Responsibilities

Establish best in class processes, operations, engineering & automation for managing and monitoring compliance at the cloud Application, Platform, and Infrastructure levels.

Lead strategy and execution of the cloud Common Control Framework (CCF) and Continuous Control Monitoring (CCM) programs to address current domains (i.e. Security, Privacy, Quality, Sustainability and Accessibility) and third party attestations/certification (i.e. ISO 27001, ISO 27017, ISO 27018, ISO 27701, SOC 1, SOC 2, NIST 800-53, MTCS, IRAP, German C5 and more).

Develop and maintain policy and procedures that drives key activities.

Drive compliance onboarding and significant change request process along with cloud risk management teams to identify new product applications, features, deployments, and functionality to ensure timely inclusion in compliance programs and certifications.

Evangelize CCF to drive control owner awareness and education to ensure controls are implemented, maintained and compliant.

Develop and lead new domain/certification ingestion process for new standards, regulations and/or other requirement sets presented to address regulated markets, risk mitigation and/or company forward thinking.

Drive efficiency in the compliance process through automation and rationalizing configuration/code-based compliance controls over manual process and controls.

Work with engineering teams on new cloud and datacenter deployments, addressing compliance requirements as part of initial design and deployment.

Requirements

Bachelor’s degree in Computer Science, Computer Engineering or related field of study, or foreign equivalent.

For foreign equivalent, employer will accept any combination of degrees, diplomas and/or completed examinations deemed equivalent by a professional credential evaluator to a U.S. Bachelor’s degree in Computer Science, Computer Engineering or related field of study.

7 years of related professional experience, including 5 years of hands-on experience in Governance Risk and Compliance fields.

Deep understanding of commercial certification and attestation to include SOC 1, SOC2, ISO 27001, ISO 27701, PCI-DSS, HITRUST, Singapore MTCS, and Australia IRAP.

Demonstrated ability to build out scalable compliance systems and processes for complex environments and regulations.

Demonstrated ability to build and lead product development.

Deep understanding of compliance audit testing and design of tests.

Self-motivated, self-directed, and able to thrive in a fast-paces environment with a passion to make an impact.

Ability to work across the organization to evangelize and influence company compliance efforts.

Demonstrated ability to interface successfully with customers and engineering teams in critical and challenging audits and conversations.

Strong leadership skills, strategy, analytical, problem-solving, decision-making; works under minimum direction.

Prior experience with an SaaS, PaaS or IAAS Cloud environment.

Position reports to company headquarters in Santa Clara, telecommuting permitted

Ushur

GRC Director - Position reports to company headquarters in Santa Clara, telecommuting permitted