Responsibilities

• Manage Hive’s current risk management program
• Manage external and internal audits, including reviewing materials that require attention for accuracy and properly adhering to regulatory expectations.
• Implement ISMS in coordination with executive and mid-level management
• Participate in building a comprehensive Governance, Risk and Compliance program
• Work with Engineering and Product teams to identify process improvements and efficiencies in areas change management, access management and general technology process controls.
• Provide compliance, risk, and controls expertise to support information security and compliance initiatives.
• Protect the business by assisting with cyber security risk assessments.
• Maintain awareness of industry best practices for data maintenance handling as it relates to your role
• Manage security and privacy training programs
• Adhere to and champion policies, guidelines and procedures pertaining to the protection of information assets
• Manage external security, privacy, and compliance requirements, including both internal requirements for vendors as well as external requirements placed on Hive
• Report actual or suspected security and/or policy violations/breaches to an appropriate authority
• Define, develop, implement, and maintain our policies and processes that enable consistent, effective privacy practices that minimize risk and ensure the confidentiality of protected information, paper and/or electronic, across all media types and comply with applicable privacy laws and regulations

Requirements

• Bachelor’s degree or related experience
• Minimum 4+ years experience related to conducting risk-based assessment for information systems and/or operations.
• Minimum 1+ years experience running a comprehensive Governance, Risk and Compliance program
• Minimum 2+ years experience leading industry standard (ISO 27001 or SOC 1/2) audits from either side
• Strong knowledge of applicable privacy laws (CCPA/CPRA, GDPR)
• Ability to communicate in a written and oral format to technical and non-technical audiences in a business-friendly manner
• Demonstrated success in a competitive environment
• Highly self-motivated and ambitious in achieving goals
• Strong team player, but can work and execute independently
• Driven; no one needs to push you to excel; that’s just who you are
• Hungry to learn and actively look for opportunities to contribute
• Highly organized and detail-oriented; can handle multiple projects and dynamic priorities without missing a beat