GRC Solutions Lead
Who we are:
- We showcased the importance of making security tooling more usable by demoing our OWASP ZAP contributions at
- We discussed our overall approach to our security engineering program at
- Our CISO’s approach to
- We !
- We help organize the , the , , and conferences
What we do:
- We are the Governance, Risk, and Compliance (GRC) team within the overall Security Organization, and we deliver compliance, privacy and risk projects that have a positive business impact at Segment.
- We help assess and manage internal and third-party risk to Segment and to our customers.
- We set ambitious goals for ourselves, and we hold ourselves and each other to high standards.
Who we are looking for:
- You’ve performed internal and third-party risk assessments and can clearly articulate risk to internal stakeholders.
- You’re comfortable developing and enhancing processes related to third-party risk that allow for efficient and effective evaluation of business partners.
- You’ve successfully built effective program-monitoring by reporting key risk and compliance metrics (ideally within a GRC system).
- You’ve worked with internal and external teams to coordinate, execute, and deliver on complex customer request or vendor assessments.
- You’ve worked extensively with compliance frameworks and developed a scalable and repeatable approach to perform audits across various frameworks efficiently.
- You’ve figured out how to spend less time doing this work each year, and already thinking automation
- You’re a capable subject-matter expert in security and you understand how to put together controls to meet a security requirement.
- You’ve a high-level understanding of how cloud infrastructure works.
- You’ve strong organizational and prioritization skills and can get challenging projects across the finish line.
Projects We’re Currently Working On:
- We are implementing multiple GRC processes to scale (and automate) aspects of a maturing GRC program.
- We are constantly evaluating and raising the security and privacy bar to exceed customer expectations.
- 4+ years experience working within technology governance, risk management including third-party, regulatory requirements, and program frameworks.
- Familiar with risk frameworks including NIST 800-37, ISO 27005, or FAIR and think about risk both in quantitative and qualitative models.
- Familiar with building and maintaining a common control framework, in alignment with multiple compliance frameworks including SSAE 18, ISO 27001, FedRAMP and HIPAA
- Successfully built a GRC program, complete with a roadmap that illustrates where you want to take your program, and you’re excited to do it again for a startup.
- Top notch communication skills and comfortable sharing our contributions to the rest of the company.
- (Bonus) You have a degree in Computer Science or like to code.
Segment is an equal opportunity employer. We believe that everyone should receive equal consideration and treatment. Recruitment, hiring, placements, transfers, and promotions will happen based on qualifications for the positions being filled regardless of sex, gender identity, race, religious creed, color, national origin ancestry, age, physical disability, pregnancy, mental disability, or medical condition.