulators, and industry partners to stay abreast of evolving compliance requirements and best practices;
• Gather relevant information from internal and external assessments and/or audits of information technology systems and processes, interpret results, and develop and communicate recommendations to management;
• Lead the risk-based approach to help develop security strategy and lead and execute various risk-driven tasks based on those strategies;
• Perform and/or facilitate information security risk assessments, report on findings and recommend mitigations;
• Lead the program to effectively and efficiently analyze security risks using real-world security data and systems automation;
• Lead and analyze the security of new or existing applications, product features, software, or specialized utility programs and provide risk recommendations;
• Support our Sec Ops, Sec Engineering, and Compliance teams to develop risk/vulnerability assessment programs to aid in the identification and mitigation of security risks and document specific security issues, propose resolution options, and interpret matters from the perspective of involved stakeholders;
• Lead establishing rules for risk analyses and security assessments which includes addressing controls defined by FIPS 199, NIST SP800-37, NIST SP800-53, NIST SP800-171 for both business operations and technical implementations throughout the company.

JOB REQUIREMENTS:

• Bachelor's degree in computer science, information technology, or related field; Master's degree preferred;
• Minimum of 6 years of experience in cybersecurity compliance, preferably within a technology company;
• Proven track record of managing GRC programs and supporting various compliance frameworks, including SOC 1, SOC 2, ISO 27001, ISO 27018, HITRUST, HIPAA, and optionally FedRAMP;
• Strong technical background in cybersecurity, with hands-on experience working with Cloud platforms like AWS and Azure;
• Experience with Cloud Security Posture Management (CSPM) tools is preferable;
• Experience designing and implementing security solutions and controls across the board, with a focus on Identity and Access Management (IAM), Secure Software Development Life Cycle (SDLC), and Security Awareness;
• Experience managing global teams and driving cross-functional initiatives in a fast-paced environment;
• Excellent interpersonal and communication skills, with the ability to effectively engage with stakeholders at all levels of the organization;
• Demonstrated leadership capabilities, with a focus on empowering teams, fostering collaboration, and driving results;
• Relevant certifications such as CISSP, CISM, CISA, CRISC, or equivalent are highly desirable;
• Familiarity with enterprise-level compliance tools such as ServiceNow, Archer, IBM GRC or other industry equivalent software;
• Knowledge and experience in FedRAMP, NIST SP 800-53 Rev 4, NIST SP 800-37, FISMA, NIST RMF, NIST FIPS 199, ISO 27001, ISO 27018, SSAE 18, HIPAA and HITRUST;
• Experience in cloud-based environments for production applications, including Amazon Web Services, Microsoft Azure, GCP or other large scale cloud deployment;
• Understanding of risks and controls as they pertain to firewalls, IDS/IPS systems, malware controls, URL filtering tools, anti-spam systems, BYOD controls, DLP, VPN, web application firewalls, endpoint security controls, OS hardening, multi-factor authentication, encryption key management, mobile device management, wireless security, full disk encryption, database security controls, containers, and network segmentation;
• Good advisory skills; able to get acknowledgement and commitment on assessment results and proposed mitigations across stakeholders with different interests;
• Strong analytical skills;
• Relationship builder; able to create and maintain a trusted network on all levels;
• Good communication, influencing and negotiating skills.

LOCATION: American Fork, Utah  

BENEFITS: https://www.domo.com/company/careers/culture

Domo is an equal opportunity employer.

#LI-JC

#LI-Onsite