Jobs
Abnormal Security logoAbnormal Security

Director, GRC

About the Role

Abnormal Security is looking for a head of Governance, Risk, and Compliance (GRC) to join the Security & Privacy team. The Security & Privacy team owns the information and cybersecurity program for the company, including Security Operations, GRC, Privacy, and Customer Trust. This role will own the strategy and execution GRC program, which includes our Customer Trust program. The ideal candidate will have the desire and ability to roll up their sleeves as a player-coach, the mindset of an auditor with a keen attention-to-detail,  excellent communication skills, strong collaboration and business sense, and a adept awareness of our customers’ requirements of Abnormal as a leading cybersecurity SaaS provider. 

Who you are

  • Strong oral and written communication skills along with presentation skills; the ability to quickly build rapport with internal and external stakeholders.
  • Ability to lead, mentor, inform, and recruit a diverse team of information security compliance professionals.
  • Team player, collaborative work style.
  • High attention to detail, process, and organization.
  • Outstanding analytical and communication (written and verbal) skills and exercises good business judgment
  • Demonstrated experience presenting detailed, technical concepts to both technical and non-technical audiences.
  • Results-oriented, values collaboration, self-motivated, and willing to adapt to change in a fast-moving environment.
  • Strong project management skills to ensure accountability and results.
  • Ability to manage multiple priorities and meet deadlines in a fast-paced environment.
  • Operate within an agile environment, and provide leadership to adapt to dynamics in technology, industry, cyber threats, and our own business.
  • Ability to take unpopular positions when necessary, influence others to support these decisions, and maintain trust and credibility.

What you will do 

Governance

  • Provide leadership, guidance, and support to the governance, risk, and compliance team, ensuring they have the necessary resources and tools to carry out their responsibilities effectively.
  • Monitor and report on the effectiveness of the governance, risk, and compliance programs to the CISO and executive team.
  • Establishes and maintains strong working relationships with industry peers and other external stakeholders.
  • Keep abreast of regulatory and industry developments and advise the CISO and executive team on the potential impact on the organization.
  • Define the GRC strategy and ensure the selection of controls is consistent with the strategy.
  • Implement a metrics-based reporting framework to measure the efficiency and effectiveness of the program and facilitate appropriate resource allocation to increase the maturity of the information security program.
  • Define security standards, and oversee the security training, awareness, and mentorship of employees.
  • Evangelize a culture of security throughout Abnormal through education, trust, and empathy.
  • Formalizes business continuity planning and leads its maturation.

Risk Management

  • Design and implement an integrated risk management approach that applies operating controls to manage information security risk.
  • Recommend, develop, and manage the company’s risk register, including the definition and reporting on key risk indicators (KRIs) and key performance indicators (KPIs)
  • Conduct regular risk assessments and work with relevant departments to identify, evaluate, and mitigate risks across the organization.
  • Provide leadership on where to target our risk mitigation efforts to meet ever-changing security and privacy requirements.
  • Defines, develops, and implements capabilities to manage third-party cybersecurity risks.

Compliance

  • Using ISO27001 and the NIST framework as a baseline, set annual and long-range security and compliance goals, operational controls, and metrics.
  • Formalize and implement a controls assessment program and associated procedures in partnership with key stakeholders to use collected data to develop, implement, maintain, and revise policies, procedures, and systems to appropriately mitigate the risks identified.
  • Support the improvement and development of self-service reporting tools/capabilities, working in collaboration with key stakeholders.
  • Liaise with key stakeholders to remediate new and outstanding issues; tracks compliance and security-related issues.
  • Lead the company’s efforts to enhance data security and handling controls.
  • Supervise the work of our external auditors to maintain current security certifications while proactively identifying opportunities to enhance them.
  • Coordinate SOC 2 and/or ISO 27001 audits and work with relevant control owners to minimize disruption while successfully completing the efforts in a timely manner.
  • Ensures compliance with customer contractual obligations.

Customer Trust

  • Work with potential customers to provide insight and assurance to Abnormal’s security and compliance programs.
  • Support legal, security, and privacy in reviewing and consulting on customer contracts and data processing agreements (DPAs).
  • Meet with customers and prospects to provide insight and assurances on Abnormal’s commitment to strong security, compliance, and privacy controls.

Must Haves 

  • 8+ years of experience in cyber security, technology risk, and compliance roles; preferably at a technology or SaaS / Cloud and/or with a regulated public company
  • 4+ years experience in leadership in information security or risk management function
  • Bachelor’s degree or equivalent military experience with at least 7 years of Risk Assurance/Compliance and or Information Security experience. Prefer a degree in information assurance, computer science, information security, or business.
  • Strong understanding of cybersecurity risk management and ability to effectively communicate cybersecurity risk functions to executives.
  • Demonstrated track record of successfully developing and maturing cyber risk organizations with an emphasis on delivering results.
  • Strong understanding and practical experience working with GDPR, CPRA, FedRAMP/StateRAMP, PIPEDA, LGPD, HIPAA, PCI-DSS, and SOX.
  • Familiarity with ISO 27001, ISO 27701, NIST cyber framework, or others such as HITRUST and NIST SP800-53, NIST SP800-171, and CMMC. 
  • Experience with coordinating and/or managing SOC 2 and/or ISO 27001 audits.
  • Proven experience in developing and leading Governance, Risk & Compliance (GRC) programs with efficient process design and optimization and project management.
  • Familiarity with Governance Risk Compliance (GRC) tools
  • Experience reviewing contracts, authoring security clauses, and representing an organization as a data security subject matter expert.
  • Understanding of business resiliency, business continuity, and disaster recovery for a SaaS/cloud-native organization.

Nice to Haves

  • Master of Business Administration, Cybersecurity, or Cybersecurity Law preferred.
  • Professional certifications (CISSP, CISM, CISA, or other security-related) are a plus.
  • Experience leading GRC for a SaaS / tech company
  • Experience with highly regulated environments (e.g., Financial, Healthcare, etc.)

#LI-ML1

Cyber Security Jobs by Category

Remote jobsFull Time jobsCISM jobsCISO jobsConsulting jobs

Cyber Security Salaries

Remote SalaryFull Time SalaryCISM SalaryCISO SalaryConsulting Salary