Risk and Compliance Manager
The Job
Data loss can be devastating. Whether it’s caused by human error, bad code, rogue integrations, or malicious intent, all companies are at risk. That’s why so many companies choose OwnBackup, the #1 cloud data protection platform on the Salesforce AppExchange and global leader in SaaS data protection. With nearly 4,000 customers, we are ranked on the Forbes Cloud 100 as one of the world's top private cloud companies and have raised nearly $500 million in funding from AIkeon Capital, B Capital Group, BlackRock Private Equity Partners, Insight Partners and others.
We are looking for a Risk & Compliance Manager to lead and support day-to-day operations by identifying potential areas of cybersecurity compliance risks and ensuring appropriate escalation internally. The Risk & Compliance Manager will also own risk and compliance requirements in alignment with our business strategy and deployment of our core products and services to customers. This role will report directly to the Director of Risk & Compliance.
Your Day-to-Day Role
- Manage company compliance with SOC 2 and ISO audit requirements; ensure compliance with all other relevant certifications required, in alignment with the business strategy, to support the delivery of our core products and services.
- Lead information security audits and assessments, manage relevant regulatory requirements, assist in the development of management responses, track, and monitor full-cycle remediation.
- Communicate emerging issues, potential risks, and audit results to key stakeholders; assist in the review and formulate responses to issues and findings from all sources.
- Conduct an analysis of internal policies, guidelines, procedures, and processes to evaluate the accuracy and adequacy of internal controls, operations, and reporting in the area of information security programs and processes impacting regulatory compliance requirements as needed.
- Collaborate with internal technical and non-technical teams to continuously evaluate the effectiveness of security controls, identify and categorize risks, provide improvement recommendations, and communicate outcomes of those activities.
- Work closely with business, technology, and compliance counterparts to understand business objectives, initiatives, and ensure alignment with security policies and best practices.
- Contribute to the development of security policies and standards.
- Gather and create artifacts related to the evaluation of security controls described above, as well as other evidence of adherence to privacy and security controls.
- Provide customer audit support; serve as point of contact for other security and compliance assessments and questions for prospective customers.
- Participate in risk assessment, strategic planning and continuous improvement of the Organization’s risk and compliance program.
- Assist in the development of metrics and reporting that provide management visibility into the current cyber risk, compliance posture and trends.
Your Work Experience
- Bachelor's Degree in Computer Science, Information Technology or other relevant fields
- 5+ years of Cyber Risk working experience. Prior information security consulting experience preferred.
- Well-versed with Technologies and continuous compliance requirements for SOC, ISO, NIST, CIS, CCPA, GDPR, GxP/GmP and others.
- Experience in FedRAMP, French HDS, Australian IRAP, and other international regulatory compliance for privacy and cybersecurity is a plus.
- Must have strong experience with enterprise compliance enforcement, defining and driving related programs and performing risk assessments.
- Expertise working with risks and internal controls
- CISA or other certifications preferred (CPA, CISSP, CIA, CISM, etc.)
- Experience using GRC and/or document management tools, particularly ZenGRC is a plus
- Ability to build and develop strong relationships
- Strong leadership skills with the ability to foster an environment of collaboration and excellence
- Effective verbal and written communication, and presentation skills including comfort with executive audiences
- Strong attention to detail with the ability to think from a “big picture” perspective
Important Details
This is a full-time position. The ideal candidate will work out of our New Jersey office to maximize collaboration and interaction with the business.
OwnBackup is dedicated to creating an environment where employees thrive. It’s why we provide every employee with unlimited PTO, generous medical benefits, and a 401(k) savings plan. We also offer catered lunches in the office five days a week, a full fitness center, and free shuttle bus service to and from New York City.
New employees also have the opportunity to attend our award-winning new hire bootcamp, which customizes the onboarding experience by role, provides new employees with invaluable hands-on training within their first few weeks at the company, and gives employees the chance to meet their new colleagues in-person.
Creating an environment where employees thrive also means making sure every employee feels accepted. As we scale to help all types of companies protect precious data, our team must reflect the diversity we serve. OwnBackup is an Equal Opportunity Employer and we believe that every employee in the company brings a unique perspective that they can and should contribute in order to make an impact every day. We strive to be one team, one culture, and one family that builds trust through transparency. We do not discriminate based on race, color, religion, sex, sexual orientation, gender identity, age, national origin, protected veteran status or disability status.
A Bit About Us
Have a look at our website and read through the AppExchange reviews to get to know OwnBackup a little better. Founded in 2015, OwnBackup is backed by top-tier venture capital firms and has experienced 100% year-over-year growth, establishing early market dominance in a Salesforce ecosystem that includes over 150,000 customers. And while we’ve experienced tremendous growth providing backup and recovery solutions for Salesforce customers, we are now offering our world-class data protection solution across other clouds, like Microsoft Dynamics 365. At OwnBackup, our vision is to empower customers to own and protect their data on any cloud platform.