Security GRC Lead

Skimlinks, a Connexity company, is a global e-commerce monetization platform, with offices in LA, London, Germany, and NYC. We work with over 60,000 premium publishers (Condé Nast, Hearst Magazines, Buzzfeed…) and 50,000 retailers around the world (Nordstrom, Anthropologie, Saks, Urban Outfitters, Coach, Lululemon...)helping content producers get paid commissions for the products and brands they write about. This gives us a direct view of the browsing and shopping behaviours of over 650 million users. Our technology understands the web pages users visit, the brands and products they look at, the links they click on, and the purchases they make, across our entire network. We track over $2.5m affiliated sales every day and have the expertise and the tools to power all commerce strategies on every channel development of new Merchant / Advertiser client relationships. Connexity has recently been acquired by Taboola to make the first Open-Web Source for Publishers connecting editorial content to product recommendations, where readers can easily buy products related to stories they are reading. Over the last 2 years with our parent company, Taboola, we've gone from being a privately held company to a public company, and as such we are scaling the scope of our compliance activities. As Security GRC lead, you will help take us from walking to running in this new stage of GRC maturity.

Responsibilities Include:

* Lead the operationalisation of security compliance programs to support various compliance regulations.

* Establish and manage Connexity's Governance, Risk Management & Compliance (GRC) operating model and workflow.

* Perform security review on all Connexity and Skimlinks vendors with access to Connexity's information.

* Manage yearly security certification, SOX certification, ISO27001 certification, and other GRC certification activities

* Manage and coordinate risk assessments and penetration tests in the company.

* Establish and maintain security metrics and reporting.

* Respond to customer security/compliance questionnaires

* Contribute to security and compliance policy definition and refinement

* Work with IT, Engineering and compliance professionals across the organisation to ensure that policy adherence is maintained.

Requirements

* Candidate must have 5+ years working in governance, risk and compliance and/or information security and risk management.

* Functional knowledge of applicable security and privacy regulatory requirements (SOX, GDPR).

* Functional knowledge of ISMS governance models (i.e. ISO 27001, NIST), information security roles, security controls.

* Functional knowledge of common security certifications (i.e. ISO 27001) and ability to glean significance from findings identified in these reports.

* Ability to communicate risk methodologies and concepts to the business unit and IT.

* Demonstrated experience with controls definition, development, implementation and assessment.

* Strong interpersonal skills and ability to work effectively with diverse and distributed teams.

* Strong attention to detail, project management and organisational skills.

Benefits

Voted “Best Places to Work,” our culture is driven by self-starters, team players, and visionaries. Headquartered in Los Angeles, California, the company operates sites and business services in the US, UK, and EU. We offer top benefits including Annual Leave Entitlement, paid holidays, competitive comp, team events and more! Learning & Development is also of vital importance to Connexity where each employee has their own career plan, and receives their own Annual Learning Budget to spend as they wish.

• Healthcare insurance & cash plans
• Pension
• Income Protection
• Parental Leave Policies
• Learning & Development Program
• Flexible work schedules and work from home/work from office policy
• Wellness Resources
• Equity

We are committed to providing a culture at Connexity that supports the diversity, equity and inclusion of our most valuable asset, our people. We encourage individuality and are driven to represent a workplace that celebrates our differences, and provides opportunities equally across gender, race, religion, sexual orientation, and all other demographics. Our actions across Education, Recruitment, Retention, and Volunteering reflect our core company values and remind us that we’re all in this together to drive positive change in our industry.

#HP