Governance, Risk and Compliance Program Manager at LeafLink
LeafLink is the regulated cannabis industry's largest wholesale marketplace, providing licensed dispensaries the ability to order from their favorite brands, as well as a suite of software tools for those brands to manage and scale their operations.
With thousands of retailers and thousands of brands across 26 territories in the US and Canada, we are setting the industry standard for how cannabis businesses grow together. LeafLink annually processes and manages more than $1 billion in wholesale cannabis orders - you can learn more about our history and path to $1B here http://firstbillion.leaflink.com/.
Our team, backed by funding from leading VC's, including Thrive Capital and Lerer Hippeau is poised to define the cannabis supply chain through technology. LeafLink was named one of Built In NYC's 'Best Places to Work in 2021', as well as one of Fast Company's 'Top 10 Most Innovative Companies in Enterprise for 2020', joining the ranks of Amazon, Slack, and VMWare - and we're just getting started!
At LeafLink, we work hard to earn our users’ trust every day. Gaining & retaining this trust is critically important to LeafLink’s success. LeafLink is seeking an experienced Governance, Risk and Compliance (GRC) Program Manager to join our fast-growing team, reporting directly to the Head of Enterprise Risk & Compliance. In this role, you will be involved in the development, implementation, and ongoing management of LeafLink Inc.’s GRC Program.
The Enterprise Risk and Compliance (ERC) team is responsible for maintaining a strong culture of compliance throughout the LeafLink organization. The ERC team is responsible for a variety of Risk and Compliance Programs, including but not limited to: Policy Management, Risk Assessment, Business Continuity/Disaster Recovery, Third Party Vendor Risk, etc.
The GRC Program Manager will help develop and implement LeafLink’s technology and vendor risk programs to ensure we are following the policies and regulations that impact our innovative projects. This role aligns the best practices of program management with GRC subject matter expertise, while also requiring the ability to influence, partner, and strategically think to scale the organization. The person filling this role should be comfortable developing a GRC program in collaboration with a wide breadth of key stakeholders. The individual for this role should have a focus on scalable operations, innovation to challenge the status quo. The individual should be a force multiplier for the team working cross-functionally to deliver commitments, such as SOC2 certification.Responsibilities
- Lead the Governance, Risk, & Compliance (GRC) function within the Enterprise Risk and Compliance group and help to design, implement, and continuously improve programs to address key company risks and prepare internal teams for independent assessments against regulatory and compliance frameworks
- Guide LeafLink to solve complex, cross-functional challenges related to compliance programs such as: SOC 2, BCP, DR and more
- Support the Head of Enterprise Risk & Compliance in driving & scaling global compliance programs while leading ongoing risk and compliance initiatives and monitoring control effectiveness
- Establish the development of GRC governance models, programs, and procedures and support the implementation of controls for conducting audits to enable the tracking, measurement, reporting and evaluation of the design and effectiveness of controls across our portfolio
- Champion compliance initiatives by building deep, collaborative relationships with cross-functional leaders throughout the organization and review new risks and controls requirements arising from new business lines, technology implementations and transformation efforts
- Support the development and implementation of a comprehensive GRC tool
- Develop talent and build training programs to grow team members and foster a strong controls culture
- 8-10 years of experience implementing and managing compliance programs for a SAAS, Marketplace or Fintech company
- Ability to build and cultivate strong relationships and be seen as a valued business partner
- Capable of working with teams and commit to deadlines, fostering a positive work environment; Strong team player, capable of dealing with complex issues IT infrastructure and applications
- Exhibits proven ability to influence, communicate, collaborate and present
- Demonstrates strong knowledge of security risk identification, analysis, assessment, and mitigation within business
- Knowledge and experience in IT, security, and cloud or technical operations processes such as SOX IT, PCI, FFIEC, SOC 2, CIS CSC, NIST, and ISO principles
- Demonstrates detailed knowledge in specific areas of cybersecurity, information security, risk assessments, IT general controls and cloud controls
- Ability to set strategy and plan ahead for upcoming audit tasks and works internally to ensure key tasks are scheduled timely
- Ability to actively manage competing deliverables to meet business commitments and partners' expectations
- Flexible PTO to give our employees a little extra R&R when they need it
- Competitive compensation and 401k
- Comprehensive health coverage (medical, dental, vision)
- Commuter Benefits through a Flexible Spending Account
- A robust stock option plan to give our employees a direct stake in LeafLink’s success