Governance, Risk & Compliance (GRC) Manager at Litmus Automation

Qualifications 

• We're looking for a self-motivated individual who thrives in fast-paced environments, can seamlessly drive efforts with multiple stakeholders to accomplish bold things, has demonstrable experience in GRC and is comfortable working across the breadth and depth of a large, multi-cloud security compliance program 
• Minimum 5 years of experience in security governance, risk management, compliance, audit, internal controls, or other security related areas and a minimum of 7-10 years of total work experience 
• Knowledge of multiple regulatory compliance frameworks (NIST CSF, ISO27001, SOC, GxP, GMP etc.) 

• Deep understanding of frameworks, attestations and certifications 
• Considerable hands on experience with various compliance, preferably for a service provider and/or merchant 
• Ability to prioritize and track multiple projects in parallel 
• Ability to work effectively with a wide range of individuals including developers, systems administrators, executives, customers, regulators, auditors, etc 
• Comfortable working with both deeply technical and non-technical audiences 

• Experience in security related analysis, creating metrics and dashboards and summarizing large data sets 
• Experience in Managing modern compliance tools like Drata 
• Previous experience as a Qualified Security Assessor (QSA) or Internal Security Assessor (ISA) 

Responsibilities  

• Help company successfully achieve various required compliances. 
• Maintain Drata compliance management system 
• Maintain & monitor compliance with the information security policies and procedures 

• Proactively manage the company’s ISO 27001 Information Security Management System ensuring continual compliance and ongoing eligibility for annual recertification 
• Recommend changes/enhancements to the company’s policies/procedures based upon the evolving landscape 
• Develop and manage the firm's vendor risk quantification & management program 
• Manage & improve process to respond to client audit and related requests in a timely manner 
• Oversee third party technical risk assessments and related audit activity 

• Serve as a subject matter expert for information security risk management principles and practices. 
• Perform internal technical risk assessments/audits 
• Produce and maintain information security documentation including, but not limited to policies, procedures, standards, guidelines and diagrams 
• Proactively assesses potential items of risk and opportunities 
• Promote a culture of information security across all business units 

• Understand the role of systems and technology within the firm and the value they deliver to the business 
• Oversee readiness for external audits