GRC Operations, Sr Analyst
Our GRC team is growing and we’re looking for a talented technology audit, compliance, and risk professional to join the team!
The Squarespace GRC team’s initiatives have wide ranging visibility and provide a unique opportunity to actively partner with departments across the organization. The GRC Operations role compliments the GRC Implementation and Analysis team. GRC Operations focuses primarily on developing ongoing audit/monitoring plans for the controls in place throughout our Engineering department. Specifically, the GRC Operations function will be involved in the evaluation of internal control design and operating effectiveness to ensure compliance with security, privacy, and financial reporting programs. In addition to a strong partnership with GRC and Engineering team members, the GRC Ops role will also liaise with teams across the organization (Internal Controls, Finance, Security Engineering) in order to execute technical audits that address the organization’s current needs. Additionally, the GRC Ops role will be involved with the vendor risk management and enterprise security questionnaire processes.
You will report to the Director of GRC and will work closely with them to develop a roadmap for the growth of this function.
RESPONSIBILITIES
- Assist with ongoing maintenance of information security policies.
- Conduct regular self-assessments/audits throughout engineering to confirm adherence to company policy.
- Work closely with engineering teams to understand and document the controls within their particular environment(s).
- Develop roadmaps that outline audit approaches and plans for each quarter.
- Clearly document and communicate the results of audits along with control and/or process improvement recommendations.
- Liaise with Finance, Accounting, and Internal Controls teams to understand business processes and assist with IT controls development and implementation.
- Display in depth and working knowledge of regulatory and compliance reporting and frameworks such as SOX, SOC 1, SOC 2, PCI and ISO27001.
- Work closely with the Security Engineering team to understand their audit needs and build those needs into quarterly roadmaps.
- Provide regular status updates to the Director of GRC and proactively communicate delays in work as they occur.
- Co-manage the vendor security risk management process at Squarespace, with the potential of owning the function in its entirety.
- Co-manage the enterprise customer security questionnaire process at Squarespace, with the potential of owning the function in its entirety.
- Work closely with the Data Privacy team at Squarespace to develop audit and monitoring activities for controls related to GDPR, CCPA, etc.
- Partner with external audit firms on audit and compliance initiatives.
QUALIFICATIONS
- Roles at this level require a university/college degree.
- 5+ years relevant experience in an IT audit/compliance/risk management role.
- Must have experience in controls testing in line with SOX and SOC 1/2/3 frameworks.
- Proven ability to lead and project manage all phases of audit, including planning, execution, and reporting.
- Familiarity with coordinating across departments (Internal Controls, Finance, Accounting, People).
- Ability to effectively communicate audit findings and recommendations to stakeholders.
- Experience in assisting in the implementation of an IT internal audit function is a plus.
- Data privacy experience is a plus.
- Experience with technical security audits is a major plus.
- Should have experience with identifying, tracking, reporting and remediating IT procedural and technical risk.
- Working knowledge of web based technologies and cloud environments is desired to achieve success in this role.
- Big-4 experience is a plus.
- CISA or CISSP certification is strongly preferred.
About Squarespace
Squarespace makes beautiful products to help people with creative ideas succeed. By blending elegant design and sophisticated engineering, we empower millions of people — from individuals and local artists to entrepreneurs shaping the world’s most iconic businesses — to share their stories with the world. Squarespace’s team of more than 1,000 is headquartered in downtown New York City, with offices in Dublin and Portland. For more information, visit www.squarespace.com/about.
Benefits & Perks
- Health insurance with 100% premium covered for you and your dependent children
- Flexible vacation & paid time off
- Up to 20 weeks of paid family leave
- Equity plan for all employees
- Retirement benefits with employer match
- Fertility and adoption benefits
- Free lunch and snacks at all offices
- Education reimbursement
- Dog-friendly workplace in New York office
- Commuter benefit in the form of reduced tax (Ireland) and pretax (US)
Today, more than a million people around the globe use Squarespace to share different perspectives and experiences with the world. Not only do we embrace and celebrate the diversity of our customer base, but we also strive for the same in our employees. At Squarespace, we are committed to equal employment opportunity regardless of race, color, ethnicity, ancestry, religion, national origin, gender, sex, gender identity or expression, sexual orientation, age, citizenship, marital or parental status, disability, veteran status, or other class protected by applicable law. We are proud to be an equal opportunity workplace.