Senior Security Advisor, Governance Risk & Compliance (GRC)

What you will do:

• Maintain security policies, procedures, standards, checklists, and other necessary documentation.
• Conduct gap assessments and implement/mature security processes and controls in line with industry frameworks and regulations.
• Conduct comprehensive risk assessments, including technical security risks, threat modeling, and compliance evaluations. Develop and implement mitigation strategies to address identified risks.
• Utilize advanced technical knowledge to identify, analyze, and mitigate security risks, focusing on both existing and emerging threats.
• Perform periodic due diligence and risk assessment for Vendors, Sub-Processors. 
• Own the compliance monitoring program for security controls. Communicate with and present to Senior Management on progress and testing results.
• Manage external compliance audits and other reviews, working with audit firms and internal parties.
• Respond to customer due diligence requests; Attend customer calls (if required) and work closely with customer-facing teams on security-related matters.
• Develop and deliver cybersecurity training and awareness programs to educate employees on security best practices and compliance.
• Track compliance requirements and contractual obligations related to security.
• Monitor and track relevant metrics for the security program's effectiveness.
• Work closely with all engineering and product teams to ensure consistent and practical implementation of requirements for the Ocrolus infrastructure.
• Keep abreast of best practices, framework changes, and new regulations to identify key risk areas further and analyze their applicability to Ocrolus.
• Help develop technology solutions to support the various compliance programs.
• Showcase a robust understanding of cloud services and related technologies, contributing to a secure cloud environment.

What you will bring:

• 5-8 years of working experience in a GRC role. 
• Excellent understanding of regulatory compliance requirements 
• Experience in evaluating and implementing SOC 2, ISO 27001, and PCI DSS.
• Experience documenting policies and procedures, attention to detail, and analytical skills.
• Experience in risk assessment methodologies, tools, and technical risk assessments.
• Practical experience or a solid conceptual understanding of the AWS cloud platform to define controls for cloud environments and recommend best practices. (Certification is a plus)
• Experience in implementing security controls to address requirements of privacy regulations, including GDPR, CCPA, and other international regulations
• Experience in developing test plans, testing security controls, internal audit
• Experience in handling & managing external audits and auditors.
• Ability to communicate with various stakeholders effectively across the organization.
• Ability to prioritize identified areas for improvement and propose practical solutions. 
• Ability to work in a remote environment with teams in India and in the United States.
• Excellent verbal and written communication skills (in English).
• Desire to continuously seek and update technical security skills as required for the job.
• Being Proactive and able to work with little direct supervision.

Additionally (a great plus)

• Security certifications such as CISSP, CRISC, and AWS certifications.
• Knowledge of Financial Services domain (Mortgage, Lending, etc..)