Director, GRC

At Olo we operate a digital food ordering platform used by many of the country’s largest restaurant chains reaching millions of consumers and we take great pride in the reliability security and performance of our systems and services. We are looking for a talented governance risk and compliance leader to lead and evolve our technology related internal controls and related practices in a second line function. The Director GRC will oversee compliance with technology-related internal controls industry leading practices regulatory requirements (including PCI-DSS) and play a crucial role in interacting with other internal teams and external partners auditors and customers.

You will report to the CISO and can work remotely from anywhere in the U.S. or at Olo’s headquarters in NYC.

What You'll Do

• Monitor and mature GRC practices including developing metrics and KPIs to identify areas for improvement and optimization

• Report regularly to the CISO GRC Committee and other senior management on the effectiveness of GRC including key risks and compliance with policy and controls and escalating issues as appropriate

• Oversee a unified control framework including monitoring of controls to ensure alignment with various leading practice control frameworks such as PCI-DSS NIST CSF CIS COSO and ISO.

• Educate and coach internal stakeholders on policies controls related practices and general security awareness

• Serve as a key stakeholder to Product & Engineering and other teams to ensure processes and controls are designed and implemented appropriately

• Facilitate and coordinate internal and external audits and control reviews including PCI-DSS audits and SOC control assessments

• Use experience and data gained during audits control reviews and incident investigations to improve technology related controls and practices

• Consult with Legal on privacy-related initiatives

• Oversee third party and vendor technology risk management practices including Vendor Assessments in collaboration with other teams

• Participate in other technology related risk management practices including Risk Assessments and Business Continuity Planning as needed

• Develop and oversee a customer trust program establishing a feedback loop in collaboration with other teams

• Deeply collaborate across Olo with Product & Engineering Legal People & Culture Finance and GTM teams as well as external partners auditors and customers

What We'll Expect From You

• 7+ years of Information Technology experience with a focus on Security Privacy Risk and Compliance

• CISSP CIPP CIPM or similar certification preferred

• Deep understanding of security privacy control cybersecurity incident response disaster recovery and business continuity concepts and related standards

• Familiarity with DevSecOps Secure Development and Cloud best practices

• Proven experience delivering PCI-DSS SOC 2 Type 1 and Type 2 ISO 27001 NIST 800-53 and SOX 404 gap assessments and audits and compliance with privacy regulations like CCPA and GDPR

• Proven experience creating and/or supporting:

Policy Management

Privacy such as Privacy by Design and Data Subject Access Requests

Disaster Recovery and Business Continuity Planning

Risk Management including Risk Assessments

Vendor Management including Vendor Assessments

Partner Management including Partner Assessments

Customer Trust including Questionnaire Response

GRC metrics

• Adept at working with internal Product & Engineering Legal People & Culture Finance and GTM teams and external partners auditors and customers

• Ability to work during critical incidents or to support coverage requirements

• Legally able to work in the U.S.

About Olo

Olo is the engine of hospitality powering the restaurant industry's digital transformation. As a leading open SaaS platform we enable over 600 restaurant brands to jointly reach 85 million connected guests across approximately 78000 locations. More than two million orders per day run on Olo's platform allowing brands to maximize the convergence of digital and brick-and-mortar operations while raising the bar on hospitality. The result: brands do more with less and make every guest feel like a regular. With integrations to over 300 technology partners our customers can build digital experiences with the largest and most flexible restaurant commerce ecosystem on the market. You have likely used Olo and not even known it! Learn more at olo.com .

We’re remote-friendly. Since 2015 we have been evolving our culture to continue to support a more distributed workforce and now over 75% of our team works remotely across the U.S. If you're in the New York City area you can choose to work remotely or from Olo's headquarters located in Tribeca.

We offer great benefits such as 20 days of paid time off 10 separate sick days 11 holidays plus year-end closure health dental and vision coverage for yourself and your family a 401k match remote-office stipend company equity a generous parental leave plan volunteer time off gift matching policy and more!

Our best estimate of the compensation range for this opportunity is $176827-$253516 annually depending on the experience you bring and your location. We look forward to discussing your salary expectations and our full total rewards offerings throughout the interview process.

We encourage you to apply!

We value diversity. At Olo we know a diverse and inclusive team makes our workplace better. Don't meet every single qualification in the job description? Market data shows that women and people of color are less likely to apply to jobs unless they meet every single qualification. We are dedicated to building a diverse inclusive and authentic workplace that is free from discrimination and harassment; this allows us to make better decisions and better serve the communities we’re a part of. So if you're excited about this role but your previous experience doesn't align perfectly with every qualification in the job description we encourage you to apply anyway. You may be just the right candidate for this or other roles.

All applicants receive consideration for employment. We do not discriminate on the basis of race religion color national origin gender identity sexual orientation pregnancy age marital status veteran status or disability status.

California Residents: CCPA notice