Compensation Overview

$100,000 - $125,000

Junior, Mid, Senior

Remote + 1 more

Required Skills

Communications

Management

Requirements

Two to five years of program management for a vendor risk management program, or acute knowledge as a contributor or auditor
Preference for BS in vendor management, finance, accounting, privacy, risk management, information security, procurement, risk management or related discipline
Understanding of information systems audit requirements and frameworks (with preference for SOC 2, HIPAA)
Strong communication skills with the ability to share your knowledge and encourage others to embrace our Trust programs
Strong attention to detail and project management skills: ability to drive projects from beginning to closure with auditable documentation
A trust mindset with a business sense, you understand the cost-benefit of implementation
Risk, compliance, and/or privacy domain expertise demonstrated by coursework, experience, or certifications like CISA, CIPP, CRISC, IAPP
Some experience with the privacy aspects of HIPAA, state, federal and international privacy regulations
Compensation: $100,000 - $125,000

Responsibilities

Become the company's vendor risk management expert - the majority of the role will be focused on the company's vendor risk management program. Inheriting, owning, and improving the program, working with other members of the Trust team, internal stakeholders and the vendors themselves to ensure the program operates as intended and executive management has a clear understanding of risks associated with vendor engagements. Understand the business use-case for each proposed vendor and all data that will be involved in the arrangement. Establish a baseline vendor risk, identifying areas of potential exposure. Review contracts/agreements/documentation, noting areas of potential concern for Gloo and other Gloo business teams. Lead assessment of vendor risk via pre-contract due diligence, report on high level risks and inadequate controls to executive management, develop and maintain workflow processes to ensure controls are adequate and meet internal baselines. Provide guardrails or risk mitigation requirements where required; manage vendor risk in accordance with internal policy and regulatory requirements; monitor vendor implementation to ensure Trust requirements are met. Support development and deployment of a training program to facilitate the effective application and awareness of vendor risk management. Perform annual re-evaluations for critical vendors
Inheriting, managing, and improving the company's incident response program and activities, working closely with Security, management, engineering, support, and other stakeholders to ensure the program operates as intended. Triage events and determine event severity. Take appropriate steps to investigate any Trust event, including forming an incident response team and coordinating with internal and external stakeholders. Document investigation of a Trust event, manage the work plan, track tasks to completion. Communicate incident status and recommendations to executive management, including risks and obligations connected to an incident. Conduct a Post Mortom to determine areas of improvement including potential training opportunities. In coordination with Security, coordinate an annual incident response/business continuity tabletop
Monitoring, educating about, and improving the company's logical access controls. Understanding and improving the company's logical access control requirements, identifying areas for improvement. Educating and guiding internal teams regarding logical access control requirements and providing guidance for compliance
Operationalizing roadmaps and objectives as set forth by the Security and Privacy teams
Assisting in administering and improving a variety of the company's other Trust Operations programs, including, without limitation, understanding Gloo's multiple control frameworks (SOC 2, NIST, NYMITY, HIPAA, others) - developing and maintaining knowledge of security and privacy regulatory environments applicable to the company, internal auditing of Trust programs, maintaining an accurate system inventory, Trust policy development and communication, risk identification and management
Serving as a full-time member of the Trust Operations team, collaborating with other team members from Trust, Product, Engineering, Data, IT, and Support Services to administer and improve the company's Trust programs

Gloo was founded as a mission-driven organization with the goal to release the passion in every person to Champion the growth of another so they can be all they were born to be.

Today, organizations of all sizes in the faith space use Gloo’s products to become more informed, better connected, and fully equipped to overcome their greatest challenges and achieve powerful outcomes, helping people progress through their personal growth journeys.

By building a common platform, we are creating a shared infrastructure that removes friction, promotes collaboration, and equips leaders with the right tools to galvanize personal growth and change lives. We are a fast-moving and passionate team that is looking for more talented professionals who are driven to make a positive impact.

The Opportunity :

As a member of the Trust Operations Team, you will own and manage certain SOC 2 control categories, while also operationalizing roadmaps and objectives set forth by the other Trust teams (Security, Privacy, Legal). Serving on the front-line, you understand compliance and own specific Trust programs while also having an appreciation for balancing business value and partnering with our business teams (including but not limited to: procurement, product, engineering, marketing, support, finance, accounting, legal).

The Team:

You will join a team that is developing, operating and improving a Trust program that must meet and exceed the expectations of Gloo’s champions and the community we serve. Our business and ability to serve our champions is dependent upon the trust we develop and you are central to that core value proposition.

What You’ll Be Doing:

Become the company’s vendor risk management expert - the majority of the role will be focused on the company’s vendor risk management program. Inheriting, owning, and improving the program, working with other members of the Trust team, internal stakeholders and the vendors themselves to ensure the program operates as intended and executive management has a clear understanding of risks associated with vendor engagements. Understand the business use-case for each proposed vendor and all data that will be involved in the arrangement. Establish a baseline vendor risk, identifying areas of potential exposure. Review contracts/agreements/documentation, noting areas of potential concern for Gloo and other Gloo business teams. Lead assessment of vendor risk via pre-contract due diligence, report on high level risks and inadequate controls to executive management, develop and maintain workflow processes to ensure controls are adequate and meet internal baselines. Provide guardrails or risk mitigation requirements where required; manage vendor risk in accordance with internal policy and regulatory requirements; monitor vendor implementation to ensure Trust requirements are met. Support development and deployment of a training program to facilitate the effective application and awareness of vendor risk management. Perform annual re-evaluations for critical vendors.
Inheriting, managing, and improving the company’s incident response program and activities, working closely with Security, management, engineering, support, and other stakeholders to ensure the program operates as intended. Triage events and determine event severity. Take appropriate steps to investigate any Trust event, including forming an incident response team and coordinating with internal and external stakeholders. Document investigation of a Trust event, manage the work plan, track tasks to completion. Communicate incident status and recommendations to executive management, including risks and obligations connected to an incident. Conduct a Post Mortom to determine areas of improvement including potential training opportunities. In coordination with Security, coordinate an annual incident response/business continuity tabletop.
Monitoring, educating about, and improving the company’s logical access controls. Understanding and improving the company’s logical access control requirements, identifying areas for improvement. Educating and guiding internal teams regarding logical access control requirements and providing guidance for compliance.
Operationalizing roadmaps and objectives as set forth by the Security and Privacy teams.
Assisting in administering and improving a variety of the company’s other Trust Operations programs, including, without limitation, understanding Gloo’s multiple control frameworks (SOC 2, NIST, NYMITY, HIPAA, others) - developing and maintaining knowledge of security and privacy regulatory environments applicable to the company, internal auditing of Trust programs, maintaining an accurate system inventory, Trust policy development and communication, risk identification and management.
Serving as a full-time member of the Trust Operations team, collaborating with other team members from Trust, Product, Engineering, Data, IT, and Support Services to administer and improve the company’s Trust programs.

What We’re Looking For:

Two to five years of program management for a vendor risk management program, or acute knowledge as a contributor or auditor
Preference for BS in vendor management, finance, accounting, privacy, risk management, information security, procurement, risk management or related discipline
Understanding of information systems audit requirements and frameworks (with preference for SOC 2, HIPAA).
Strong communication skills with the ability to share your knowledge and encourage others to embrace our Trust programs
Strong attention to detail and project management skills: ability to drive projects from beginning to closure with auditable documentation
A trust mindset with a business sense, you understand the cost-benefit of implementation
Risk, compliance, and/or privacy domain expertise demonstrated by coursework, experience, or certifications like CISA, CIPP, CRISC, IAPP
Some experience with the privacy aspects of HIPAA, state, federal and international privacy regulations

Compensation: $100,000 - $125,000

Our Team Members Enjoy:

Compensation and bonus commensurate with experience
Plenty of time off to keep you balanced
Medical benefits with multiple plan offerings, HSA contribution, and Dental and Vision plans
A dynamic, talented team, dedicated to changing the world and building an incredible business
Onsite and virtual social events to keep us connected in our hybrid work environment
Beautiful office space in downtown Boulder on Pearl Street, steps from coffee shops and blocks from hiking trails

Applicants offered employment will be required to provide evidence of authorization to work in the United States, and will be required to work from a physical location within the United States in accordance with Gloo’s Remote Work Policies.

Gloo

View

Website

View Company Profile

Gloo is a leading platform in the faith ecosystem, fostering a supportive culture by connecting individuals with partners, content, and funding opportunities to achieve their goals and make a significant impact. Their competitive advantage lies in their unique focus on faith-based communities, providing a trusted platform for collaboration and growth. Through their technical prowess, they have successfully harnessed the power of digital connectivity to lead the industry in fostering faith-based community development.

Company Stage

N/A

Total Funding

$46.5M

Headquarters

Boulder, Colorado

Founded

2010

Growth & Insights

Headcount

6 month growth

↓ -19%

1 year growth

↓ -10%

2 year growth

↓ -5%

INACTIVE