Director - Global Governance Risk & Compliance

Global software vendor is searching for an experienced information security compliance leader to improve internal audit program maturity, meet obligations of ISO 27001/SOC 2 internal assessment, mature the risk management program, drive and monitor remediation efforts, improve oversight and vetting of vendors, and improve process around responding to post-sale customer audit requests (remote and on-site). This position will report to the Chief Information Security Officer (CISO). This position will be also responsible for day-to-day security oversight of the company's corporate systems and processes (Internal IT, HR, Finance, Corp Legal).

A successful individual will need to work closely with the CISO, Head of Hosting, Head of IT, CFO, General Counsel, Chief Privacy Officer, external vendors providing security services, and customer audit contacts. This position will have responsibilities over every global site and may have some limited need for travel, especially within the EMEA region.

This position will interact with product management for compliance related products to provide security guidance and eventually act as an SME for customers who may have questions around the security and compliance aspects of the company's software suite of products.

Primary Responsibilities:

• Work with auditors and technical subject matter experts to satisfy internal and external audit requirements, SOC 2, ISO 27001:2013 testing requirements
• Maintain internal & external audit calendar
• Keep management and stakeholders apprised of audit schedule and responsibilities
• Understand and maintain database of external customer audit responsibilities
• Maintain relationships with external auditing firms
• Update GRC tool with audit artefacts or references to audit artefacts
• Manage Risk Register (including tracking exception, acceptance, and renewal)
• Drive periodic risk review assessment activities
• Maintain risk management metrics
• Manage remediation efforts stemming from audits
• Manage customer external audits
• Create and maintain metrics around audit response
• Maintain oversight of vendor management security oversight process
• Coordinate with hosting team on projects and programs supporting security objectives
• Understand the company's product suite and provide security advice to same

Essential Education and Experience:

• Experience with various frameworks & standards (ISO 27x, PCI, NIST 800-53 etc)
• 6-8 years managing an IT regulatory compliance team or project or comparable information systems audit experience, with responsibility for interfacing with internal and external auditors
• CISA, CIA or equivalent certification
• Ability to work independently, mentoring and managing IT team
• Bachelor's Degree in Computer Science, Information Systems, or other related field or equivalent in information security related technical training and experience
• Demonstration of strong communication and interpersonal skills and ability to communicate to stakeholders with varying levels of technical capabilities
• Experience of working across global teams
• Team player; works well independently and as part of a team

Desired Experience

• Advanced degree in Business Administration, Information Management, Computer Science or equivalent
• Use of SalesForce and ticketing systems
• Experience with RSA, ZenGRC or similar tools
• Software development experience

Please send your CV to Michael Moretti for immediate consideration.