At BetterUp, we give people the coaching, support, and push they need to reach peak performance and unlock their limitless potential, in all they do, personally and professionally. We work with world-class experts and Coaches, pioneer innovative technology, and foster human touch at scale to fuel the BetterUp experience, and make growth and development achievable for all. We believe that practicing strong mental fitness is a never-ending practice of maintaining and building the strengths that proceed health, happiness, and success.
And we’re looking to build out a diverse and ambitious team of go-getters to join us as we grow. Exciting opportunities lie ahead, as well as work that makes a real difference — not only in the lives of others, but for your own personal and professional growth, too. Join us as we continue to bring BetterUp to more people everywhere, and create impactful change for our members and for you.
BetterUp is looking for an Information Security Sr. Manager Governance, Risk and Compliance (GRC) to grow our Federal and Commercial GRC program. As the Sr. Mgr. – GRC you will ensure that our internal customers have the best experience possible as consumers of security services within BetterUp. You will define and automate processes, ensuring our GRC service is best in the class. You will be, working closely with Head of Information Security, Product, Engineering, Customer Support, and 3rd-party vendors to help mature our Information Security practices over period of time. You’ll partner and work with every employee at BetterUp!
What you'll do:
- Build and maintain the best-in-class GRC services for FedRAMP and CMMC compliance.
- Maintain compliance and Authority to Operate (ATO) for our FedRAMP environment, including performing periodic self-assessments, updating associated documentation such as SSP, POA&M, SAP, RAR, etc.
- Maintain and operate our Information Security Awareness Campaigns and role-based training programs for employees.
- Maintain and operate our Supplier Security Assessment Program. Vendors and third parties, does not include our coaches (think customer care personnel suppliers, software, etc)
- Maintain and respond to security questionnaires from our external Customers.
- Manage Information Security initiatives and related documentation, as needed (internal and external security documentation).
- Follow industry-standard security best practices to keep employee data and BetterUp intellectual property safe and secure.
- Collaborate with various teams including Security Operations, Privacy, and Legal, as required.
- Work closely with 3rd-party vendors for all systems for the purposes of risk remediation.
- Monitor employee compliance with security policies to make sure private data stays private, partnering with the Director of Privacy and Head of Information Security on these initiatives as needed.
- Oversee Security projects in alignment with organization goals.
If you have any of the following, please apply:
- 8+ years’ progressively responsible GRC experience in fast moving environment like start-ups.
- 3+ years’ progressively responsible for achieving/maintaining compliance for Federal SaaS systems for one of the following: FedRAMP, FISMA, HIPAA, CMS, and DISA.
- 3+ years’ progressively responsible for implementing FedRAMP, NIST 800-53, NIST 800-171 and CMMC for SaaS systems/ company.
- 3+ years’ creating and maintaining System Security Plan (SSP), Plan of Actions & Milestones (POA&M), Security Assessment Plan (SAP), Information Security Risk Assessment (ISRA), Interconnection Systems Agreement (ISA), etc.
- 3+ years with Security / GRC in a 100% Cloud/ SaaS environment that uses AWS, GitHub, Google & Salesforce.
- 3+ years of hands on experience managing 3PAO and Federal ATO.
- Experience managing laptops and Mobile devices in OS X and Windows environments.
- Excellent customer service, verbal and written communication skills.
- Excellent problem solving and communication skills are a must.
- History of project managing company-wide rollout of new technology and security operations.
- Vendor management experience.
- Ability to lift 20 pounds and configure under-desk cables as needed, including frequent bending, reaching, kneeling, and climbing stairs.
Preferred Additional Experience:
- 5+ years of progressive experience with a leading consulting /audit firms is highly desirable.
- Experience managing Security resources, budgets and return on investment analysis.
- Experience enabling Zero Trust Framework is a plus.
At BetterUp, we are committed to living out our mission every day and that starts with providing benefits that allow our employees to care for themselves, support their families, and give back to their community.
- Access to BetterUp coaching; one for you and one for a friend or family member
- A competitive compensation plan with opportunity for advancement
- Medical, dental and vision insurance
- Flexible paid time off
- Per year:
- All federal/statutory holidays observed
- 4 BetterUp Inner Work days (https://www.betterup.co/inner-work)
- 5 Volunteer Days to give back
- Learning and Development stipend
- Holiday charitable contribution of your choice on behalf of BetterUp
- 401(k) self contribution
We are dedicated to building diverse teams that fuel an authentic workplace and sense of belonging for each and every employee. We know applying for a job can be intimidating, please don’t hesitate to reach out — we encourage everyone interested in joining us to apply.
BetterUp Inc. provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, disability, genetics, gender, sexual orientation, age, marital status, veteran status. In addition to federal law requirements, BetterUp Inc. complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training.