Security and Compliance Manager – GRC Manager (Boston or Washington, DC)
The Senior Manager of Governance, Risk, and Compliance will work with our VP of Business Operations to discover, develop, and enhance business prospects, systems, and processes for our go-to-market teams to support the accomplishment of our revenue goals.
This position will operate remotely out of Boston or Washington, DC, with a possibility of the company establishes an office premises, after which you will have hybrid options.
Compensation: Competitive salary, meaningful equity, and 401k matching.
Health care: Employees receive coverage of medical, dental, and vision insurance.
Monthly stipend to customize benefits
Define and implement a strategy and practices to satisfy commercial and federal GRC and security requirements, and to be regarded by our varied customers as a reliable business partner.
Develop a risk register and controls and put them into place in conjunction with company executives and teams to achieve the desired risk posture.
Drive the improvement of controls and the closing of gaps with internal teams and oversee the corresponding paperwork and compliance proof.
Prepare us for the required audits and assessments and guide us through them (CMMC, SOC2, NIST 800-53, ISO 27001)
Create company trainings, bug bounty programs, and other initiatives in collaboration with leadership to guarantee thorough risk management.
Work one-on-one with customers
Candidates will have:
4-5 years’ experience in GRC and/or Information Security roles
Successfully run an ISO27001 or SOC2 (or more complex) audit
Experience with federal vendor security frameworks such as CMMC
Highly effective at verbal and written communication
Holds information security certification (CISSP, GISP)
Familiar with privacy frameworks (GDPR, CCPA)
IT management experience a plus
1+ years at high growth startup a plus
Must be authorized to work in US. This position is not available on a C2C basis. Currently company is not able to provide sponsorship