What you’ll do
Policy Lifecycle Management:
- Own the ongoing review and maintenance of organizational security policies, standards, and procedures.
- Assist in identifying policy gaps based on evolving regulatory requirements, business needs, and industry best practices.
Compliance Program Support:
- Serve as a primary cross-functional coordinator with other dedicated compliance teams (e.g., Legal, Regulatory Affairs, Internal Audit) to design and maintain a unified, strategic governance roadmap.
- Ensure all corporate compliance activities are aligned, documented, and consistently executed across the enterprise.
Third-Party Risk Management (TPRM):
- Lead security risk assessments for new and renewing third-party vendors as part of the procurement lifecycle.
- Track remediation items and collaborate with stakeholders to address identified risks.
Audit & Certification Coordination:
- Coordinate and support the organization's annual security audits and certifications (e.g., SOC 2, PCI, CIS).
- Coordinate evidence collection, track action items, communicate with stakeholders, and assist with audit readiness activities.
- Lead cross-functional coordination with internal SMEs to support evidence collection, reviewing appropriateness, tracking action items, and ensuring timely submission.
- Act as a secondary liaison with external auditors.
- Serve as a subject matter resource in interpreting and mapping security controls to operational processes and supporting evidence.
Security Training Program:
- Assist with the administration and continuous improvement of the company’s security awareness and training program, including tracking completion metrics and updating training content as needed.
Regulatory & Compliance Support:
- Work in close partnership with Legal and Regulatory teams to interpret new and changing compliance requirements.
- Provide security insight to ensure corporate practices and technology align with legal and regulatory mandates.
Governance and Process Improvement:
- Proactively identify and drive improvements to the efficiency, consistency, and scalability of GRC processes and documentation.
- Contribute to initiatives that enhance operational maturity and reduce organizational risk.
- Assist with the administration, maintenance, and continuous improvement of the organization’s GRC platform and related workflows.
Risk & Issue Management Support:
- Maintain and help evolve risk and issues registries, tracking exceptions, risk owners, update timelines, and supporting broader risk management initiatives across Security and IT functions.
What you have
- 5+ years of experience in Governance, Risk, and Compliance (GRC), Information Security, IT Audit, or related fields.
- Experience independently managing audits, compliance initiatives, or governance programs with limited supervision.
- Experience working with security and compliance frameworks such as SOC 2, ISO 27001, SOX 404, PCI-DSS, NIST, GDPR, CIS or similar standards.
- Familiarity with audit processes including evidence gathering/review, remediation tracking, and auditor coordination.
- Experience maintaining or developing security policies, standards, and procedures.
- Hands-on experience conducting Third-Party Risk Management (TPRM) assessments, including vendor security reviews, questionnaire evaluations, risk analysis, remediation tracking, and ongoing monitoring.
- Experience identifying, documenting, tracking, and communicating security and compliance risks to technical and non-technical stakeholders, including supporting risk remediation and exception management processes.
- Experience working with GRC platforms and tooling to manage compliance activities, risk registers, policy lifecycle management, audit evidence collection, and workflow automation.
- Experience interpreting and mapping security and compliance controls to operational processes and evidence requirements.
- Familiarity with the impact of Governance, Risk, and Compliance (GRC) on the Secure Software Development Life Cycle (SSDLC) and IT operations.
- Experience supporting privacy and data protection compliance initiatives, including CCPA, consumer privacy regulations, and broader PII/data handling protection requirements.
- Strong written and verbal communication skills with the ability to collaborate across technical and non-technical teams.
- Strong organizational skills and ability to manage multiple priorities effectively.
- Strong project management experience.
What makes you stand out
- Industry certifications such as CISSP, CISM, CISA, CRISC, Security+, or similar.
- Experience working in high-growth technology or regulated environments.
- Familiarity with GRC tooling such as Vanta, Drata, Archer, OneTrust, or ServiceNow GRC.
- Experience supporting PCI-DSS, privacy, or state regulatory compliance initiatives.
- Exposure to security awareness platforms and vendor risk management tooling.
- Experience helping mature or scale governance and compliance programs.
Compensation
The typical salary range for this position is $110,000 to $120,000.