Director of Governance Risk and Compliance at Rent the Runway
Rent the Runway (RTR) is transforming the way we get dressed by pioneering the world’s first Closet in the Cloud. Founded in 2009, RTR has disrupted the $2.4 trillion fashion industry by inspiring women with a more joyful, sustainable and financially-savvy way to feel their best every day. As the ultimate destination for circular fashion, the brand now offers infinite points of access to its shared closet via a fully customizable subscription to fashion, one-time rental or ownership. RTR offers designer apparel, accessories and home decor from 700+ brand partners and has built in-house proprietary technology and a one-of-a-kind reverse logistics operation. Under CEO and Co-Founder Jennifer Hyman’s leadership, RTR has been named to CNBC’s “Disruptor 50” five times in ten years, and has been placed on Fast Company’s Most Innovative Companies list multiple times, while Hyman herself has been named to the “TIME 100” most influential people in the world and as one of People magazine’s “Women Changing the World.”
About the Information Security Team:
We are currently growing our Governance Risk and Compliance team in order to protect and scale our enterprise as well as meet ongoing requirements. Our team works closely with IT, Infrastructure, and Engineering, to ensure the security posture of Mission Critical Production Environments, build GRC into the software development life-cycle, as well as deploy and maintain tooling and processes.
Rent the Runway is transforming its technology risk management, compliance and information security capabilities. We are investing in these areas to address our rapidly growing business and to address an ever increasing threat and regulatory compliance requirements.
About the Job:
The Director of Governance Risk and Compliance is a critical position within the team, and has risk and compliance responsibilities from a technology and security perspective across the organization. Working closely with stakeholders, this position will be responsible for operating and enhancing the GRC efforts to raise the overall compliance and security posture and reduce and mitigate risk levels for RTR. Working across multiple frameworks and regulatory standards including, but not limited to SOX, GDPR, CCPA, PCI-DSS, NIST CSF, etc. This individual will liaise with Software Engineering, Finance, Corporate Systems, Operations, Legal, Internal Audit and other stakeholders to implement new solutions and processes as well as remediate outstanding issues.
What You’ll Do:
- This role is responsible for providing information security risk management and compliance subject matter expertise for RTR’s corporate assets, fulfillment centers and production applications.
- The GRC Director is responsible for the design, implementation and operations of controls and processes.
- Maintains updated knowledge of best practices in the field of technology risk management, compliance and data privacy
- Responsible for informing leadership of issues resulting from risk analysis and determining potential solutions that are appropriate for Rent the Runway’s business and system architecture.
- Interacts with technology-focused teams and business stakeholders to understand risks to critical systems and data by defining potential business impact with the responsibility to apply effective mitigation strategies.
- Manage internal and 3rd party audits/assessments, as well as facilitate evidence collection
- Maintain a risk register to manage our various technology risk and compliance programs
- Manage our training and education efforts across the company so everyone knows the rules
- 10+ years of experience working in the technology risk and compliance field
- 5+ years experience in GRC, with experience managing security risks and designing controls.
- Passion for GRC as a strategic approach, not a check-the-box exercise
- Experience working in or with a technology organization
- Experience with one or more of the following: SOX, GDPR/CCPA, PCI DSS
- Knowledge of frameworks such as: ISO 27001, NIST CSF
- Solid understanding of key information security and technology change management principles
- Familiarity with data privacy concepts and program operations (GDPR/CCPA)
- Understanding of business continuity / disaster recovery principles
- Knowledge of qualitative vs. quantitative risk management and inherent vs. residual risk in order to properly determine and report on technology risk levels
- Strong degree of comfort working alongside, engaging and communicating with senior software engineering and business-side stakeholders
- Experience working in a technology intensive agile environment
- CISSP or related information security certification desired
At Rent the Runway, we’re committed to the wellbeing of our employees, and aim to create a workplace that fosters both personal and professional growth. Our inclusive benefits include, but are not limited to:
- Paid Time Off including vacation, paid bereavement, and family sick leave - every employee needs time to take care of themselves and their family.
- Universal Paid Parental Leave for both parents + flexible return to work program - because we know your newest family member(s) deserve your undivided attention.
- Paid Sabbatical after 5 years of continuous service - Unplug, recharge, and have some fun!
- Exclusive employee subscription and rental discounts - to ensure you experience the magic of renting the runway (and give us valued feedback!).
- Comprehensive health, vision, dental, FSA and dependent care from day 1 of employment - Your health comes first and we’ve got you covered.
- 401k match - an investment in your future.
- Company wide events and outings - our team spirit is no joke - we know how to have fun!
- Flexibility Policy - when our corporate employees return to the office post COVID they will have the option to work remotely 2-3 days a week.
Rent the Runway is an equal opportunity employer. In accordance with applicable law, we prohibit discrimination against any applicant or employee based on any legally-recognized basis, including, but not limited to: race, color, religion, sex (including pregnancy, lactation, childbirth or related medical conditions), sexual orientation, gender identity, age (40 and over), national origin or ancestry, citizenship status, physical or mental disability, genetic information (including testing and characteristics), veteran status, uniformed servicemember status or any other status protected by federal, state or local law.