How Remoteville checks and expires listings
Governance, Risk, and Compliance (GRC) Manager
Skills
FedrampGeneral Data Protection RegulationGovernanceRisk ManagementAnd ComplianceISO 27001Industry Standards
What the job involves
The main requirements, responsibilities and hiring steps.
Requirements
- Bachelor’s degree in Information Security, Computer Science, or a related field
- Master's degree is a plus
- Minimum of 5 years of experience in a similar role within a software development and SaaS environment
- Professional certifications such as CISA, CISSP, or Certified ISO 27001 Lead Auditor are highly advantageous
- In-depth knowledge of SOC 2 Type II, ISO 27001, FedRAMP, Cyber Essentials, GDPR, CSA Star Level 1 frameworks, and PCI-DSS
- Strong understanding of governance, risk, and compliance principles
- Excellent analytical, problem-solving, and decision-making skills
- Strong communication and interpersonal skills with the ability to interact with all levels of the organization
- Ability to manage multiple projects and meet deadlines in a fast-paced environment
- High attention to detail and organizational skills
- Demonstrable experience in GRC and comfortable working across the breadth and depth of a large multi-cloud security compliance program
- Ability to prioritize and track multiple projects in parallel
- Experience in security-related analysis, creating metrics and dashboards, and summarizing large data sets
- Prior experience in working with a GRC tool implementation (e.g., HyperProof)
- Advanced technical understanding of key technologies such as operating systems, networks, application development, databases, virtualization, and cloud infrastructures
- Ability to think strategically about risks and tie those risks to tactical organizational activities
- A passion for developing talent and fostering a collaborative team environment
Day to day
- Manage and sustain the company's multiple security certifications
- Address customer assessment questionnaires and audits, both pre- and post-sales
- Conduct risk assessments, maintain the risk register, and collaborate with various internal teams to mitigate risks
