Governance, Compliance, and Risk Manager

The GRC Manager will manage the security governance, risk, and compliance program, inclusive of Privacy, for the organization. Emphasis will be on managing and coordinating an internal governance program, recommending programmatic and technical directions for GRC functional areas, developing and executing compliance strategy for completing and maintaining industry standard security certifications, identifying areas of improvement and managing technical remediation campaigns, and reporting on program performance and metrics. The individual will work with various functions throughout the enterprise to implement and monitor the internal control environment and help maintain the best-in-class security posture of the company.

This position is global, and a high-level understanding of various global security, privacy, and compliance requirements is required.

The company is based in Austin, Texas, but the role is open to remote candidates as well.

What you’ll do:

• Identify technologies to support policy objectives and risk assessments (e.g. third-party risk, privacy, data protection)
• Recommend enhancements/ improvements to existing policies
• Research both regulatory filing information and drafting communication guidelines to ensure awareness across the enterprise of requirements
• Assist with risk assessments and audits with limited supervision from management
• Determine the internal and external resources required to ensure compliance program execution, and manage the cross functional resources to drive efficient and effective outcomes 
• Capture and analyze information to identify key risks and corresponding controls
• Systematically test and evaluate controls to verify efficiency and effectiveness of operation, reliability of information, and compliance with applicable laws and regulations
• Conduct internal reviews to measure compliance with GDPR, CCPA, ISO, HIPAA, NIST and other regulations and frameworks
• Support the Vendor Governance program relative to User Access Reviews, SOC reviews, Vendor assessments, etc
• Effectively communicate findings and recommendations to management in detailed and organized format/process via presentations to internal stakeholders and leadership
• Prioritize and implement corrective actions
• Conduct/draft training and awareness materials (Annual Training, New Hire Training, One-off training)
• Partner with the CFO, CTO, legal, departmental managers, and IT, to support annual external industry standard security and privacy audits
• Support the company’s internal audit program
• Consult on company projects to ensure that privacy and compliance risks are being addressed
• Manage customer contracts and security questionnaires to ensure timely review and response
• Own the content moderation program to ensure the platform is being used in compliance with the terms of service

Required qualifications

• 5+ years of experience in legal, compliance or information security in the software industry
• Experience with security & privacy standards and regulations such as SOC 1, SOC 2, ISO 27001, GDPR, CCPA, HIPAA, etc.
• Excellent written and verbal communication
• Strong social skills or very experienced with delivering in-person training

Zello is the leading instant voice push-to-talk service connecting frontline workers and communities around the world. More than 150 million users and thousands of organizations use Zello to get work done, connect in emergencies, and improve collaboration with live voice communication. Recognized as one of Austin’s Best Places to Work, Zello is profitable and growing. Current customers include Bechtel Construction, Honda, Restoration Hardware, Starwood/Marriott, and YRC Freight. To try Zello for free, visit zello.com/try.

Zello offers top benefits including 100% employer-paid employee health insurance, dental and vision, a 401(k) with company match and no vesting requirement, stock options, unlimited PTO and sabbatical leave, allowances for technology and personal development, and a bunch of other perks.

Zello is a small group of individuals whose mission is to bring people together using voice. We believe diverse skills, abilities, viewpoints, and backgrounds make for a better product, better problem-solving and a better work environment.