Risk and Compliance Manager
The Job
Data loss can be devastating. Whether it’s caused by human error, bad code, rogue integrations, or malicious intent; all companies are at risk. OwnBackup is the #1 data backup, archiving, and sandbox seeding app on the Salesforce AppExchange. With over 2,000 customers, we are ranked #25 on Financial Times’ list of America’s fastest growing companies, and have raised $100 million in venture funding.
As part of the Chief Information Security Officer (CISO) organization, the individual will measure the operating design, effectiveness, and efficiency of the security, quality, risk management, and compliance programs. Work with the CISO and other departments toward a common goal of increased maturity and continue to support the departments goals for security and compliance at scale and efficiency. The program’s scope is inclusive of Cybersecurity, Business Continuity, Disaster Recovery, and designated controls in Physical Security, Vendor Management, HR, IT, Quality, and Enterprise Risk.
Build and maintain the cybersecurity control library composed of global and regional controls aligned against the NIST Cybersecurity Framework, ISO 27001, and SSAE-18 principals. The person in this position will be responsible for building and enhancing the Governance, Risk, and Compliance portfolio of efforts to raise the overall security and compliance posture. The individual will have previously led and managed risk and compliance programs and can drive tactical and strategic objectives with minimal oversight.
Your Day-to-Day Role
- Establish and maintain up-to-date, easy-to-understand, referenceable, and usable information security, compliance, and risk policies and plans that comply with our applicable frameworks and regulations, not limited to SOC2, ISO 27001, and NIST.
- Manage the preparations for and facilitate the external SOC2 and ISO 27001 audits leading to predictable and favorable outcomes.
- Find practical solutions to standardize and scale associated frameworks and activities.
- Oversee vendor due diligence, quality, and risk management programs, meetings, processes, and evidence for audit.
- Coordinate audit-related tasks working with IT and business/system managers and their organizations for audit testing and facilitating the timely resolution of any audit findings.
- Informing and influencing the development and product organization to follow security-related requirements and best practices.
- Manage the organizational risk register, create department metrics dashboards, manage risk assessments, quantify, and qualify risks for prioritization.
Your Work Experience
- 5+ years of relevant work experience.
- Experience with hands on management of SOC 2 and ISO 27001 efforts.
- Experience writing policies and procedure documents.
- Experience or desire to implement a quality program.
- Understanding of qualitative vs. quantitative risk management and reporting strategies.
- Familiarity with B2B SaaS environments.
- Strong project management, meeting/call management skills.
- Excellent communication skills.
- Ability to work well in cross-functional teams, including software engineers, legal, marketing, account management, and sales operations.
- Desire to pitch in and help where needed in a fast-growing startup.
Important Details
This is a full- time position with an opportunity to be remote for the right candidate.
Here at OwnBackup, culture is as important as results, and a key part of our culture is our differences. As we scale to help all types of companies protect precious data, our team must reflect the diversity we serve. OwnBackup is an Equal Opportunity Employer and we believe that every employee in the company brings a unique perspective that they can and should contribute in order to make an impact every day. We strive to be one team, one culture, and one family that builds trust through transparency. We do not discriminate based on race, color, religion, sex, sexual orientation, gender identity, age, national origin, protected veteran status or disability status. OwnBackup will consider qualified applicants with criminal histories in a manner consistent with applicable law.