Director of Enterprise Security Trust – Certifications & Audit
Snowflake
AWSAzureCloudGoogle Cloud Platform
Job Level
Senior
Tech Stack
Cloud
About the role
- Report to the Senior Director of GRC and collaborate cross-functionally to support the global GRC program
- Execute walkthroughs and tests of operating effectiveness over controls in Demandbase, IT applications, and infrastructure in support of internal and external security audits
- Review and help mitigate internal and external risk
- Assist in IT audits and report on findings, track status, and ensure corrective actions are complete, sustainable and documented
- Improve security and privacy culture through promoting education and awareness across the organization
- Review and improve the data life cycle (data inventory, governance, retention)
- Review and edit customer- and public-facing communications about privacy and security programs
- Assist in operationalizing Business Continuity, Disaster Recovery, and Incident Response exercises
- Assist in AI Governance, Third Party Risk, and Security Reviews
Requirements
- Demonstrated ability of 5+ years in Information Security, GRC, ERM, compliance, audit, internal controls, AI governance, or other security related areas (Experience in cloud-based tech company is preferred)
- Understanding of general IT and cloud security controls, such as Information Security, Business Continuity, Disaster Recovery, Third Party Risk /Vendor Management, Software Development, Hardware and Software
- Familiarity with global industry frameworks like ISO 27001, ISO 27701, SOC 2, ISO 42001, NIST CSF, NIST 800-53, and RMF
- Detail oriented with excellent verbal and written communication skills
- Ability to work with both business and technical areas and translate requirements between the two areas to address control deficiencies
- Excellent interpersonal and organizational skills with an ability to coordinate with internal stakeholders and external auditors
- Familiarity with managing GRC tools (e.g. Metricstream, Hyperproof, Vanta) and dashboards to monitor compliance posture
- Ability to adapt in a dynamic environment and manage multiple priorities effectively; Flexibility is essential and startup experience is a plus
- Experience in project management including managing complex projects at an enterprise level
- Self-motivated and responsible individual who will represent the company with the highest level of integrity and professionalism
- BS or MS in Computer Science, Information Systems, Engineering, or Similar
- Bonus: Certifications such as CISSP, CRISC, CISA, CIPP are highly desirable, but not required
