Governance, Risk and Compliance Manager
San Francisco or Remote
Interested in defining how AI shapes the future of work? Cresta is on a mission to make every knowledge worker 100x as effective, 10x faster and 10x better. Cresta is focused on using AI to help the workforce, not replace them. Cresta uses our patented Expertise AI to uncover expert insights from every conversation and put those insights into action with real-time coaching during customer conversations.
We’re growing fast! Spun out of the Stanford AI lab and chaired by Google-X founder Sebastian Thrun, Cresta launched in 2020. Since then, we’ve grown revenue and our team by 300%! We’ve assembled a world-class team of AI and ML experts, go-to-market leaders, and top-tier investors and advisors including Andreessen Horowitz, Greylock Partners, Sequoia, and former AT&T CEO John Donovan. Our valued customers include brands like Intuit, Porsche, Adobe, and Dropbox and we have been recognized as a startup to watch by Business Insider, Forbes, and Gartner to name a few. We have huge ambitions and are looking for stellar candidates who have an entrepreneurial mindset and are excited to use cutting-edge AI to solve real-world business problems.
Cresta is seeking a passionate individual with solid compliance experience to drive the GRC function and support growing global data protection and cybersecurity efforts.
We’re growing fast! Spun out of the Stanford AI lab and chaired by Google-X founder Sebastian Thrun, Cresta launched in 2020. Since then, we’ve grown revenue and our team by 300%! We’ve assembled a world-class team of AI and ML experts, go-to-market leaders, and top-tier investors and advisors including Andreessen Horowitz, Greylock Partners, Sequoia, and former AT&T CEO John Donovan. Our valued customers include brands like Intuit, Porsche, Adobe, and Dropbox and we have been recognized as a startup to watch by Business Insider, Forbes, and Gartner to name a few. We have huge ambitions and are looking for stellar candidates who have an entrepreneurial mindset and are excited to use cutting-edge AI to solve real-world business problems.
Cresta is seeking a passionate individual with solid compliance experience to drive the GRC function and support growing global data protection and cybersecurity efforts.
What you'll do:
- Perform risk assessments to identify gaps, come up with recommendations, and drive the gaps to remediation.
- Streamline SOC 2 Type II, ISO 27001 & 27701, PCI-DSS, TISAX and HIPAA audit processes
- Perform internal audits and keep the necessary documentation updated as required for audits
- Perform gap assessments against new regions and target industry markets to comply with compliance regulations as the company expands
- Conduct new-hire and annual security awareness trainings to educate personnel and re-iterate security and compliance requirements
- Establish metrics to track compliance program effectiveness and to report risk
- Interface with with both technical (Engineering/Product) and non-technical (Sales/Marketing) teams
- Respond to customer RFIs, questions, and technical documentation requests (i.e. SOC 2 Type II report)
- Help build our common control framework and drive adoption of the framework within the organization
- Build and automate processes to achieve continuous compliance over the technology control environment
- Assist with sales and marketing materials representing product security and compliance
What we look for:
- 3+ years of experience in security governance, IT audit, or security compliance management
- 3+ years of program management, with experience in affecting technology decisions
- End-to-end experience going through SOC II Type 2, ISO 27001 & 27701, and PCI-DSS external audits
- Experience in a hands-on technical role, with basic understanding of software implementation and integration
- A track record of building relationships and credibility with business leads, external partners, and regulators through collaborative and independent programs
- Experience managing competing efforts and requirements
- Experience with fast-growing SaaS start-ups
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Audits Compliance Governance HIPAA ISO 27001 Product security Risk assessment SaaS SOC SOC 2 TISAX
Perks/benefits: Startup environment
Regions:
Remote/Anywhere
North America
Country:
United States
Job stats:
36
18
0
Categories:
Compliance Jobs
Leadership Jobs
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Staff Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Product Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Specialist jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Cybersecurity Specialist jobs
- Open Security Researcher jobs
- Open Senior Security Architect jobs
- Open IT Security Engineer jobs
- Open Sr. Security Engineer jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open Security Clearance-related jobs
- Open CEH-related jobs
- Open Forensics-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs