GRC Leader - Security Team

We are seeking a GRC- Governance, Risk, and Compliance specialist to join our security team. This is a fantastic opportunity to be part of a growing team and support the company as it grows and matures. If you're a team player, self driven, creative thinker, passionate about cybersecurity, and capable of blending a process-oriented mindset with a tech-oriented outlook, we are looking for you!

As a GRC specialist in Riverside.fm you will

• Maintain the company certification program including ISO 27001, SOC 2 Type 2 and other security standards.
• Ensure company policies, procedures, and controls are aligned with regulatory requirements and industry standards.
• Manage the company's third party security process.
• Work closely with our Sales and Customer Success departments Customer and respond to customer security questionnaires and address any security-related inquiries.
• Maintain internal and external trust platforms, supporting ongoing customer due diligence activities including audits, questionnaires, and reviewing security contractual requirements.
• Provide security awareness training to the company employees and provide training and guidance to sales teams on compliance-related matters and develop tools and resources to enable the sales team to efficiently respond to compliance inquiries from prospective and existing customers.
• Collaborate with cross-functional teams to support and enhance the overall GRC program.
• Proactively gather customer feedback and stay abreast of industry trends to adapt and mature the GRC program accordingly.
• Implement improvements and updates to the program based on regulatory changes and customer requirements.
• Participating in risk assessment and risk management processes.
  
  

• Minimum 2 years as a cyber security / GRC specialist, expert or consulting
• Strong knowledge and hands-on experience with ISO 27001 and SOC 2 Type II
• Familiarity with additional security frameworks as well as privacy regulations and standards (NIST, CSA, CAIQ, SIG, GDPR, CCPA, ISO 27701) is an advantage.
• An excellent ability to communicate verbally and in writing
• Ability to work on multiple projects simultaneously
• Project management skills
• Self-driven and fast learner with a can-do approach
• Passionate about the team and responsibilities
• Experience auditing cloud environments
• Experience working with regulators and auditors
• Experience working with GRC tools