The Basics
Tanium is looking for a Governance, Risk, and Compliance (GRC) Director to join the information security team. This position reports directly to the CISO.
The GRC Director is a leader with strong knowledge of security frameworks, controls, and audit techniques who seeks to improve how compliance programs are implemented and maintained. The ideal candidate will bring a passion for improving the customer experience by easing operational burdens associated with compliance and will have a focus on enhancing transparency across the security landscape.
Candidates should be highly organized and detail-oriented with excellent communication skills and a strong bias towards getting things done while advocating for continuous improvement. As a leader within the Information Security Team, the GRC Director takes a significant role in actively promoting a culture of information security throughout the organization.
What you’ll do
- Proactively and consistently manage the Tanium’s mission critical compliance frameworks, including ISO 27001, SOC2 Type 2, FedRAMP, and other frameworks
- Develop, enhance, operationalize enterprise-level security, risk and privacy policies, processes and controls to mitigate risk and comply with applicable laws and regulations
- Own and manage the Tanium’s risk quantification & management program
- Manage & improve process to respond to client audit and related requests in a timely manner
- Own and implement a vision for GRC tactics and methods which scale with Tanium’s business needs and balance efficient execution with comprehensive and repeatable processes
- Manage, support and inspire a team of GRC professionals
- Oversee third party technical risk assessments and related audit activity
- Serve as a subject matter expert for information security risk management principles and practices.
- Collaborate with executives and key stakeholders across Tanium to review projects, assess business critical systems and ensure compliance with compliance frameworks and data privacy laws
- As necessary, perform and advise on privacy impact assessments
- Perform internal technical risk assessments/audits
- Proactively assesses potential items of risk and opportunities
- Promote a culture of information security across all business units
- Understand the role of systems and technology within the firm and the value they deliver to the business
We’re looking for someone with
- Education
- Bachelor’s Degree in Computer Science, IT or other relevant degree or equivalent work experience
- Experience
- 7+ years of experience in Information Security and/or Data Privacy Compliance positions
- Deep expertise implementing and managing Federal compliance frameworks such as FedRAMP, CMMC, etc.
- Deep expertise in common compliance standards, eg. ISO27001/270017/270018, SOC 2, NIST CSF and PCI DSS
- Strong knowledge of the global data security regulatory environment
- Strong knowledge of global privacy regulations and requirements (eg. CCPA, GDPR, HIPAA, PIPEDA, UK DPA and Privacy Shield, and others)
- Propensity for making analytical risk-based decisions and recommendations
- Ability to convey complex information in a clear and concise manner both verbally and in written form
- Demonstrated track record of managing a team of highly motivated, independent analysts/SMEs
- Experience with Objectives and Key Results (OKRs) and/or kanban principles
About Tanium
Tanium delivers the industry’s only true real-time cloud-based endpoint management and security offering. Its converged endpoint management (XEM) platform is real-time, seamless, and autonomous, allowing security-conscious organizations to break down silos between IT and Security operations that results in reduced complexity, cost, and risk. Securing more than 32M endpoints around the world, Tanium’s customers include Fortune 100 organizations, top US retailers, top US commercial banks, and branches of the U.S. Military. It also partners with the world’s biggest technology companies, system integrators, and managed service providers to help customers realize the full potential of their IT investments. Tanium has been named to the Forbes Cloud 100 list for nine consecutive years and ranks on the Fortune 100 Best Companies to Work For. For more information on The Power of Certainty™, visit www.tanium.com and follow us on LinkedIn and X.
On a mission. Together.
At Tanium, we are stewards of a culture that emphasizes the importance of collaboration, respect, and diversity. In our pursuit of revolutionizing the way some of the largest enterprises and governments in the world solve their most difficult IT challenges, we are strengthened by our unique perspectives and by our collective actions.
We are an organization with stakeholders around the world and it’s imperative that the diversity of our customers and communities is reflected internally in our team members. We strive to create a diverse and inclusive environment where everyone feels they have opportunities to succeed and grow because we know that only together can we do great things.
Each of our team members has 5 days set aside as volunteer time off (VTO) to contribute to the communities they live in and give back to the causes they care about most.
What you’ll get
The annual base salary range for this full-time position is $130,000 to $390,000. This range is an estimate for what Tanium will pay a new hire. The actual annual base salary offered may be adjusted based on a variety of factors, including but not limited to, location, education, skills, training, and experience.
In addition to an annual base salary, team members will receive equity awards and a generous benefits package consisting of medical, dental and vision plan, family planning benefits, health savings account, flexible spending account, transportation savings account, 401(k) retirement savings plan with company match, life, accident and disability coverage, business travel accident insurance, employee assistance programs, disability insurance, and other well-being benefits.
For more information on how Tanium processes your personal data, please see our Privacy Policy.
#Hybrid