Tanium
GRC Director - 6150971
Tanium, Clyde Hill, Washington, United States,
Tanium GRC Director - 6150971 Clyde Hill, Washington Apply Now
The BasicsTanium is looking for a Governance, Risk, and Compliance (GRC) Director to join the information security team. This position reports directly to the CISO. The GRC Director is a leader with strong knowledge of security frameworks, controls, and audit techniques who seeks to improve how compliance programs are implemented and maintained. The ideal candidate will bring a passion for improving the customer experience by easing operational burdens associated with compliance and will have a focus on enhancing transparency across the security landscape. Candidates should be highly organized and detail-oriented with excellent communication skills and a strong bias towards getting things done while advocating for continuous improvement. As a leader within the Information Security Team, the GRC Director takes a significant role in actively promoting a culture of information security throughout the organization.What you'll doProactively and consistently manage Tanium's mission-critical compliance frameworks, including ISO 27001, SOC2 Type 2, FedRAMP, and other frameworks.Develop, enhance, and operationalize enterprise-level security, risk, and privacy policies, processes, and controls to mitigate risk and comply with applicable laws and regulations.Own and manage Tanium's risk quantification & management program.Manage & improve the process to respond to client audit and related requests in a timely manner.Own and implement a vision for GRC tactics and methods which scale with Tanium's business needs and balance efficient execution with comprehensive and repeatable processes.Manage, support, and inspire a team of GRC professionals.Oversee third-party technical risk assessments and related audit activity.Serve as a subject matter expert for information security risk management principles and practices.Collaborate with executives and key stakeholders across Tanium to review projects, assess business-critical systems, and ensure compliance with compliance frameworks and data privacy laws.As necessary, perform and advise on privacy impact assessments.Perform internal technical risk assessments/audits.Proactively assess potential items of risk and opportunities.Promote a culture of information security across all business units.Understand the role of systems and technology within the firm and the value they deliver to the business.We're looking for someone withEducation:
Bachelor's Degree in Computer Science, IT, or other relevant degree or equivalent work experience.
Experience:
7+ years of experience in Information Security and/or Data Privacy Compliance positions.Deep expertise implementing and managing Federal compliance frameworks such as FedRAMP, CMMC, etc.Deep expertise in common compliance standards, e.g., ISO27001/270017/270018, SOC 2, NIST CSF, and PCI DSS.Strong knowledge of the global data security regulatory environment.Strong knowledge of global privacy regulations and requirements (e.g., CCPA, GDPR, HIPAA, PIPEDA, UK DPA, and Privacy Shield, and others).Propensity for making analytical risk-based decisions and recommendations.Ability to convey complex information in a clear and concise manner both verbally and in written form.Demonstrated track record of managing a team of highly motivated, independent analysts/SMEs.Experience with Objectives and Key Results (OKRs) and/or Kanban principles.
About TaniumTanium, the industry's only provider of converged endpoint management (XEM), leads the paradigm shift in legacy approaches to managing complex security and technology environments. Only Tanium protects every team, endpoint, and workflow from cyber threats.
#J-18808-Ljbffr
The BasicsTanium is looking for a Governance, Risk, and Compliance (GRC) Director to join the information security team. This position reports directly to the CISO. The GRC Director is a leader with strong knowledge of security frameworks, controls, and audit techniques who seeks to improve how compliance programs are implemented and maintained. The ideal candidate will bring a passion for improving the customer experience by easing operational burdens associated with compliance and will have a focus on enhancing transparency across the security landscape. Candidates should be highly organized and detail-oriented with excellent communication skills and a strong bias towards getting things done while advocating for continuous improvement. As a leader within the Information Security Team, the GRC Director takes a significant role in actively promoting a culture of information security throughout the organization.What you'll doProactively and consistently manage Tanium's mission-critical compliance frameworks, including ISO 27001, SOC2 Type 2, FedRAMP, and other frameworks.Develop, enhance, and operationalize enterprise-level security, risk, and privacy policies, processes, and controls to mitigate risk and comply with applicable laws and regulations.Own and manage Tanium's risk quantification & management program.Manage & improve the process to respond to client audit and related requests in a timely manner.Own and implement a vision for GRC tactics and methods which scale with Tanium's business needs and balance efficient execution with comprehensive and repeatable processes.Manage, support, and inspire a team of GRC professionals.Oversee third-party technical risk assessments and related audit activity.Serve as a subject matter expert for information security risk management principles and practices.Collaborate with executives and key stakeholders across Tanium to review projects, assess business-critical systems, and ensure compliance with compliance frameworks and data privacy laws.As necessary, perform and advise on privacy impact assessments.Perform internal technical risk assessments/audits.Proactively assess potential items of risk and opportunities.Promote a culture of information security across all business units.Understand the role of systems and technology within the firm and the value they deliver to the business.We're looking for someone withEducation:
Bachelor's Degree in Computer Science, IT, or other relevant degree or equivalent work experience.
Experience:
7+ years of experience in Information Security and/or Data Privacy Compliance positions.Deep expertise implementing and managing Federal compliance frameworks such as FedRAMP, CMMC, etc.Deep expertise in common compliance standards, e.g., ISO27001/270017/270018, SOC 2, NIST CSF, and PCI DSS.Strong knowledge of the global data security regulatory environment.Strong knowledge of global privacy regulations and requirements (e.g., CCPA, GDPR, HIPAA, PIPEDA, UK DPA, and Privacy Shield, and others).Propensity for making analytical risk-based decisions and recommendations.Ability to convey complex information in a clear and concise manner both verbally and in written form.Demonstrated track record of managing a team of highly motivated, independent analysts/SMEs.Experience with Objectives and Key Results (OKRs) and/or Kanban principles.
About TaniumTanium, the industry's only provider of converged endpoint management (XEM), leads the paradigm shift in legacy approaches to managing complex security and technology environments. Only Tanium protects every team, endpoint, and workflow from cyber threats.
#J-18808-Ljbffr