Governance & Compliance Manager

8 - 10 years experience  • 

Salary depends on experience
Posted on 04/19/18
Mountain View, CA
8 - 10 years experience
Salary depends on experience
Posted on 04/19/18

Aera is looking for a motivated Head of Governance & Compliance to be an integral part of our house information security team. We’d love to talk to you if you’re a talented individual who is passionate aboutdeveloping a sustainable structure, processes and solutions for assessing risk and managing complex regulatory and industry standard requirements across diverse a diverse business and technology landscape.  If that mission sounds exciting to you, we have a few different flavors of projects you might be looking for. It's an amazing time to be working at Aera.
This is a unique role with lots of exposure to all levels of the organization where you can help mold the products Aera produces.

Responsibilities

    • Work with stakeholders to establish IT audit procedures relevant to SOX, HIPAA, ISO and/or international data protection/privacy laws and regulations.`
    • Review operational, financial, and technological processes to provide management with an assessment of business and IT risks and overall effectiveness.
    • Create, manage, and hold staff accountable for corrective action plans (CAPs).
    • Audit and monitor privileged access to critical information systems; authentication and authorization processes; change control processes and IT operations processes.
    • Investigate reports of non-compliance and provide recommendations for corrective actions.
    • Vendor Risk Management
    • Assist in the creation of Compliance specific content that is included in the materials distributed to the Board of Directors
    • Perform audit of product releases to ensure compliance with established standards and processes and effectively communicate findings/gaps and make recommendations for improvement

About You

    • Bachelor’s Degree and 8+ years of experience building out a GRC program, including but not limited to, compliance, audit, internal controls, and other security controls related areas for an Enterprise SaaS solution.
    • You have experience in securityrisk management, controls assessment, and communicating results to multiple levels of management.
    • You have worked with both business and technical risk and understand how to translate between the two and communicate to various levels of technical and business management.
    • Comprehensive knowledge of SOC 2, ISO27K1, HIPAA, SOX, and global data protection and privacy laws
    • Excellent written and verbal communication / presentation skills – with varied audiences across the organization

Nice to Have

    • Professional certifications in the security, privacy, risk management and audit areas highly desirable, such as: CISSP, CRISC, CISM, CISA, CIPP, CIPT, CPA

Not the right job?
Join Ladders to find it.
With a free Ladders account, you can find the best jobs for you and be found by over 20,0000 recruiters.