Governance, Risk & Compliance Manager
Hybrid
Full Time
#Engineering
#GRC
#Security Compliance
#Risk Management
#ISO 27001
#NIST CSF
#SOC
Who is Litmus
Litmus is a growth-stage software company that is transforming the way companies harness the power of machine data to improve operations. Our software is enabling the next wave of digital transformation for the biggest and most innovative companies in the World – making Industrial IoT, Industry 4.0 and Edge Computing a reality. We just completed our Series B financing round, and we are looking to expand our team.
Why join the Litmus team
You want to be a part of something great
We pride ourselves on building the most talented and experienced team in the industry who knows how to win. We work hard and the results speak for themselves. We’re trusted by industry leaders like Google, Dell, Intel, Mitsubishi, Hewlett-Packard Enterprise and others as we partner to help Fortune 500 companies digitally transform.
You want to define and shape the future
At Litmus you’ll have the opportunity to influence and enable Industrial Internet of Things, the next wave of technology essential for global digitization. We’re leading the industry in machine data analytics and edge computing to feed machine learning, artificial intelligence and other applications that rapidly change the way companies operate.
You want to build and shape your career
Join a growth-stage Silicon Valley company to build and define your career path in an environment that allows you to progress rapidly. Bring your unique experience, talent and expertise and add to it by collaborating with and learning from the brightest people in the industry.
We are committed to hiring great people who are passionate about what they do and thrive on winning as a team. We welcome anyone and everyone who wishes to join the Litmus marketing team to apply and share their career experience, dreams and goals with us.
Qualifications
- We're looking for a self-motivated individual who thrives in fast-paced environments, can seamlessly drive efforts with multiple stakeholders to accomplish bold things, has demonstrable experience in GRC and is comfortable working across the breadth and depth of a large, multi-cloud security compliance program
- Minimum 5 years of experience in security governance, risk management, compliance, audit, internal controls, or other security related areas and a minimum of 7-10 years of total work experience
- Knowledge of multiple regulatory compliance frameworks (NIST CSF, ISO27001, SOC, GxP, GMP etc.)
- Deep understanding of frameworks, attestations and certifications
- Considerable hands on experience with various compliance, preferably for a service provider and/or merchant
- Ability to prioritize and track multiple projects in parallel
- Ability to work effectively with a wide range of individuals including developers, systems administrators, executives, customers, regulators, auditors, etc
- Comfortable working with both deeply technical and non-technical audiences
- Experience in security related analysis, creating metrics and dashboards and summarizing large data sets
- Experience in Managing modern compliance tools like Drata
- Previous experience as a Qualified Security Assessor (QSA) or Internal Security Assessor (ISA)
Responsibilities
- Help company successfully achieve various required compliances.
- Maintain Drata compliance management system
- Maintain & monitor compliance with the information security policies and procedures
- Proactively manage the company’s ISO 27001 Information Security Management System ensuring continual compliance and ongoing eligibility for annual recertification
- Recommend changes/enhancements to the company’s policies/procedures based upon the evolving landscape
- Develop and manage the firm's vendor risk quantification & management program
- Manage & improve process to respond to client audit and related requests in a timely manner
- Oversee third party technical risk assessments and related audit activity
- Serve as a subject matter expert for information security risk management principles and practices.
- Perform internal technical risk assessments/audits
- Produce and maintain information security documentation including, but not limited to policies, procedures, standards, guidelines and diagrams
- Proactively assesses potential items of risk and opportunities
- Promote a culture of information security across all business units
- Understand the role of systems and technology within the firm and the value they deliver to the business
- Oversee readiness for external audits
Find us at www.litmus.io
