GRC Lead

About The Position

Requirements

• You hold comprehensive knowledge of third party and information technology risk management processes and methodologies
• You have deep experience assessing contracts for technical risk, including master service agreements, statements of work, data protection agreements and license agreements. You’re experienced collaborating with cross-functional partners including Finance and Legal on these assessments
• You are able to thrive in a fast-paced and ambiguous environment, naturally curious and proactive self-starter, constantly on the lookout for new opportunities and solutions
• You maintain a deep technical understanding and can use this knowledge to bridge gaps between technical and non-technical parts of the organization.
• You’re an owner, have excellent problem-solving skills and can prioritize tasks effectively, with a strong attention to detail
• You are detail-oriented and proactive, you thrive as a self-starter and excel in managing multiple projects simultaneously
• You’ve worked to achieve and/or maintain compliance with regulatory frameworks including NIST, CIS, HIPAA, and/or SOC2
• You're a skilled written and verbal communicator and have the ability to absorb and distill complexity into simple terms to drive decision making
• You love dogs.

Responsibilities

• Develop and mature processes for risk identification and prioritization, control assessment, testing and issue management
• Continuously assess risks for new and existing vendors using defined process and philosophy while looking for ways to iterate
• Lead TFD to achieve and maintain ongoing compliance with standard regulatory frameworks
• Oversee cybersecurity-focused audits and maturity assessments to assess and validate controls and adherence to policy and regulation
• Own and maintain TFD’s risk register to track and prioritize business risk
• Collaborate cross-functionally to understand, assess, and inform the organization about risks, generating evidence of remediation
• Communicate and educate on risk to stakeholders at all levels, define a cadence and structure to maintain consistency of risk communication
• Execute Business Continuity Planning (BCP) tasks, including Business Impact Analysis (BIA), and Incident Response planning

Benefits

• Dog-friendly office in SoHo
• Market-competitive compensation and equity packages
• Comprehensive Healthcare, Dental, and Vision
• Company supported mental health benefits
• 12 week paid parental leave
• Competitive 401k plan with company match
• Flexible PTO
• Discounted fresh food for your pup
• Your pet interrupting video calls (and in-person meetings) is now a feature, not a bug