GRC Manager

Position Summary:

We seek an accomplished and results-driven GRC Manager to lead and manage critical functions within our organization, reporting directly to the Senior Director of Security and Compliance. 

As the GRC Manager, you will be pivotal in overseeing multiple key areas throughout Deepwatch. Your expertise in security, compliance, regulatory frameworks, platform management, vendor security reviews, customer interactions, cross-functional collaboration, and reporting will be instrumental in creating a strong synergy between our security and information security functions and providing valuable insights to leadership. You will be a critical people leader in advancing our security and compliance efforts and contributing to strategic decision-making and serve as a role model of Deepwatch’s Core Values. You should embody the Deepwatch Leadership Attributes of ownership, delivering results, hiring & developing the best talent in the industry, having backbone and ability to disagree and then commit, while earning trust.

In this role you’ll be responsible for:

• Compliance and Auditing:
• Lead and manage the organization’s compliance efforts for PCI, SOC 2, and other regulatory and security frameworks
• Collaborate closely with our third-party auditing firms, coordinating audit activities and providing the necessary evidence
• Conduct thorough assessments to ensure alignment with regulatory requirements and industry standards
• Drive the timely resolution of audit findings by working with relevant teams to implement effective controls and solutions.
• Maturity Assessments:
• Oversee the implementation of the Blue Lava and NIST security framework to assess and enhance the organization’s security maturity
• Lead the development and execution of security maturity assessments using Blue Lava, identifying gaps, vulnerabilities, and areas for improvement
• Translate assessment results into actionable recommendations and strategic plans to enhance security posture
• Continuous Compliance Management:
• Take ownership of the Drata continuous compliance monitoring platform
• Utilize Drata to monitor and maintain ongoing compliance with regulatory requirements and industry standards
• Leverage Drata insights to drive continuous improvement in our security controls and compliance practices
• Legal and Contract Collaboration:
• Work closely with the Legal and Contract team to ensure compliance with data protection regulations and contractual obligations
• Review, negotiate, and redline contracts, including Data Protection Agreements (DPAs), with third-party vendors, partners, and customers to ensure data privacy and protection
• Ensure that security and compliance considerations get integrated into contract negotiations and agreements
• Vendor Security Reviews:
• Lead vendor security reviews to assess the security posture of third-party vendors and partners
• Conduct thorough evaluations of vendor security controls, policies, and practices to ensure they align with our security standards
• Provide recommendations for risk mitigation and security improvements based on vendor security assessments
• Customer Requests:
• Handle customer questionnaires and requests related to our security attestations
• Provide accurate and timely responses to customer inquiries, ensuring that customer concerns regarding security get addressed effectively
• Liaise with cross-functional teams to gather necessary information and documentation for customer attestations
• Collaboration with Information Security Manager:
• Work hand in hand with our Information Security Manager to create synergy and alignment across security and compliance functions
• Collaborate closely to develop and implement security strategies, initiatives, and risk management plans
• Ensure consistent communication, knowledge sharing, and coordination between security and compliance efforts
• Reporting and Communication:
• Provide regular updates and reports to the Senior Director of Security and Compliance on the status of cybersecurity, compliance, and risk management initiatives
• Collaborate on strategic planning, goal setting, and decision-making to advance the organization’s security and compliance objectives
• Team Development and Performance:
• Identify team members’ strengths, areas for growth, and professional development opportunities
• Foster a culture of accountability and excellence, promoting collaboration, knowledge sharing, and continuous learning within the team

To be successful in this role, you’ll need to:

• Have clearly defined management experience focusing on security, compliance, team leadership, hiring, and coaching
• Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified Information Systems Auditor (CISA) are highly desirable.
• Demonstrate experience in audit coordination, maturity assessment, vendor security reviews, customer communication, or similar roles within a complex organizational environment
• Exhibit extensive knowledge of security frameworks, regulations, and standards (e.g., PCI, SOC 2, GDPR, NIST, ISO 27001), alongside practical experience in implementing and managing compliance initiatives
• Be proficient with continuous compliance monitoring platforms, including managing and maximizing the utilization of the platform
• Concurrently lead and coordinate multiple initiatives while demonstrating strong project management skills
• Enable effective collaboration with technical and non-technical stakeholders
• Showcase leadership skills with the ability to drive change, influence, and guide cross-functional teams
• Collaborate with the internal legal and contract team to ensure compliance with data protection and contractual requirements

Statutory Pay Disclosure:

For applicants in NYC, CO, CA, RI, and WA, the salary range for this role is $140,000 to $210,000 + stock options + benefits. Actual compensation may vary from posted hiring range based upon geographic location, work experience, education, and/or skill level.

#LI-KH1