As our Governance, Risk and Compliance (GRC) Director, you will report directly to the Head of Security at Rally. You will focus on bringing our GRC program to the next level, integrating Policy Management, Risk Management and Compliance. And don't get the wrong impression - this is no ordinary check-the-box GRC program… we are building an excellent program that will actually guide security strategy at Rally! Come join us to make it happen!
- Be an essential member of the Security Leadership Team, helping shape overall strategy
- Manage our GRC Team, comprised of four professionals
- Manage Security Policy, Risk Management (including Vendor Security), and our security audits
- Guide the Team in maturing and maintaining Rally's Risk Register and Security Control Library in our GRC system (ZenGRC).
- Lead the team in integrating audit testing with the Control Library, capturing on-going control effectiveness feedback for risk assessments
- Mature the Risk Management Program to produce strategic insight for security decisions.
- Work with SMEs across the organization to mature/design security controls & mitigate risk
- Perform product security assessments
- 15+ years of information security/compliance/audit experience or Information Technology (IT)
- 5+ years experience in GRC, with experience managing security risks and designing controls.
- 5+ years experience in people management
- Passion for GRC as a strategic approach, not a check-the-box exercise
- Security certifications encouraged (CISA or CISSP)