Governance, Risk, and Compliance Architect

Why this role

Evolve is the largest tech-enabled, asset-light provider of vacation rental management services in North America.  We’re looking for a GRC Architect to build scalable, sustainable and repeatable GRC capabilities to support our rapid growth.  Reporting to the Director of Information Security, this role will be responsible for implementing the technologies, policies and processes that define and monitor Evolve’s regulatory compliance and risk management strategies. 

What you’ll do

• Design and implement security controls and risk assessment frameworks that align to security best practices and regulatory requirements, ensuring documented and sustainable compliance to meet Evolve’s rapid growth business objectives. 
• Develop security policies, procedures, and controls to mitigate risks and meet compliance obligations.
• Implement technology to automate GRC processes and continuously report on security control compliance, exceptions and risk. 
• Define metrics that enable risk governance to ensure the security program is meeting performance and risk objectives.
• Coordinate compliance assessments and serve as the primary point of contact to provide compliance evidence artifacts.
• Document process control ownership and responsibilities.  Schedules testing of control effectiveness and efficiency.
• Facilitate employee security awareness and training campaigns.
• Build trusted working relationships with stakeholders to maintain and improve security posture.  This includes leadership, external security and compliance partners and other stakeholders across Evolve.
• Manage our third party risk management and contract review process.

What makes you a great fit 

• 5+ years of experience in an information security or GRC role with direct, hands on experience with GRC technology platforms and intimate knowledge of security and compliance frameworks (PCI, SOX, HIPPA, CCPA).. 
• Strong technical knowledge of security control design and a passion for automation of evidence collection and testing.
• Experience operating in a SaaS and cloud first environment is a plus.
• Deep understanding of Identity and Access Management (IAM) concepts, including least privilege and user access review processes.
• Experience developing key security program metrics to support Information Security program governance and risk management.
• Experience facilitating compliance assessments with internal and external audit teams.
• Excellent control owner and stakeholder collaboration and communications skills.
• Experience building and operating security awareness training programs.

Location

Evolve has a flexible working environment so teammates can work remotely anywhere in the state of Colorado, in our beautiful downtown Denver office, remotely or a hybrid of both! As we grow, we are working towards opening remote opportunities across the entire U.S. We currently are able to hire across the U.S except in the following locations: California, District of Columbia, Hawaii, New Jersey, New Mexico, and Pennsylvania.

Compensation

For this role our salary range is $136,000 to $156,000, depending on relevant experience. 

Additional comp details: 

Equity: 50% of salary equivalent RSUs
Variable comp: 10% of salary target