SevenRooms is a guest experience platform that helps hospitality operators connect data across the guest journey. We enable operators to automatically drive revenue & profitability by leveraging data to build direct relationships, deliver exceptional experiences, and increase repeat business. Founded in 2011, SevenRooms is venture-backed by Amazon, Comcast Ventures and Providence Strategic Growth. We were included on Inc.‘s annual Best Workplaces & Forbes’ Best Startup Employers lists in 2020.
About the Role
The SevenRooms Security and Compliance team is expanding and building a leading technology risk management practice to transform our IT compliance posture and information security capabilities. We’re seeking a highly-motivated and experienced Senior Technology GRC Analyst to join us at SevenRooms to support the team in the development of IT policies, processes and controls around SevenRooms’ PCI compliance, SOC2 compliance and other technology risk management activities.
This role will require an execution-oriented and strong team player who can work across the organization to help manage our audit requirements, identify process improvements and lead themselves and others in project completion.
What You'll Do
- Execute on our Technology GRC plan to ensure an effective internal control environment for PCI, SOC 2, ISO2700x and other regulatory requirements (e.g., GDPR, CCPA).
- Review, implement and maintain a GRC tool to drive a risk aware and compliant-centric organization
- Coordinate and manage cross-functionally to assist business units in the development and implementation of remediation plans related to IT controls.
- Support the management in identifying key technology risks, forward thinking mitigation strategies and improvements to the business process.
- Review and enhance IT security policies and procedure documents based on ISO2700x standards.
- Educate the IT organization on governance, risk and controls, and compliance concepts
- Develop and maintain ITGC process flows, procedural documentation and effective compliance strategies for key applications in a complex SaaS environment.
- Create and maintain internal control narratives, flowcharts and risk matrices.
- Coordinate with third parties/auditors for all matters related to PCI audits, SOC 2 audits, Vendor Security Reviews, and financial audits.
Who You Are
- 3 - 5 + years of relevant experience in the fields of Information Systems audit, IT Risk Assurance, Internal and/or External audit (Big 4 preferred)
- Experience working at a SaaS company preferred
- CISA, CISSP or equivalent Information Technology audit or security certifications are preferred
- Working knowledge of information security and computer networks, servers, database and SaaS technologies
- Experience working with GDPR, ISO2700x, ISO27017 and other regulations preferred
- Knowledge of the COSO 2013, COBIT and ITIL frameworks preferred
- Proven ability to lead self and others in executing discrete tasks and developing compliance strategies to drive effective results
- Proven ability to manage projects to conclusion, while collaborating with a diverse group of professionals from both technical and non-technical backgrounds
- Highly organized and detail-oriented, with strong analytical, problem solving, and critical thinking skills.
- Effective verbal and written communication skills with a proven ability to break down technical aspects of compliance into basic concepts
- Maintains updated knowledge of best practices in the field of technology risk management, compliance and data privacy
What We Offer
- Competitive salaries and flexible work life balance
- Equity share in a growing business
- Unlimited Vacation. We trust you to take the time you need to be your most productive self.
- A full slate of benefits coverage including: medical, dental, vision, and pre-tax commuter benefits, gym reimbursements, and unique memberships through One Medical and Perkspot
- 401k plan
We are proud to be an equal opportunity workplace and an affirmative action employer. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, marital status, disability, gender identity or veteran status.
View our Prospective Employee Privacy Notice by visiting https://bit.ly/3iUUpYK