Security Governance, Risk and Compliance Manager - Shippo San Francisco, Austin, Remote US, or Dublin, Ireland Bookmark Share Print 192 0 0

Listing Description

Before you read on, take a look around you. Chances are, pretty much everything you see has been shipped, often multiple times, in order to get there. E-commerce and parcel shipping volumes are exploding but so are customer expectations about shipping speed and cost. Managing shipping and logistics operations to meet increasingly exacting demands is an extremely hard endeavor, especially for SMBs who can be left in the dust by larger and far more sophisticated competitors. But this does not have to be so.

At Shippo, our goal is to level the playing field by providing businesses with access to shipping tools and terms that would not be available to them otherwise. We lower the barriers to shipping for businesses around the world, and move shipping from a pain point to a competitive advantage.

Through Shippo, e-commerce businesses, from fast-growing brands to mom-and-pop shops are able to connect to multiple shipping carriers around the world from one API and dashboard, and seamlessly run every aspect of their shipping operations, from checkout shipping options to returns.

Join us to build the foundations of something hard yet meaningful, roll up your sleeves, and get important work done everyday. Founded in 2013, and funded by top-tier investors like D1 Capital Partners, Bessemer Venture Partners, Union Square Ventures, Uncork Capital, VersionOne Ventures, FundersClub, we are a fast-growing and proudly distributed Unicorn with hubs in San Francisco and Austin. We are also featured in Wealthfront’s Career Launching List  and Forbes’ Cloud 100 list of fast growing startups.

About the Role 

As a Security GRC Manager at Shippo, you will help secure our company by leading security audit, cyber risk management, and compliance, and creating industry leading trust and assurance programs.

Responsibilities
  • Establish and maintain a roadmap for security audit programs
  • Maintain cybersecurity program policies, standards, procedures, and best practices
  • Scope and manage security and privacy audits for multiple frameworks (SOC2, ISO, HIPAA, etc); Additionally, serve in a project management capacity to ensure that appropriate teams are involved in audit and control testing activities
  • Scope and manage security risk assessments. Oversee risk register and ongoing risk treatment lifecycle, including exception
  • Select, implement and maintain GRC tools, infrastructure, and compliance automation platforms
  • Respond to third party security audit and customer security due diligence requests
  • Conduct regular vendor assessments and build a scalable vendor risk management program
  • Establish and maintain unified compliance framework
  • Review and revise security and privacy terms in contracts. Create re-usable contract attachments for use in customer, partner and vendor agreements
  • Advise teams on developing pragmatic solutions that achieve business requirements and also maintain acceptable levels of risk
  • Lead organizational security awareness efforts, and implement a measured and managed awareness program
  • Develop external-facing security content to be shared with customers and partners, presented in meetings, and placed on company website
  • Evangelize security best practices across the organization
  • Measure security program maturity and build plans for increasing maturity through projects, capabilities, and controls
  • Develop reports to help senior organizational leaders understand cyber security risk and compliance related concerns
  • Create and maintain a data stewardship program to ensure ongoing compliance with Shippo’s data governance controls

  • Requirements
  • Minimum 5 years of experience in a combination of risk management, information security and technical audit roles
  • BS or MS degree in Computer Science or equivalent experience
  • Experience building security programs and developing policies, standards and procedures
  • A deep understanding of security, regulatory and audit frameworks such as ISO 27001, 27017, 27018, GDPR, CCPA, SOC2 and related Trust Services Principles, etc. is necessary
  • Experience leading multiple audit efforts to successful outcomes, and maintaining successful outcomes in subsequent year audits
  • Experience leading security risk assessments, maintaining risk registers, with a successful track record of company-wide collaboration/influencing to prioritize and remediate risks
  • Experience building scaled processes for timely and effective response to security due diligence inquiries from partners, customers, and insurers
  • Experience performing third party risk assessments
  • Experience negotiating security terms in customer/partner/vendor contracts
  • Certification in one or more technical information security disciplines (e.g. CISSP, SSCP, CCSP, GIAC) is highly desired
  • Experience with data privacy is preferred
  • Deep understanding of customer needs and passion for customer success
  • Exceptional verbal, written, and interpersonal communication skills
  • US Benefits and Perks

    Medical, dental, and vision healthcare coverage for you and your dependents. Pets coverage is also available!
    Flexible policy for PTO and work arrangement
    Two 1-week company shutdowns to rest and recharge (summer and winter)
    3 VTO days for ShippoCares volunteering events
    $2,500 annual learning stipend for your personal and professional growth
    Charity donation match up to $100
    Fun team events outside of work hours - happy hours, “escape room” adventures, hikes, and more!

    Ireland Benefits and Perks

    Employer pension match plans
    100% Medical, dental, and vision healthcare coverage for you and your dependents. 
    Hybrid work from home/office. 
    27 holidays including two 1-week company shutdowns to rest and recharge (summer and winter)
    Flexible policy for Annual leave and work arrangement
    3 VTO days for ShippoCares volunteering events
    €2,000 annual learning stipend for your personal and professional growth
    Commuter and bike to work benefits
    Fun team events outside of work hours - happy hours, “escape room” adventures, hikes, and more!


    Listing Details

    • Citizenship: Not Provided
    • Incentives: Not Provided

     

    • Education: Not Provided
    • Travel: Not Provided
    • Telework: Not Provided



    About Us

    NinjaJobs is a community-run job platform developed by information security professionals. Our unique approach of focusing strictly on cybersecurity positions allows us to personalize the user experience.

    Our Contacts

    1765 Greensboro Station Pl.
    Suite 900
    Tysons Corner Va 22102

    (703) 594-7765