Our GRC team is looking for a creative, diligent, technical, and experienced IT compliance and security risk professionals with a background in SOX IT controls implementation, regulatory controls requirements, process improvement, and security risk analysis.

Responsibilities

• Evaluate and maintain ITGC procedures, and controls for Squarespace systems (internally developed and third-party).
• Collaborate with partners across the business (Finance, Accounting, Internal Controls, Engineering, etc.) to track remediation of ITGC and security control gaps.
• Conduct self-assessments/audits to confirm Squarespace’s adherence to internal policies, compliance goals, and industry best practices.
• Help support external audits of our SOX and PCI control environments
• Perform detailed ITGC testing for in scope SOX systems. Document and communicate findings with the GRC team and, where necessary, process owners.
• Assist with security and enterprise risk assessments across the organization.
• Partner with Security Engineering to formally document security policies (outside the scope of ITGC policies) and procedures.
• Conduct vendor security risk assessments for any third-party SaaS software solutions being considered for use. Provide feedback to the key stakeholders based on the assessment and a recommendation to move forward or disengage.
• Grow and establish the GRC function at Squarespace through collaboration with Engineering teams and cross functional partnerships with Finance, Accounting, Legal, CustOps, Product, and Strategy.
• Track project status and communicate road blocks with proposed solutions.

Qualifications:

• 2+ years relevant experience in an IT audit/compliance/risk management role
• Experience with IT controls implementation in the context of SOX and SOC 2/3
• Experience working in a full Linux environment, Git, and CI/CD
• Eager to learn from more seasoned GRC and Security Engineering professionals
• PCI controls implementation & SAQ experience is a plus
• Experience identifying, tracking, reporting and remediating IT procedural and technical risk
• Working knowledge of web-based technologies and cloud environments is a plus
• Big-4 is preferred
• CISA certification (or at a minimum, successful completion of the CISA examination) is strongly preferred

Perks:

• Health insurance with 100% premium covered
• Flexible vacation & paid time off
• Equity plan
• 401(k) plan with employer match
• Free lunch and snacks
• Dog-friendly workplace

Today, more than a million people around the globe use Squarespace to share different perspectives and experiences with the world. Not only do we embrace and celebrate the diversity of our customer base, but we also work towards the same in our employees. At Squarespace, we are committed to equal employment