Program Manager - Governance, Risk and Compliance (GRC)

Hyderabad, India

SingleStore

Backed by streaming data ingestion, a unique table type that supports both transactional (OLTP) and analytical (OLAP) workloads and limitless point-in-time recovery, SIngleStoreDB empowers the world's makers to build, deploy and scale modern,...

View company page

Position Description

SingleStore is a cutting edge business leading a wave of disruption in the database space focused on delivering a single platform for all data intensive applications. We believe in building secure by design solutions for cloud and on-premises deployments without compromising performance. 

At SingleStore compliance with industry standards and regulations is a top priority that involves all business units. To meet the needs of our rapidly growing business we are seeking an experienced and highly motivated GRC Program Manager to help us ensure our operations, products and services meet customer and industry security and compliance requirements.

As the Governance, Risk and Compliance Program Manager your main objective will be to maintain current and pursue new Information Security and Data Protection certifications, manage risk across the company within that same scope, uphold and enforce compliance against policies, procedures and processes, making sure SingleStore upholds regulatory and legal compliance and that internal staff adheres to established rules and guidelines. 

Job Responsibilities

  • Overall governance efforts related to security program management, including maintaining the Information Security Management System documentation and audit trail, updating and issuing policies.
  • Maintaining our active security certifications (ISO/IEC 27001, SOC 2 Type II) and making sure other departments/teams collaborate to achieve that goal, including delegating tasks needed for compliance purposes to Corporate IT Security, Application Security or Cloud Security depending on the scope of the tasks at hand
  • Org-wide risk management (includes setting the methodology, risk assessment and defining a risk treatment plan company-wide)
  • Setting Information Security plans to achieve our ISO 27001 Information Security Management System objectives, including but not limited to, data breach prevention, providing timely breach/incident notifications, annual information security awareness training, vendor risk assessments, currency of business continuity & incident response plans, phishing simulations, and internal audit of all relevant controls.  
  • Issuing Information Security comms internally
  • Vendor risk and security management (includes owning and managing the company security profile)
  • Consulting with Corporate IT on Security & Compliance Awareness training (delegating to other teams where needed)
  • Laying out the requirements for Business Continuity that need to be developed and implemented by respective departments
  • Defining corrective action plans and following up on non-conformities and their respective owners
  • Liaising with the Information Security committee/executive team
  • Liaising and collaborating with Legal to maintain legal/regulatory compliance (HIPAA, GDPR, CCPA). Note that the compliance manager will not own legal/regulatory compliance responsibility but rather support Legal.

Basic Qualifications

  • 3+ years experience in GRC.
  • 2+ years experience working with an Independent Software Vendor.
  • Strong understanding of security standards and applicable regulations (e.g., ISO 27001, SOC 2 Type 2)
  • Experience working with compliance frameworks and risk management processes.
  • Understanding of cloud technologies.

Preferred Qualifications

  • Experience in performing GRC functions for managed cloud services.
  • Certifications in one or more of the following areas: CISSP, CISA, CISM.
  • Bachelors in Computer Science or Information Systems.
  • Experience presenting and communicating GRC content to both technical and management audiences. 
  • Demonstrated leadership skills with experience working effectively with engineering, sales, marketing, product management, IT and legal.
  • Familiarity with data security frameworks and regulatory standards, including PCI DSS, GDPR and/or CCPA/CPRA, and FedRAMP.

Benefits

  • Company Wide
    • Technology Stipend for New Employees 
    • Monthly Cell Phone and Internet Stipend
    • Health and Wellness benefit 
    • Company and team events 
    • Flexible time off 
    • Volunteer time off
    • Stock Options 

As employees are located in many different countries around the world, some benefits may differ from country to country. In all cases, we do our best to provide equitable perks and benefits across our locations.

Other:

  • Full Time Employment 
  • Eligibility to work for an India based employer
  • Fully Remote Role or Hybrid based in India - Hyderabad or Bangalore.

SingleStore is one platform for all data, built so you can engage with insight in every moment. Trusted by industry leaders, SingleStore enables enterprises to adapt to change as it happens, embrace diverse data with ease, and accelerate the pace of innovation. SingleStore is venture-backed and headquartered in San Francisco with offices in Sunnyvale, Seattle, Boston, London, Lisbon, Bangalore, Dublin and Kyiv. Defining the future starts with The Single Database for All Data-Intensive Applications.

Consistent with our commitment to diversity & inclusion, we value individuals with the ability to work on diverse teams and with a diverse range of people.

To all recruitment agencies: SingleStore does not accept agency resumes. Please do not forward resumes to SingleStore employees. SingleStore is not responsible for any fees related to unsolicited resumes and will not pay fees to any third-party agency or company that does not have a signed agreement with the Company.

Tags: Application security CCPA CISA CISM CISSP Cloud Compliance Computer Science FedRAMP GDPR Governance HIPAA Incident response ISO 27001 PCI DSS Risk assessment Risk management SOC 2

Perks/benefits: Cell phone stipend Equity Flex hours Flex vacation Health care Home office stipend Team events Wellness

Region: Asia/Pacific
Country: India
Job stats:  6  0  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.