Kaleris
Governance Risk and Compliance Lead
Kaleris, Boston, Massachusetts, us, 02298
Job Description:
We're looking for a Senior Manager of Governance, Risk, and Compliance (GRC). This strategic role is crucial for building and enhancing the GRC framework within our organization. The ideal candidate will be responsible for establishing the program and ensuring ongoing compliance with relevant laws and industry standards, while also working closely with cross-functional teams to achieve the organization's goals. This role will report to the Chief Information Security Officer (CISO) and will be instrumental in building a robust GRC program. This position has a global scope and includes responsibility for monitoring new regulatory frameworks that may impact our ability to do business.
Responsibilities Program Development:
Architect and implement the GRC program, aligning it with business objectives and regulatory requirements. Mentor and develop talent as the team grows in the future.
Compliance Frameworks:
Manage key compliance frameworks such as ISO 27001 and SOC 2, ensuring organizational practices meet or exceed these standards. Maintain a comprehensive understanding of applicable laws and regulations to ensure the organization remains compliant, adapting our compliance strategy to reflect regulatory changes and industry trends.
Risk Assessment and Risk Register:
Perform cyber risk assessments and maintain a detailed risk register, tracking and prioritizing risks to ensure effective risk mitigation and management.
Third-Party Risk Management:
Implement a third-party risk management process, conducting due diligence and continuous monitoring of vendor compliance.
Policy and Procedure Oversight:
Continuously review and update security policies and procedures to maintain current and enforceable standards.
Collaborative Leadership:
Work collaboratively with the product team, IT, and other security leaders to integrate GRC into product development, IT operations, and overall security strategy. Work with Product Owners to ensure their compliance with global policies and regulations.
Reporting and Metrics:
Develop and provide reporting metrics for compliance and risk management frameworks to senior leadership, ensuring transparency and accountability in our GRC efforts.
Continuous Improvement:
Champion continuous improvement within the GRC program, ensuring responsiveness to new challenges and regulatory changes.
Regulatory Monitoring:
Monitor and assess new regulatory frameworks globally that may impact our ability to do business, ensuring proactive adaptation of our compliance strategies.
Product Compliance Tracking:
Track compliance per product, ensuring all products meet global policies and regulations.
Audit Efforts:
Lead audit efforts for security, ensuring the organization's security practices are thoroughly evaluated and meet required standards.
Sales Support:
Assist the sales team with RFP questionnaires, providing detailed and accurate information to support business development efforts.
Requirements
Professional Certifications:
Certifications such as CISA, CIA, ISO/IEC 27001 Lead Implementer, or ISO/IEC 27001 Lead Auditor are highly valued.
Experience:
Minimum 8 years of experience in GRC with a strong emphasis on compliance management in the software or technology industry.
Education:
Bachelor's degree in a related field, with an advanced degree or additional certifications beneficial.
Program Building:
Proven capability to build and scale GRC programs from the ground up.
Communication:
Exceptional communication skills, crucial for effective program advocacy and stakeholder engagement.
Risk Management:
Expert-level understanding of risk management practices and the ability to convey complex risk scenarios to various stakeholders.
Preferred Tools:
Experience using modern GRC tools such as Vanta or Drata is preferred.
Benefits & Compensation
Competitive compensation package Full benefits package (medical, dental, vision) with option for HSA FSA and DCFSA Pet insurance Paid Time Off (FlexPTO, parental leave, volunteering time off) 401K (with employer match) Life/AD&D (paid for by Kaleris) Disability (LTD and STD plan paid for by Kaleris) Employee Assistance Program Career growth and mentorship
Kaleris is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.
Kaleris is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.
We're looking for a Senior Manager of Governance, Risk, and Compliance (GRC). This strategic role is crucial for building and enhancing the GRC framework within our organization. The ideal candidate will be responsible for establishing the program and ensuring ongoing compliance with relevant laws and industry standards, while also working closely with cross-functional teams to achieve the organization's goals. This role will report to the Chief Information Security Officer (CISO) and will be instrumental in building a robust GRC program. This position has a global scope and includes responsibility for monitoring new regulatory frameworks that may impact our ability to do business.
Responsibilities Program Development:
Architect and implement the GRC program, aligning it with business objectives and regulatory requirements. Mentor and develop talent as the team grows in the future.
Compliance Frameworks:
Manage key compliance frameworks such as ISO 27001 and SOC 2, ensuring organizational practices meet or exceed these standards. Maintain a comprehensive understanding of applicable laws and regulations to ensure the organization remains compliant, adapting our compliance strategy to reflect regulatory changes and industry trends.
Risk Assessment and Risk Register:
Perform cyber risk assessments and maintain a detailed risk register, tracking and prioritizing risks to ensure effective risk mitigation and management.
Third-Party Risk Management:
Implement a third-party risk management process, conducting due diligence and continuous monitoring of vendor compliance.
Policy and Procedure Oversight:
Continuously review and update security policies and procedures to maintain current and enforceable standards.
Collaborative Leadership:
Work collaboratively with the product team, IT, and other security leaders to integrate GRC into product development, IT operations, and overall security strategy. Work with Product Owners to ensure their compliance with global policies and regulations.
Reporting and Metrics:
Develop and provide reporting metrics for compliance and risk management frameworks to senior leadership, ensuring transparency and accountability in our GRC efforts.
Continuous Improvement:
Champion continuous improvement within the GRC program, ensuring responsiveness to new challenges and regulatory changes.
Regulatory Monitoring:
Monitor and assess new regulatory frameworks globally that may impact our ability to do business, ensuring proactive adaptation of our compliance strategies.
Product Compliance Tracking:
Track compliance per product, ensuring all products meet global policies and regulations.
Audit Efforts:
Lead audit efforts for security, ensuring the organization's security practices are thoroughly evaluated and meet required standards.
Sales Support:
Assist the sales team with RFP questionnaires, providing detailed and accurate information to support business development efforts.
Requirements
Professional Certifications:
Certifications such as CISA, CIA, ISO/IEC 27001 Lead Implementer, or ISO/IEC 27001 Lead Auditor are highly valued.
Experience:
Minimum 8 years of experience in GRC with a strong emphasis on compliance management in the software or technology industry.
Education:
Bachelor's degree in a related field, with an advanced degree or additional certifications beneficial.
Program Building:
Proven capability to build and scale GRC programs from the ground up.
Communication:
Exceptional communication skills, crucial for effective program advocacy and stakeholder engagement.
Risk Management:
Expert-level understanding of risk management practices and the ability to convey complex risk scenarios to various stakeholders.
Preferred Tools:
Experience using modern GRC tools such as Vanta or Drata is preferred.
Benefits & Compensation
Competitive compensation package Full benefits package (medical, dental, vision) with option for HSA FSA and DCFSA Pet insurance Paid Time Off (FlexPTO, parental leave, volunteering time off) 401K (with employer match) Life/AD&D (paid for by Kaleris) Disability (LTD and STD plan paid for by Kaleris) Employee Assistance Program Career growth and mentorship
Kaleris is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.
Kaleris is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.