Manager, Technology Governance, Risk and Compliance

As a member of the ShipBob Team, you will benefit from an environment where everything is achievable. We aim to be a place where you can:

• Write Your Career Story.  Because we are solving some of the most difficult problems in global commerce, you have the opportunity to write the story that will make your career.
• Experience Global Impact and Global Connection.  At ShipBob we benefit from diverse cultures and perspectives in service of the global community.
• Grow With An Ownership Mindset. We believe that great innovation comes from great transparency.  We are more resilient and more creative when we have an inclusive and transparent culture where everyone knows our strengths and opportunities.

Title: Manager, Tech Governance, Risk, & Compliance

Location: Remote in these states: AZ, CA, CO, FL, GA, KS, KY, IA, ID, IL, IN, MA, ME, MI, MN, MO, NC, NH, NJ, NV, NY, OH, OR, PA, RI, SC, SD, TN, TX, VA, VT, WA, WI

Role Description:

The Manager, Tech GRC will be responsible for managing and scaling programs and developing solutions that help ShipBob evaluate, measure, monitor and report on the state of information management and third-party information security risk.  This role will partner with key stakeholders such as Legal/Privacy, Procurement and SFN management to ensure information security risks are accurately assessed and contract language appropriately protects ShipBob from information security risks posed by third-party entities. This role will also work with key functional leaders across the enterprise to understand and document information management at ShipBob including as data creation, classification, protection, transmission and retention.   This position will report directly to the Director, Tech Governance Risk and Compliance. 

The opportunities for you to solve:

Management

• Manage assessment intake and oversight to ensure pipeline of assessments is managed in a timely and efficient manner.
• Contribute to the team’s continuous improvement efforts by identifying opportunities and owning the development and implementation.
• Develop and mature processes for Information Management and Third-Party Risk Management based on industry best practices/generally accepted frameworks/standards.
• As the team grows, oversee day-to-day activities of junior team members and consultants.

Risk Assessments and Analysis

• Work with business to understand the “what” and “how” of third-party entities/services to accurately categorize, assess level of risk, and scope of assessment. Third parties include ShipBob Partners and entities providing third party services to ShipBob.
• Document data flow and classification of data being shared with third party entities/services.
• With Legal, identify data retention requirements and ensure appropriate backup obligations are agreed to with third party entities.
• Perform timely assessments of third-party controls to identify, document, and communicate key deficiencies to the business and Information Security management.
• Coordinate with Information Security Engineers to incorporate technical reviews into overall assessment (as needed).
• Coordinate with Legal to incorporate Privacy reviews into overall assessment (as needed).
• Report on assessment outcomes, risk level, and associated recommendations to remediate issues.
• Support periodic re-assessment activities to ensure third-party adherence to security requirements and to assess evolving risks and current threats.

Findings Management, Reporting and Analytics

• Monitor third-party corrective action plans against agreed upon timelines.
• Review third-party remediation evidence for closure of findings.
• Monitor the effectiveness of the third-party risk assessment process in accordance with agreed metrics and performance measures to drive continuous improvements.
• Assist with development and reporting of Key Performance Indicator metrics.
• Maintain timely, accurate, and complete third-party inventory and data within the identified system of record.
• With Procurement, track and monitor annual spend with third-party vendors to manage budget, identify areas for cost savings and reduce duplication of investment.

Contract Review

• Working with Procurement and Legal, review contracts to ensure appropriate data security terms are included to protect ShipBob from data and content security risks.
• Provide comments and acceptable alternatives to vendor contract revisions, in alignment with defined guidance.
• Stay abreast of existing and upcoming regulatory legislation and oversight requirements to assess potential impacts to the ShipBob Third-Party Risk Management program.

What you’ll bring to the table:

• Security+, CISSP, CISA, CISM, CRISC or related certifications strongly preferred but equivalent knowledge will be considered.
• 6+ years working in information security and/or third-party risk management, with experience in a technical setting.
• 3+ years’ experience with understanding and assessing third-party information security/technical risks and controls.
• Experience in performing data security contract reviews.
• Knowledge of controls frameworks and industry standard frameworks (NIST CSF, SSAE 18/SOC, ISO27001, etc.)
• Solid knowledge in areas such as cloud security, network security, application security and vulnerability management.
• Comfortable working in a highly iterative environment and experience with continuous improvement initiatives.
• Excellent verbal and written communication skills to effectively collaborate with internal and external stakeholders including Privacy, Legal, Procurement, and the business.
• Able to assess risk and translate it to business relevant considerations and facts.
• Demonstrate pride in work, showing focus and a sense of urgency to reach goals on time.
• Detail-oriented individual with organizational, critical thinking, analytical, and problem-solving skills; able to maintain a balance between the details and the larger picture.
• Able to learn and apply new concepts quickly and to proactively enhance personal, professional, and business growth through new knowledge and experiences.
• Able to independently and effectively handle multiple competing priorities and make good use of resources (e.g. time, people, money).
• Demonstrated ability to be proactive, take ownership of and solve problems.
• Strong leadership, project, and team-building skills, including the ability to lead cross-functional teams and drive projects and initiatives.

We recognize that people come with a wealth of experience and talent beyond just the technical requirements of a job. If your experience is close to what you see listed here, please still consider applying. Diversity of experience and skills combined with passion is a key to innovation and excellence; therefore, we encourage people from all backgrounds to apply to our positions.

About You:

At ShipBob, we’re looking to bring on board people who embody our core values:

• Be Mission-Driven.  We want team members that are passionate about helping entrepreneurs improve their business, and bring that passion every day.
• Be Humble. We have ambitious goals, and our team members understand that success or failure depends on us working together and leaving egos at the door.
• Be Resilient. Logistics is a complicated business. So is software. We value team members that never give up and keep iterating until a problem is solved.
• Be a Creative Problem Solver. As a startup, we value smart, innovative solutions to complex problems. We fall in love with the problem, not our “favorite” solution.
• Be Safety Minded. It’s not just talk; it’s the way you work.

About Us: 

ShipBob is a cloud-based logistics platform that partners with thousands of e-commerce businesses to help make their entrepreneurial dreams a reality. We offer a full suite of fulfillment solutions for our merchants, including the ability to improve their transit times, shipping costs and deliver a best in class experience to their customers. 

As one of the fastest growing tech companies in Chicago backed by blue-chip investors like Menlo Ventures, Bain Capital Ventures, Hyde Park Venture Partners and SoftBank Vision Fund 2, our goal is to continue to be the best fulfillment technology in the industry. 

ShipBob provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.

This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.