Corporate Compliance Manager
Remote, United States
Graylog, Inc.
Graylog is a leading centralized log management solution for capturing, storing, and enabling real-time analysis of terabytes of machine data.Who we're looking for;
We're currently recruiting for a Corporate Compliance Manager to join our IT, Security, and Compliance team during an exciting period of growth. We're on a mission to make the world and it's data more efficient and secure.
As the Corporate Compliance Manager here at Graylog you will own the development, implementation, and execution of our corporate compliance programs. We currently have a SOC 2 Type 2 certification with the need to grow our compliance programme to include ISO 27001. Our long- term roadmap also includes preparations for CMMC and FedRAMP certification. Although we are currently privately held, our plans include laying the groundwork for Sarbanes-Oxley compliance as we grow the business. You will also be responsible for working with corporate leadership in developing a robust and practical Enterprise Risk Management program as well as owning the implementation and management of our GRC platform. Other areas that you will touch included GDPR and ESG initiatives.
Collaboration across your immediate team as well as the wider business is pivotal to the success of your role and you'll occasionally work with anyone from our executive leadership team to sales, engineering, IT, and marketing staff to enable them to tell the world how awesome and secure our cloud and enterprises services are.
This position can be based anywhere in the US and will report to our Director, Information Security.
Additional responsibilities will include but are not limited to;
- Partner with our Director, Information Security to review and standardised corporate policy documentation for SOC 2 compliance program
- Deploy and own GRC platform for tracking SOC 2 compliance
- Prepare ISO 27001 documentation and lead ISO readiness project
- Manager SOC 3 compliance program, include role matrix development, control ownership, and self assessments whilst implementing continuous compliance monitoring where possible with ongoing program improvement.
- Partner with Director, Information Security to develop project plans for ISO 27001, CMMS, and FedRAMP certification for cloud services
- Assist management of our vendor risk management program
- Collaborate with Director, Information Security in optimising business continuity plan and disaster recovery plan
- Plan and conduct BCP/ DR tabletop exercises
- Validate and standardise change management processes
- Implement continuous monitoring of privileged access roles
- Manage audit projects under the direction of the Director Information Security
- Partner with DevOps Security Manager in implementing best practices into development process and SDLC
- Participate in developing security best practices in order to anticipate customer concerns and exceed compliance requirements
- Interface with customers and prospects to answer security and compliance concerns
- Educate team leads on best practices for security and compliance
Here’s a flavour of the environment here at Graylog;
- 100% Cloud first – Google, Azure and other cloud-based services
- SOC 2 Type 2 certification
- GRC Platform, robust EDR and detection tools in place
- Team with a forward-thinking vision
Little bit about you;
- Approaching 5 years’ experience in security, compliance or DevOps security in a service-oriented environment
- Thoroughness in developing, managing and completing projects
- Cross-team collaboration experience centered about creating solid compliance and security practices
- Prior GRC, internal and external audit experience
- Experience presenting and teaching concepts internally and sharing insight through conferences, etc.
- Possess or working toward one of these certifications: CISSP, CISM, CISA, CRISC
- Ability to travel as needed
Just some of the reasons why you should join Graylog;
- Opportunity to work with a small but rapidly growing company
- Globally distributed and diverse team
- Grow and develop professionally
- Equipment and ongoing education provided to help you succeed
- Monthly allowance to support your commute costs and support outfitting your work-from-home environment
- Ownership in the company
Our values;
Openness- As a global company, we encourage our people to bring their backgrounds, ideas, and perspectives to our collective work. We lead with integrity and are committed to doing what is best for the Graylog community.
Collaboration- Through mutual respect, trust, and candid communication across all teams, we deliver the best ideas and results.
Useful Innovation- We take calculated risks to find new ways to innovate. By continuously improving ourselves, processes, and technologies, we deliver the best solution for our customers.
Ownership- As owners, we take the initiative to solve internal and external problems while supporting peer success and holding ourselves accountable for delivering the best work. We do this from a place of high trust.
Do the Right Thing!- Comfort and safety come from knowing that everyone will do the right thing, even when nobody's looking.
For further information please submit an application and a member of the Graylog People Team will be in touch.
Tags: Azure CISA CISM CISSP Cloud CMMC Compliance CRISC DevOps EDR FedRAMP GDPR ISO 27001 Log analysis Monitoring Risk management RSA SDLC SIEM SOC SOC 2 SOC 3 Teaching Travel
Perks/benefits: Career development Conferences Flex vacation Gear Startup environment
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Ethical hacker / Pentester H/F jobs
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Architect jobs
- Open Product Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Cybersecurity Specialist jobs
- Open Security Researcher jobs
- Open Senior Security Architect jobs
- Open Sr. Security Engineer jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open ISO 27001-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Agile-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open SaaS-related jobs
- Open Analytics-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open Security Clearance-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open CEH-related jobs
- Open Kubernetes-related jobs
- Open Forensics-related jobs