Sr. Governance, Risk, and Compliance Specialist
Treasure Data
United Kingdom
Published 2 weeks ago
Compliance Management Systems / Technology
At Treasure Data, we're on a mission to radically simplify how companies use data to create connected customer experiences. Our sophisticated cloud-based customer data platform drives operational efficiency across the enterprise to deliver powerful business outcomes in a way that's safe, flexible, and secure.
We are thrilled that Gartner Magic Quadrant has recognized Treasure Data as a Leader in Customer Data Platforms for 2024! It's an honor to be acknowledged for our efforts in advancing the CDP industry with cutting-edge AI and real-time capabilities. View the report here.
Furthermore, Treasure Data employees are enthusiastic, data-driven, and customer-obsessed. We are a team of drivers-self-starters who take initiative, anticipate needs, and proactively jump in to solve problems. Our actions reflect our values of honesty, reliability, openness, and humility.
Your Role:
We're looking for an experienced Senior Governance, Risk, and Compliance (GRC) Specialist as part of our IT & Security (ITS) department who is excited to change how we practice and deliver a secure and compliant Customer Data Platform (CDP) hosted in Amazon Web Services (AWS).
This is a hands-on position within the Trust & Assurance (T&A) team that focuses on the following GRC domains:
Governance & Compliance Core Competency:
Working out of the Mountain View, California or New York, NY office according to our "Global Hybrid Working Policy."
Travel Requirements:
Annual team on-site in the US (total travel: <10%)
We are thrilled that Gartner Magic Quadrant has recognized Treasure Data as a Leader in Customer Data Platforms for 2024! It's an honor to be acknowledged for our efforts in advancing the CDP industry with cutting-edge AI and real-time capabilities. View the report here.
Furthermore, Treasure Data employees are enthusiastic, data-driven, and customer-obsessed. We are a team of drivers-self-starters who take initiative, anticipate needs, and proactively jump in to solve problems. Our actions reflect our values of honesty, reliability, openness, and humility.
Your Role:
We're looking for an experienced Senior Governance, Risk, and Compliance (GRC) Specialist as part of our IT & Security (ITS) department who is excited to change how we practice and deliver a secure and compliant Customer Data Platform (CDP) hosted in Amazon Web Services (AWS).
This is a hands-on position within the Trust & Assurance (T&A) team that focuses on the following GRC domains:
Governance & Compliance Core Competency:
- Audit & Compliance Management
- Customer Assurance (ie Sales Support)
- Controls Management
- Controls Monitoring
- Security Awareness & Training
- Policy Management
- Access Reviews
- Business Continuity (BC)
- Disaster Recovery (DR)
- Operational Risk Management
- Third-Party Risk Management (TPRM)
- 100% Cloud-native, primarily on Amazon Web Services (AWS).
- 99% of our servers are Linux.
- 99% of our workstations are MacOS.
- 99% of our back-office/corporate systems leverage SaaS (Software-as-a-Service) products. We have nearly no on-premise footprint.
- Collaborating with Engineering, Product, IT Ops, Legal, Privacy, Sales, and other partners to achieve shared objectives, provide strategic insight, and lead continuous improvement efforts.
- Operationalizing GRC tools, creating runbooks, and managing tool health. This includes identifying gaps in processes or GRC tools plus providing actionable improvements.
- Developing and implementing GRC policies and procedures: This involves defining standards and guidelines for managing security risks, complying with regulations, and ensuring the confidentiality, integrity, and availability (CIA triad) of Treasure Data's information and systems.
- Conducting operational risk assessments, such as a Business Impact Analysis (BIA): This involves identifying, evaluating, and prioritizing security risks related to the CIA triad, and recommending strategies for managing these risks effectively.
- Conducting risk assessments on third-parties: This involves identifying, evaluating, and prioritizing security risks related to prospective or existing third-parties, and recommending strategies for managing these risks effectively.
- Supporting internal and external audit engagements with limited impact on the business.
- Implementing and monitoring security controls: This involves regularly reviewing and assessing the effectiveness of security controls, and making recommendations for improvement as needed.
- Bachelor's degree in Computer/Management Information Systems or related field.
- 5+ years of relevant GRC experience.
- A self-described Subject Matter Expert (SME) in at least two (2) of the GRC domains listed above. Practical understanding of at least five (5) GRC domains listed above.
- Hands-on experience with GRC-related technologies (ie OneTrust, ZenGRC, etc.). Admin experience of the aforementioned tools is a plus.
- Hands-on experience with Project Management technologies (ie Jira, Confluence, etc.)
- Experience with cloud infrastructure, including common security controls and/ or solutions related to cloud infrastructure and services in AWS is required.
- Experience supporting internal and/or external security audits such as SOC 2, SOC 1, ISO27001, ISO27017, ISO27018, or SOx.
- Knowledge of risk management methodologies, such as FAIR (Factor Analysis of Information Risk).
Working out of the Mountain View, California or New York, NY office according to our "Global Hybrid Working Policy."
Travel Requirements:
Annual team on-site in the US (total travel: <10%)