Ethos was built to make it faster and easier to get life insurance for the next million families. Our approach blends industry expertise, technology, and the human touch to find you the right policy to protect your loved ones. Using predictive analytics, we are able to transform a traditionally multi-week process into a modern digital experience for our users that can take just minutes!
Our investors include General Catalyst, Sequoia Capital, Accel Partners, Google Ventures, SoftBank, and the investment vehicles of Jay-Z, Kevin Durant, and Robert Downey Jr. We are listed in Forbes’ Top 50 Fintechs of 2020. And for exciting news about our growth check out Life-Insurance Startup Ethos Valued at More Than $2.7 Billion. We are scaling quickly and looking for passionate people to protect the next million families!
About the Role
The trust and safety pod is responsible for safeguarding Ethos information assets, managing technology compliance, and ensuring the trust, privacy, and safety of Ethos customers and employees. As the first member of the Governance, Risk Management, and compliance team, within trust and safety, this is a great opportunity to shape the security vision for compliance, governance, and privacy for the organization and drive innovation throughout relevant processes, technology solutions, and people. You will work with interesting and challenging use cases, technologies, and processes, define and implement predictive compliance controls, drive automation/efficiencies in privacy processes, 3rd party risk management, and regulatory, industry, and partner compliance activities. You will wear many hats, from advisor to doer, and everything in-between.
Duties and Responsibilities
- Execute, maintain, and improve the technology governance and compliance program, with a focus on automation, control right-sizing, and proactive compliance monitoring/enforcement, e.g., lead, rather than lag compliance controls
- Own compliance processes for cyber security and privacy (e.g., SOC2, CCPA, ISO27001, SOX-404) and drive compliance activities, such as SOC2 control operations and testing, 3rd risk assessments, etc.
- Partner with the finance and audit team to define and implement effective, yet practical ITGCs for in-scope environments
- Lead and/or coordinate partner and internal/external audits across all Ethos functional area
- Partner with the Legal team to implement and streamline privacy processes and controls
- Build and lead a GRC team
- Select, implement, and manage GRC solutions for the organization
Qualifications and Skills:
- Strong communicator that can lead both technical and operational/business discussions and help drive technical, governance, and compliance decisions
- At least 8 years of proven experience in the GRC, internal audit, security, and/or privacy space, with significant experience in performing, running, and executing audits, certification programs, and control assessments, including but not limited to, scope planning, defining control procedures based on requirements, policies and standards, control testing, and mapping issues to risks and socializing results
- Ability to establish credibility and build trust across the organization, particularly with engineers, product managers, and G&A functions; you are confident without the ego
- Hands-on experience with technology control frameworks, from NIST to SSAE18 and HIPAA, HITRUST, privacy regulations, e.g., GLBA, CCPA, GDPR, and understanding the operational concerns and opportunities associated with these frameworks and regulations
- Excellent understanding of cloud-based B2C environments and the associated technologies and security controls
- Passionate about learning new things – while you’re not expected to know everything you will face, it is expected that you will learn new things when appropriate
- Desire and/or ability to write automation scripts to increase operational efficiency and effectiveness of compliance and privacy controls
- Ability to see the big picture, yet recognize the importance of details and make sure the t’s are crossed and i's are dotted
- Broad industry experience, inclusive of Big 4 and in-house compliance/oversight roles is a significant plus
Everyone is welcome at Ethos. We are an equal opportunity employer who values diversity and inclusion and look for applicants who understand, embrace and thrive in a multicultural world. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. Pursuant to the SF Fair Chance Ordinance, we will consider employment for qualified applicants with arrests and conviction records.