Governance, Risk and Compliance Manager
Remote (US timezones)
We’re growing fast! Spun out of the Stanford AI lab and chaired by Google-X founder Sebastian Thrun, Cresta launched in 2020. Since then, we’ve grown revenue and our team by 300%! We’ve assembled a world-class team of AI and ML experts, go-to-market leaders, and top-tier investors and advisors including Andreessen Horowitz, Greylock Partners, Sequoia, and former AT&T CEO John Donovan. Our valued customers include brands like Intuit, Porsche, Adobe, and Dropbox and we have been recognized as a startup to watch by Business Insider, Forbes, and Gartner to name a few. We have huge ambitions and are looking for stellar candidates who have an entrepreneurial mindset and are excited to use cutting-edge AI to solve real-world business problems.
Cresta is seeking a passionate individual with solid compliance experience to drive the GRC function and support growing global data protection and cybersecurity efforts.
What you'll be doing:
- Perform risk assessments to identify gaps, come up with recommendations, and drive the gaps to remediation.
- Streamline SOC 2 Type II, ISO 27001 & 27701, PCI-DSS, TISAX and HIPAA audit processes.
- Perform internal audits and keep the necessary documentation updated as required for audits.
- Perform gap assessments against new regions and target industry markets to comply with compliance regulations as the company expands.
- Conduct new-hire and annual security awareness training to educate personnel and re-iterate security and compliance requirements.
- Establish metrics to track compliance program effectiveness and to report risk.
- Interface with both technical (Engineering/Product) and non-technical (Sales/Marketing/Customer Success) teams.
- Respond to customer RFIs, questions, and technical documentation requests (i.e. SOC 2 Type II report).
- Help build our common control framework and drive adoption of the framework within the organization.
- Build and automate processes to achieve continuous compliance over the technology control environment.
- Assist with sales and marketing materials representing product security and compliance.
What we're looking for:
- 5+ years of experience in security governance, IT audit, or security compliance management
- 3+ years of program management, with experience in affecting technology decisions
- End-to-end experience going through SOC 2 Type 2, HITRUST, HIPAA, TISAX, ISO 27001 & 27701, and PCI-DSS external audits
- Experience in a hands-on technical role, with basic understanding of software implementation and integration
- Experience with cloud environments on AWS, GCP, Azure
- A track record of building relationships and credibility with business leads, external partners, and regulators through collaborative and independent programs
- Experience managing competing efforts and requirements
- Experience with fast-growing cloud native SaaS start-ups
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Audits AWS Azure Cloud Compliance GCP Governance HIPAA HITRUST ISO 27001 Product security Risk assessment SaaS SOC SOC 2 TISAX
Perks/benefits: Equity Startup environment
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Principal Security Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Chief Information Security Officer jobs
- Open Senior Information Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Cybersecurity Consultant jobs
- Open Senior Penetration Tester jobs
- Open IT Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Security Researcher jobs
- Open IT Security Engineer jobs
- Open Sr. Security Engineer jobs
- Open Senior Security Architect jobs
- Open Cybersecurity Specialist jobs
- Open Windows-related jobs
- Open CISM-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open Analytics-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open SaaS-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Malware-related jobs
- Open Forensics-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open CEH-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs