Corporate Compliance Manager

Graylog is an award-winning centralized log management and SIEM (Security Information Event Management) solution that enables fast and efficient log analysis in the areas of security, compliance, operations, and DevOps. Our enterprise solution enables organizations globally to capture, store, and analyse terabytes of machine data in near-real time while our open project which has been deployed in more than 50,000 installations worldwide, empowers individuals and small teams to perform basic log consolidation, analysis, and search functions at no cost. We're a remote friendly company with locations in Hamburg, Munich, London, Boulder, and headquarters in Houston, TX. If you live near an office and want to be part of said office great.  Nearish to an office and want to have the ability to hot desk? No problem and if you're not near an office and wish to work remotely, all good! With the success of current and past, Graylog continues to invest in our people and as such we're growing in almost every business area globally. Several recent achievements for Graylog have been inclusion in the 2021 Deloitte Technology Fast 500™, Gold 2021 Stevie Winner, and most recently won the Most Innovative Central Log Management Award from Cyber Defence Magazine (CDM) at this year’s RSA conference. 
Who we're looking for;
We're currently recruiting for a Corporate Compliance Manager to join our IT, Security, and Compliance team during an exciting period of growth. We're on a mission to make the world and it's data more efficient and secure.
As the Corporate Compliance Manager here at Graylog you will own the development, implementation, and execution of our corporate compliance programs. We currently have a SOC 2 Type 2 certification with the need to grow our compliance programme to include ISO 27001. Our long- term roadmap also includes preparations for CMMC and FedRAMP certification. Although we are currently privately held, our plans include laying the groundwork for Sarbanes-Oxley compliance as we grow the business. You will also be responsible for working with corporate leadership in developing a robust and practical Enterprise Risk Management program as well as owning the implementation and management of our GRC platform. Other areas that you will touch included GDPR and ESG initiatives.
Collaboration across your immediate team as well as the wider business is pivotal to the success of your role and you'll occasionally work with anyone from our executive leadership team to sales, engineering, IT, and marketing staff to enable them to tell the world how awesome and secure our cloud and enterprises services are.
This position can be based anywhere in the US and will report to our Director, Information Security.

Additional responsibilities will include but are not limited to;

• Partner with our Director, Information Security to review and standardised corporate policy documentation for SOC 2 compliance program
• Deploy and own GRC platform for tracking SOC 2 compliance
• Prepare ISO 27001 documentation and lead ISO readiness project
• Manager SOC 3 compliance program, include role matrix development, control ownership, and self assessments whilst implementing continuous compliance monitoring where possible with ongoing program improvement.
• Partner with Director, Information Security to develop project plans for ISO 27001, CMMS, and FedRAMP certification for cloud services
• Assist management of our vendor risk management program
• Collaborate with Director, Information Security in optimising business continuity plan and disaster recovery plan
• Plan and conduct BCP/ DR tabletop exercises
• Validate and standardise change management processes
• Implement continuous monitoring of privileged access roles
• Manage audit projects under the direction of the Director Information Security 
• Partner with DevOps Security Manager in implementing best practices into development process and SDLC
• Participate in developing security best practices in order to anticipate customer concerns and exceed compliance requirements 
• Interface with customers and prospects to answer security and compliance concerns 
• Educate team leads on best practices for security and compliance 

Here’s a flavour of the environment here at Graylog;

• 100% Cloud first – Google, Azure and other cloud-based services 
• SOC 2 Type 2 certification 
• GRC Platform, robust EDR and detection tools in place 
• Team with a forward-thinking vision 

Little bit about you;

• Approaching 5 years’ experience in security, compliance or DevOps security in a service-oriented environment 
• Thoroughness in developing, managing and completing projects
• Cross-team collaboration experience centered about creating solid compliance and security practices 
• Prior GRC, internal and external audit experience 
• Experience presenting and teaching concepts internally and sharing insight through conferences, etc. 
• Possess or working toward one of these certifications: CISSP, CISM, CISA, CRISC 
• Ability to travel as needed 

Just some of the reasons why you should join Graylog;

• Opportunity to work with a small but rapidly growing company 
• Globally distributed and diverse team 
• Grow and develop professionally 
• Equipment and ongoing education provided to help you succeed 
• Monthly allowance to support your commute costs and support outfitting your work-from-home environment 
• Ownership in the company 

Here at Graylog, you'll find a diverse group of experienced professionals who love to have fun while meeting the needs of our customers with the best solution and customer service available.
Our values;
Openness- As a global company, we encourage our people to bring their backgrounds, ideas, and perspectives to our collective work. We lead with integrity and are committed to doing what is best for the Graylog community.
Collaboration- Through mutual respect, trust, and candid communication across all teams, we deliver the best ideas and results.
Useful Innovation- We take calculated risks to find new ways to innovate. By continuously improving ourselves, processes, and technologies, we deliver the best solution for our customers.
Ownership- As owners, we take the initiative to solve internal and external problems while supporting peer success and holding ourselves accountable for delivering the best work. We do this from a place of high trust.
Do the Right Thing!- Comfort and safety come from knowing that everyone will do the right thing, even when nobody's looking.
For further information please submit an application and a member of the Graylog People Team will be in touch.