GRC Specialist

The Governance, Risk Management and Compliance (GRC) team at SevenRooms is responsible for building a leading technology risk management practice and managing our IT compliance posture and information security capabilities. We are looking for an experienced GRC Specialist to implement and drive our IT compliance program by executing internal and external assessments, ensuring compliance with existing and emerging regulations and standards including PCI, SOC2, GDPR, CCPA/CPRA and overseeing other technology risk management activities.

You will work closely with stakeholders across the organization to understand existing IT policies, procedures, and processes, make recommendations related to applicable risk areas, mitigations, and process improvements, and implement meaningful solutions.  

• Execute our Technology GRC plan to ensure an effective internal control environment for PCI, SOC 2, ISO2700x and other regulatory requirements (e.g., GDPR, CCPA/CPRA) 
• Coordinate with third parties/auditors for all matters related to PCI audits, SOC 2 audits, Vendor Security Reviews
• Review, audit, monitor, and analyze security risks and vulnerabilities against policies, 
• Support the management in identifying key technology risks, forward thinking mitigation strategies and improvements to the business process
• Perform and manage security risk assessments on third party vendors
• Review, implement and maintain a GRC tool to drive a risk aware and compliant-centric organization
• Work together with the Sales team to provide responses for customer proposals and security addendums in contracts
• Educate the organization on governance, risk and controls, and compliance concepts
• Serve as a subject matter expert who will actively guide engineering, product and other teams on all security and compliance related risks and issues
• Communicate effectively with the business, and have the ability to break down technical aspects of compliance into basic concepts

• Relevant experience (ideally) with a Public Accounting firm (Big 4 preferred) or Software-as-a-Service (SaaS) company in one or more of the following areas: IT Compliance, IT Security, IT Audit/Assurance, IT Governance, Risk Management and/or Cyber Advisory role
• Experience designing, implementing and managing a compliance program based on common frameworks like PCI, SOC 2, GDPR, ISO27001, ISO27017 etc.
• Working knowledge of information security and computer networks, servers, database and SaaS technologies
• General knowledge of IT audit and risk management/assessment process
• Experience working implementing and monitoring data privacy controls across the organization based on leading regulations e.g., GDPR, CCPA/CPRA  
• Experience developing and maintaining information security policies and procedures
• Experience with cloud concepts, continuous integration/development methods
• Working knowledge of GRC/Vendor Management tools e.g., LogicGate, Onetrust
• Enthusiastic about navigating complex problems, proactively identifying recommendations and implementing solutions
• Effective communicator; able to communicate technical concepts to a variety of audiences and stakeholders
• Highly results-oriented, with the willingness to go above and beyond and have an impact
• Passionate about technology compliance and learning new things
• Bachelor’s degree in Information Security, Computer Science, Information Systems, or Accounting is preferred 
• CISA, CISSP, CISM, CRISC or equivalent Information Technology audit or security certifications are preferred

• A fresh start with a flexible and independent working schedule: SevenRooms provides all employees with their first two (2) weeks of employment as paid time off to relax and recharge before starting their journey with us. You'll also have access to unlimited paid time off, including tenure-based PTO minimums, paid parental leave, and the option to work anywhere at any time.
• Equitable compensation: Our compensation packages are based on external market data. At SevenRooms, you can expect to be paid well for your contributions towards transforming the hospitality industry. We also offer equity for all employees as part of our commitment to everyone being an owner and working together to build an outstanding company.
  • The salary range for this role is $100,000.00-$110,000.00. This is the range SevenRooms in good faith believes is the range of possible compensation for this role at the time of the posting. This range is only applicable for jobs to be performed remotely in any US state. Base pay offered may vary depending on, but not limited to education, experience, skills, geographic location, travel requirements, sales or revenue-based metrics, and business needs. This range may be modified in the future. This job is also bonus eligible. No amount is considered to be wages or compensation until such amount is earned, vested, and determinable.
• Comprehensive benefits package: We offer a full slate of benefits for our employees and their families: comprehensive medical, dental, and vision benefits, commuter benefits, gym reimbursement, 401K plan, life insurance, and unique wellness offerings including One Medical, Spring Health, Carrot, and Headspace.
• Employee programs and recognition: Through our Roomie's Choice program, all employees at SevenRooms receive a monthly stipend to spend however they see fit. You'll receive an additional quarterly dining credit to use towards SevenRooms clients and a unique milestone reward for every year you're a part of our team.
• Opportunities for training and professional development: Your manager will partner with you on establishing quarterly goals that not only benefit our organization but aid in your overall career development and advancement. SevenRooms also provides financial support for continuing education, certifications, or participation in external training programs.