Governance Risk and Compliance Lead

Governance Risk and Compliance Lead

Apply locations Remote MA posted on Posted 30+ Days Ago job requisition id R-100108

Job Description:

• Program Development:
  • Architect and implement the GRC program, aligning it with business objectives and regulatory requirements.
  • Mentor and develop talent as the team grows in the future.
• Compliance Frameworks:
  • Manage key compliance frameworks such as ISO 27001 and SOC 2, ensuring organizational practices meet or exceed these standards.
  • Maintain a comprehensive understanding of applicable laws and regulations to ensure the organization remains compliant, adapting our compliance strategy to reflect regulatory changes and industry trends.
• Risk Assessment and Risk Register:
  • Perform cyber risk assessments and maintain a detailed risk register, tracking and prioritizing risks to ensure effective risk mitigation and management.
• Third-Party Risk Management:
  • Implement a third-party risk management process, conducting due diligence and continuous monitoring of vendor compliance.
• Policy and Procedure Oversight:
  • Continuously review and update security policies and procedures to maintain current and enforceable standards.
• Collaborative Leadership:
  • Work collaboratively with the product team, IT, and other security leaders to integrate GRC into product development, IT operations, and overall security strategy.
  • Work with Product Owners to ensure their compliance with global policies and regulations.
• Reporting and Metrics:
  • Develop and provide reporting metrics for compliance and risk management frameworks to senior leadership, ensuring transparency and accountability in our GRC efforts.
• Continuous Improvement:
  • Champion continuous improvement within the GRC program, ensuring responsiveness to new challenges and regulatory changes.
• Regulatory Monitoring:
  • Monitor and assess new regulatory frameworks globally that may impact our ability to do business, ensuring proactive adaptation of our compliance strategies.
• Product Compliance Tracking:
  • Track compliance per product, ensuring all products meet global policies and regulations.
• Audit Efforts:
  • Lead audit efforts for security, ensuring the organization’s security practices are thoroughly evaluated and meet required standards.
• Sales Support:
  • Assist the sales team with RFP questionnaires, providing detailed and accurate information to support business development efforts.

Requirements

• Professional Certifications:
  • Certifications such as CISA, CIA, ISO/IEC 27001 Lead Implementer, or ISO/IEC 27001 Lead Auditor are highly valued.
• Experience:
  • Minimum 8 years of experience in GRC with a strong emphasis on compliance management in the software or technology industry.
• Education:
  • Bachelor’s degree in a related field, with an advanced degree or additional certifications beneficial.
• Program Building:
  • Proven capability to build and scale GRC programs from the ground up.
• Communication:
  • Exceptional communication skills, crucial for effective program advocacy and stakeholder engagement.
• Risk Management:
  • Expert-level understanding of risk management practices and the ability to convey complex risk scenarios to various stakeholders.
• Preferred Tools:
  • Experience using modern GRC tools such as Vanta or Drata is preferred.

Benefits & Compensation

• Competitive compensation package
• Full benefits package (medical, dental, vision) with option for HSA
• FSA and DCFSA
• Pet insurance
• Paid Time Off (FlexPTO, parental leave, volunteering time off)
• 401K (with employer match)
• Life/AD&D (paid for by Kaleris)
• Disability (LTD and STD plan paid for by Kaleris)
• Employee Assistance Program
• Career growth and mentorship

Kaleris is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.