GRC Manager at Frame.io
See all roles
We take security seriously, both internally and externally. Keep us compliant and expand our program to keep up with our growing customer base.
Frame.io is changing the future of how videos are made by helping over 1 million creative professionals seamlessly collaborate from all over the world.
We’re backed by Accel, SignalFire, FirstMark, Jared Leto, and a host of other amazing investors. Our market-leading product is used and loved by companies such as Turner, Disney, NASA, Snapchat, BBC, BuzzFeed, TED, Adobe, Udemy, and many more.
We’re in an exciting period of growth and are always seeking extremely talented and passionate individuals who share our vision for helping visual content creators produce their best work.
About the Role
We’re looking for a compliance and risk specialist to own and manage our InfoSec compliance program. This is a hands-on role where you’ll be interfacing directly with our customers and our internal security team. In this role, you’ll have an opportunity to make a significant impact by expanding our compliance program beyond SOC 2, GDPR, CCPA, and TPN compliance and scale up our compliance efforts as our customer base grows.
- Extensive experience in managing and leading a security and compliance program.
- Broad familiarity with compliance frameworks such as SOC 2, ISO27001, HIPAA, and PCI
- Experience with privacy laws and compliance frameworks such as GDPR and CCPA.
- Experience in building internal audit and compliance teams.
- Previous experience working in a SaaS software or hosted infrastructure environment
- Strong Experience in performing risk assessments (product, vendors etc.)
- Experience interfacing with enterprise customers in a compliance role
- Excellent knowledge of reporting procedures and record keeping
- Excellent communication skill
- Strong organizational skills and attention to detail
- Execute, maintain and expand our information security compliance program: mature our processes for managing security and compliance policies
- Own compliance policies and processes for data security and privacy (such as SOC2, GDPR, ISO27001, and potentially more)
- Develop and oversee control systems to prevent or deal with violations of legal guidelines and internal policies
- Evaluate the efficiency of controls and improve them continuously
- Revise procedures, reports etc. periodically to identify hidden risks or non-conformity issues
- Draft, modify and implement company policies
- Interface with customers and sales prospects to address pre-sales security and compliance questionnaires and attract customers by maintaining modern compliance programs
- Manage customer and internal audits
- Work with external auditors and coordinate audits internally
- Manage proactive customer communication regarding security issues.
- Performing vendor risk assessments before and after onboarding new vendors
- Design and monitor controls and address violations and gaps
- Assess the business’s future ventures to identify possible compliance risks
- Coordinate compliance work streams across all functional areas of Frame.io
- Competitive salary and equity
- Paid parental leave for primary or secondary caregivers
- Unlimited PTO and designated Volunteering paid time off
- Yearly stipend for learning and development
- Medical, Dental, Vision Insurance and OneMedical membership
- Flexible Spending Account
- Monthly Work from Home Stipend
- 1 paid company-wide holiday for each month in the calendar year
- All-company week-long winter and summer breaks
Our philosophy is simple. At Frame.io, we believe that working with people of different backgrounds and perspectives allows us to elevate each other and helps us build a better product for our users.
We’re proud to be an equal opportunity employer, and are committed to providing all employees with a work environment that celebrates individuality and remains free from any form of discrimination and harassment. We base our employment decisions on the needs of our business, job requirements, and applicants' qualifications. In other words, we only care that you’re the best person for the job.