Director of Risk and Compliance
The Job
Data loss can be devastating. Whether it’s caused by human error, bad code, rogue integrations, or malicious intent, all companies are at risk. OwnBackup is the #1 data backup, archiving, and sandbox seeding app on the Salesforce AppExchange. With over 3,000 customers, we are ranked #25 on Financial Times’ list of America’s fastest growing companies, and have raised $267.5 million in funding from Salesforce Ventures and others.
OwnBackup is seeking a talented and passionate Director of Risk and Compliance to join our rapidly growing company. As part of the Chief Information Security Officer (CISO) organization, this role will advance our focus on continuing the development of our risk and compliance programs to ensure that OwnBackup obtains and maintains applicable requirements. This is a key role to lead the overall strategies to ensure proper growth and scale.
A compliance and risk management focus under frameworks not limited to NIST Cybersecurity Framework, the HITRUST Common Security Framework (CSF), the Common Criteria (SOC 2), ISO 27701/27001, FedRamp, GxP, Cloud Security Alliance (CSA), and others in a way that allows OwnBackup and our customers to comply with compliance and risk management mandates.
This individual will collaborate across various OwnBackup departments to identify and remediate gaps in compliance. Perform and manage risk assessments as applicable to targeted frameworks. This role will also be responsible for leading the following types of audits and activities:
- Internal compliance and procedural audits
- Vendor assessments to ensure compliance controls meet internal and customer expectations
- SOC 2 Type II audits on OwnBackup controls
- HITRUST audits on OwnBackup controls
- Provide leadership and guidance over FedRamp efforts
- GxP Compliance
- ISO 27701/27001
- Other assessments as needed
The Director of Risk and Compliance supports all ongoing activities related to the development, implementation, maintenance, and adherence to OwnBackup’s policies and procedures.
Your Day-to-Day Role
- Work with OwnBackup leadership in defining strategy, roadmap, and projects
- Provide leadership, guidance, and oversight of the Risk & Compliance team
- Stay current with industry and regulatory trends relating to Data Privacy and Information Security
- Partner with the CISO and CTO organizations to review and maintain OwnBackup’s information security policies and procedures
- Teach and communicate inside and outside the organization
- Develop KPI’s pertaining to risk and compliance
- Develop plans, procedures, and tools to track ongoing compliance
- Partner with all facets of the organization to assist them with complying with established policies and procedures
- Own and manage the OwnBackup security and compliance training program.
- Partner with applicable company departments to ensure essential collateral is up-to-date and accurate, not limited to whitepapers, data flow diagrams, CSA CAIQ, and SIG
- In collaboration with Marketing, Product, Engineering, Legal, and CISO, influences and supports longer-term strategies for adoption and integration of customer requirements
- Support Sales and Marketing as a key Subject Matter Expert (SME) and evangelist for growth initiatives as it pertains to risk and compliance management
Your Work Experience
- Bachelor’s degree in Computer Science or equivalent work experience, Master’s degree preferred
- 10+ years of progressive experience in risk & compliance, experience in SaaS industry strongly preferred
- Proven ability to implement security compliance programs with direct or indirect staff
- Leadership experience supporting SOC 2 and ISO 27001 audits
- Experience with cloud-based technologies and services
- Knowledge of salesforce.com services
- Knowledge of cloud-based services and how the shared responsibly model applies across compliance frameworks
- Exceptional communication skills with the ability to convey complex compliance requirements to stakeholders with differing levels of expertise
- Ability to multi-task and thrive in a fast-paced, customer-driven environment.
- Ability to balance leadership and individual contributions.
Important Details
This is a full-time position. The ideal candidate will work out of our New Jersey office to maximize interaction with business.
Here at OwnBackup, culture is as important as results, and a key part of our culture is our differences. As we scale to help all types of companies protect precious data, our team must reflect the diversity we serve. OwnBackup is an Equal Opportunity Employer and we believe that every employee in the company brings a unique perspective that they can and should contribute in order to make an impact every day. We strive to be one team, one culture, and one family that builds trust through transparency. We do not discriminate based on race, color, religion, sex, sexual orientation, gender identity, age, national origin, protected veteran status or disability status. OwnBackup will consider qualified applicants with criminal histories in a manner consistent with applicable law.
A Bit About Us
Have a look at our market opportunity and read through the AppExchange reviews to get to know OwnBackup a little better. Founded in 2015, OwnBackup is backed by top-tier venture capital firms and Salesforce Ventures. The company has experienced 100% y/y growth, establishing early market dominance in a big addressable market. To put it in perspective OwnBackup has 2k customers and nearly all of Salesforce 150k customers are a potential fit to use our products. Given the company’s vision to be the leading Cloud Data Protection Platform, there are also plans to expand into other SaaS ecosystems in the company year.