Job Title: Technical Manager GRC (Governance, Risk, & Compliance) Location: Denver, CO Onsite Primary responsibilities of the Manager, Governance, Risk and Compliance include the following:
Develop and manage Contentful's technology risk program in support of enterprise methodologies.
Proactively identify, report, and catalog risks in existing and new technology solutions.
Lead efforts triaging, analyzing, classifying, and developing treatment plans with stakeholders.
Track and report on organization-wide technology risk to ensure timely mitigation.
Improve and maintain a program to facilitate customer and prospect cybersecurity requests.
Define roadmaps in-line with customer expectations, legal requirements, and commensurate with the global cybersecurity threat landscape.
Implement and drive a cohesive cybersecurity controls program across multiple frameworks including
ISO 27001 (Information Security), NIST Cybersecurity Framework, and NIST 800-53 (Security and Privacy Controls.)
Maintain policies, procedures, and standards in line with current and emerging requirements.
Enhance and streamline third-party supplier assessments, ensuring cybersecurity involvement, cataloging and tracking of risks, and monitoring for changes.
Stay abreast with international laws and regulations to proactively identify gaps.
Provide compliance consultation for new and ongoing enterprise initiatives.
Consult on defining compliance policies and best practices.
Educate and build awareness of compliance requirements across the organization.
Improve compliance with security standards and policies across enterprise teams.
Lead compliance enhancement projects focused on new or changing technologies.
Publish executive-level reporting across compliance activities.
Skills:
Analytical aptitude with an emphasis on investigative, methodical critical questioning and logical thinking; a data-driven decision maker.
High-level interpersonal skills.
Education and Experience:
Bachelor's Degree (or equivalent experience) and at least 3-5 years of directly related experience. Must have a solid understanding of SOX, PCI, CPNI, CCPA, FACTA and similar IT Compliance and Privacy regulations.
Strong understanding of risk mitigation methodologies and regulatory requirements pertaining to information security, privacy, and/or data security.
Experience with compliance audits such as PCI and/or CPNI. Former QSA preferred.
Other Qualifications:
Professional certification (CISA, CRISC, CSIM, CIA or similar) is highly desired. Candidates who apply will be tested in several areas, including verbal/spelling, math/logic and business problem-solving, and must meet minimum standards to be considered for this position.
