Manager – Governance
Risk, And Compliance
Posted on 2/12/2024
Abnormal Security

501-1,000 employees

Cloud-Native Email Security
Company Overview
Abnormal Security's mission is to protect the internet. They will protect knowledge workers across the cloud, wherever they work.
AI & Machine Learning
Cybersecurity

Company Stage

Series C

Total Funding

$284M

Founded

2018

Headquarters

San Francisco, California

Growth & Insights
Headcount

6 month growth

10%

1 year growth

9%

2 year growth

90%
Locations
Remote in USA
Experience Level
Entry
Junior
Mid
Senior
Expert
Desired Skills
Communications
Management
CategoriesNew
Legal & Compliance
Requirements
  • 6+ years of experience in GRC and/or technical compliance roles
  • 3+ years leading GRC teams and programs
  • Bachelor’s degree or equivalent military experience with at least 7 years of Risk Assurance/Compliance and or Information Security experience
  • Strong understanding of security concepts and practical usage
  • Strong understanding of policy and data management
  • Strong understanding of risk management, and business resiliency, business continuity, and disaster recovery for a SaaS/cloud-native organization
  • Strong understanding and practical experience working with ISO 27001, ISO 27701, NIST cyber framework, or others such as HITRUST and NIST SP800-53, NIST SP800-171, and CMMC
  • A solid grasp of audit, security, financial, and operational internal control methodologies and terminology (e.g., COSO)
  • Proven experience leading evaluations/audits and implementing controls, and with managing SOC 2 and ISO 27001 audits in a SaaS environment
  • Demonstrated track record of successfully executing projects with an emphasis on delivering results
  • Ability to effectively communicate governance, risk, and audit functions to executives
  • Familiarity with Governance Risk Compliance (GRC) tools
Responsibilities
  • Manage GRC domains such as internal and external audits, policies management, data governance activities, and security and privacy awareness
  • Ensure program activities align with strategy and manage the timely and high-quality execution of GRC landmarks
  • Lead Policy Management including maintaining policy content and structure, managing policy repository and communication, policy lifecycle management, communication, developing solutions to rectify policy gaps, and educating policy owners
  • Lead Data Governance to define, develop, and implement capabilities to govern data handling and educate data owners
  • Define, develop, and implement capabilities to manage third-party risks
  • Lead the Compliance Program including development of the audit plan in partnership with leadership, leading audits, driving internal control effectiveness, and working with and training control owners
  • Support enterprise risk assessment activities, including BCP-DR
  • Drive remediation and mitigation activities, also known as issues management, including root cause analysis and owning the design, tracking, and progress of action plans in partnership with internal business partners
  • Design and manage program operations to support the program goals and implement and maintain technology to support the program and its operations
  • Engage in ad-hoc projects as required
  • Maintain regular, clear communication with project teams, key partners, and management regarding the status of controls testing, audit progress, risk assessment progress, and progress of issues management
  • Effectively communicate program and project execution status, program health and effectiveness, key accomplishments, and risks to senior management both within Security and to our business partners
Desired Qualifications
  • CRISC, CISSP, CPA, CISA, PMP, CISM certification(s)
  • Prefer a degree in information assurance, computer science, information security, or business
  • Experience preferably at a technology or SaaS / Cloud and/or with a regulated public company
  • 2+ years of Big 4 experience