ICA Compliance Jobs
Search

Sr. Governance, Risk, and Compliance Specialist

companyTreasure Data
locationUnited Kingdom
PublishedPublished: Published 1 month ago
Compliance Management Systems / Technology
At Treasure Data, we're on a mission to radically simplify how companies use data to create connected customer experiences. Our sophisticated cloud-based customer data platform drives operational efficiency across the enterprise to deliver powerful business outcomes in a way that's safe, flexible, and secure.

We are thrilled that Gartner Magic Quadrant has recognized Treasure Data as a Leader in Customer Data Platforms for 2024! It's an honor to be acknowledged for our efforts in advancing the CDP industry with cutting-edge AI and real-time capabilities. View the report here.

Furthermore, Treasure Data employees are enthusiastic, data-driven, and customer-obsessed. We are a team of drivers-self-starters who take initiative, anticipate needs, and proactively jump in to solve problems. Our actions reflect our values of honesty, reliability, openness, and humility.

Your Role:

We're looking for an experienced Senior Governance, Risk, and Compliance (GRC) Specialist as part of our IT & Security (ITS) department who is excited to change how we practice and deliver a secure and compliant Customer Data Platform (CDP) hosted in Amazon Web Services (AWS).

This is a hands-on position within the Trust & Assurance (T&A) team that focuses on the following GRC domains:

Governance & Compliance Core Competency:
  • Audit & Compliance Management
  • Customer Assurance (ie Sales Support)
  • Controls Management
  • Controls Monitoring
  • Security Awareness & Training
  • Policy Management
Risk Core Competency
  • Access Reviews
  • Business Continuity (BC)
  • Disaster Recovery (DR)
  • Operational Risk Management
  • Third-Party Risk Management (TPRM)
Details on Our Environment
  • 100% Cloud-native, primarily on Amazon Web Services (AWS).
  • 99% of our servers are Linux.
  • 99% of our workstations are MacOS.
  • 99% of our back-office/corporate systems leverage SaaS (Software-as-a-Service) products. We have nearly no on-premise footprint.
Responsibilities & Duties:
  • Collaborating with Engineering, Product, IT Ops, Legal, Privacy, Sales, and other partners to achieve shared objectives, provide strategic insight, and lead continuous improvement efforts.
  • Operationalizing GRC tools, creating runbooks, and managing tool health. This includes identifying gaps in processes or GRC tools plus providing actionable improvements.
  • Developing and implementing GRC policies and procedures: This involves defining standards and guidelines for managing security risks, complying with regulations, and ensuring the confidentiality, integrity, and availability (CIA triad) of Treasure Data's information and systems.
  • Conducting operational risk assessments, such as a Business Impact Analysis (BIA): This involves identifying, evaluating, and prioritizing security risks related to the CIA triad, and recommending strategies for managing these risks effectively.
  • Conducting risk assessments on third-parties: This involves identifying, evaluating, and prioritizing security risks related to prospective or existing third-parties, and recommending strategies for managing these risks effectively.
  • Supporting internal and external audit engagements with limited impact on the business.
  • Implementing and monitoring security controls: This involves regularly reviewing and assessing the effectiveness of security controls, and making recommendations for improvement as needed.
Required Qualifications:
  • Bachelor's degree in Computer/Management Information Systems or related field.
  • 5+ years of relevant GRC experience.
  • A self-described Subject Matter Expert (SME) in at least two (2) of the GRC domains listed above. Practical understanding of at least five (5) GRC domains listed above.
  • Hands-on experience with GRC-related technologies (ie OneTrust, ZenGRC, etc.). Admin experience of the aforementioned tools is a plus.
  • Hands-on experience with Project Management technologies (ie Jira, Confluence, etc.)
  • Experience with cloud infrastructure, including common security controls and/ or solutions related to cloud infrastructure and services in AWS is required.
  • Experience supporting internal and/or external security audits such as SOC 2, SOC 1, ISO27001, ISO27017, ISO27018, or SOx.
  • Knowledge of risk management methodologies, such as FAIR (Factor Analysis of Information Risk).
Physical Requirements:

Working out of the Mountain View, California or New York, NY office according to our "Global Hybrid Working Policy."

Travel Requirements:

Annual team on-site in the US (total travel: <10%)