Staff Security Privacy, Trust, and GRC Advisor

Austin, TX or Remote, US

Applications have closed

Workrise

We are changing the way the biggest players in Oil & Gas find, evaluate, purchase from, and manage the vendors they rely on to operate.

View company page

As the leading workforce management solution for the skilled trades, Workrise makes it easier for skilled laborers to find work, and for companies to find in-demand workers. Workrise currently operates in wind, solar, construction, oil and gas, and defense industries. We’re growing, and we’d love to learn what you can add to our team!

Workrise is hiring a Staff Advisor, Security Privacy, Trust, and GRC that will be responsible for leading and driving the development and management of the data privacy, customer trust, and security governance, risk, and compliance functions. This role will need to build functions from scratch with limited oversight or direction to meet the objectives of the Security Organization. Our ideal candidate for this role will be someone who has multiple years of experience in the privacy, trust, or GRC space and wants to use that experience to build these functions for a promising and exciting startup. Additionally, this leader needs to be analytical, data driven, and forward thinking to ensure the privacy, trust, or GRC functions are built to scale the business.  

Why join us? Our Security Privacy, Trust, and GRC team at Workrise is helping to build a modern and scalable platform for the future of the skilled labor workforce. You will be building and then owning security functions within the security organization. You will have the opportunity to engage with stakeholders and control owners across the organization as you work to build out all of the necessary pieces of privacy, trust, and GRC. You will provide real impact in moving the ball forward for privacy, trust, and GRC to allow Workrise to scale, grow, and win new business.

 

What you’ll be doing:

  • Manage the development, annual review, and off-cycle requests for security policy and standards. 
  • Manage the development and operation of cyber risk management programs, driving the documentation and management of risk treatment.
  • Manage the execution of cyber risk assessments for business processes, technology, and products
  • Provide guidance for the risk treatment/management process
  • Build functions for the engagement of privacy, trust and GRC programs with customers, employees, and stakeholders to enable “Security-as-a-service” principles and goals
  • Manage the GRC tooling and associated data
  • Manage external audits by customers and certification bodies through the audit lifecycle
  • Direct security IT audits to include evidence of lifecycle management, control walkthrough scheduling and execution, documentation of control CAPs, and management of corrective action plans
  • Own and manage the development of security compliance programs for industry security frameworks (SOX ITGCs, AICPA TSC [SOC 2], ISO 27001, GDPR, CCPA, NIST CSF, etc)
  • Make recommendations to management regarding programs, processes, etc.
  • Provide support and mentors others on the team, sharing insights, knowledge, and experience
  • Complete peer review for the team to ensure others understand data sources, improve


What you must have:

  • Bachelor’s degree in computer science, Information Systems Management, Cybersecurity, Information Assurance or related field or equivalent relevant experience
  • 8+ years of technical professional experience in IT audit, IT risk management, or security governance
  • Extensive experience in assessing the effectiveness of information security controls (test of design, test of effectiveness, etc)
  • Strong understanding experience with cyber risk management and mitigation
  • Experience in access management, change management, security operations, etc
  • Strong knowledge of multiple industry accepted information security frameworks (e.g. SOX ITGCs, AICPA TSC [SOC 2], ISO 27001, GDPR, CCPA, INST CSF, etc)
  • Experience with public cloud solutions providers (AWS, Azure, and/or GCP)
  • Experience bringing out GRC functions within third-party tooling platforms (Archer, Metricstream, ServiceNow, etc.)
  • Strong working knowledge of Microsoft Office and Google Workspace.
  • Exposure to working with 3rd parties on contract/engagement work (e.g. writing RFPs, getting quotes, writing business cases, reviewing SOWs, working with internal procurement teams, etc)
  • Possess one or more industry accepted information security certification (CISA, CISSP, CRISC, CCSK, CIPPP, etc)
  • Experience providing training and guidance to junior team members
  • Strong communication and critical thinking skills, attention to detail, and experience collaborating cross-functionally with stakeholders.

Nice to have: 

  • Experience in a startup environment 

 

More than a job:

At Workrise you can feel good about supporting our mission to serve those who do the hard work. We recognize that making an impact matters to you and we believe in providing an environment that fosters your growth. We use data to drive our decisions and improve the experience of our workers and the clients we serve. With mutual respect for each other, we continually collaborate to find the best solution.

In appreciation for your contributions, we support you with:

  • Talented peers who can help bring out your best
  • Medical, dental, and vision insurance
  • Flexible remote work support where applicable
  • Professional development budget, wellness allowance and vacation stipend for eligible roles
  • Opportunity to earn bonus, commission, and/or equity on eligible roles
  • Flexible paid time off for full-time
  • 401(k) with company matching contribution

Workrise is committed to providing an environment where any and all people feel belonging, respected, and free to be their authentic selves. We welcome applicants of all gender identity and expression, sexual orientation, neurodiversity, educational background, religion, ethnicity, disability, age, veteran status, and citizenship. We’d love to learn what you can add to our team.

Who we are:

In 2014, we set out to create a better way to manage and deploy Oil & Gas workers at scale through technology. Over time, we’ve grown to add Renewables in service of the energy industry. 

We’re a Series E startup, backed by industry-leading investors Founders Fund, Bedrock Capital, Andreesen Horowitz, and Baillie Gifford. To date, we’ve placed over 26,000 skilled tradespeople with over 500 businesses and are poised to grow exponentially.

We’d love to share more through the interview process and look forward to learning more about your journey.

 

To all recruitment agencies: Workrise does not accept agency resumes. Please do not forward resumes to our jobs alias, Workrise employees or any other organization location. Workrise is not responsible for any fees related to unsolicited resumes.

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Tags: Audits AWS Azure CCPA CISA CISSP Cloud Compliance Computer Science CRISC GCP GDPR Governance ISO 27001 NIST Privacy Risk assessment Risk management SOC SOC 2 SOX

Perks/benefits: Career development Flex hours Flex vacation Health care Home office stipend Insurance Salary bonus Startup environment Wellness

Regions: Remote/Anywhere North America
Country: United States
Job stats:  14  3  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.