Aera is looking for a motivated Head of Governance & Compliance to be an integral part of our house information security team. We’d love to talk to you if you’re a talented individual who is passionate aboutdeveloping a sustainable structure, processes and solutions for assessing risk and managing complex regulatory and industry standard requirements across diverse a diverse business and technology landscape. If that mission sounds exciting to you, we have a few different flavors of projects you might be looking for. It's an amazing time to be working at Aera.
This is a unique role with lots of exposure to all levels of the organization where you can help mold the products Aera produces.
- Work with stakeholders to establish IT audit procedures relevant to SOX, HIPAA, ISO and/or international data protection/privacy laws and regulations.`
- Review operational, financial, and technological processes to provide management with an assessment of business and IT risks and overall effectiveness.
- Create, manage, and hold staff accountable for corrective action plans (CAPs).
- Audit and monitor privileged access to critical information systems; authentication and authorization processes; change control processes and IT operations processes.
- Investigate reports of non-compliance and provide recommendations for corrective actions.
- Vendor Risk Management
- Assist in the creation of Compliance specific content that is included in the materials distributed to the Board of Directors
- Perform audit of product releases to ensure compliance with established standards and processes and effectively communicate findings/gaps and make recommendations for improvement
- Bachelor’s Degree and 8+ years of experience building out a GRC program, including but not limited to, compliance, audit, internal controls, and other security controls related areas for an Enterprise SaaS solution.
- You have experience in securityrisk management, controls assessment, and communicating results to multiple levels of management.
- You have worked with both business and technical risk and understand how to translate between the two and communicate to various levels of technical and business management.
- Comprehensive knowledge of SOC 2, ISO27K1, HIPAA, SOX, and global data protection and privacy laws
- Excellent written and verbal communication / presentation skills – with varied audiences across the organization
Nice to Have
- Professional certifications in the security, privacy, risk management and audit areas highly desirable, such as: CISSP, CRISC, CISM, CISA, CIPP, CIPT, CPA