As the leading workforce management solution for the skilled trades, Workrise makes it easier for skilled laborers to find work, and for companies to find in-demand workers. Workrise currently operates in wind, solar, construction, oil and gas, and defense industries. We’re growing, and we’d love to learn what you can add to our team!
Workrise is hiring a Staff Advisor, Security Privacy, Trust, and GRC that will be responsible for leading and driving the development and management of the data privacy, customer trust, and security governance, risk, and compliance functions. This role will need to build functions from scratch with limited oversight or direction to meet the objectives of the Security Organization. Our ideal candidate for this role will be someone who has multiple years of experience in the privacy, trust, or GRC space and wants to use that experience to build these functions for a promising and exciting startup. Additionally, this leader needs to be analytical, data driven, and forward thinking to ensure the privacy, trust, or GRC functions are built to scale the business.
Why join us? Our Security Privacy, Trust, and GRC team at Workrise is helping to build a modern and scalable platform for the future of the skilled labor workforce. You will be building and then owning security functions within the security organization. You will have the opportunity to engage with stakeholders and control owners across the organization as you work to build out all of the necessary pieces of privacy, trust, and GRC. You will provide real impact in moving the ball forward for privacy, trust, and GRC to allow Workrise to scale, grow, and win new business.
What you’ll be doing:
- Manage the development, annual review, and off-cycle requests for security policy and standards.
- Manage the development and operation of cyber risk management programs, driving the documentation and management of risk treatment.
- Manage the execution of cyber risk assessments for business processes, technology, and products
- Provide guidance for the risk treatment/management process
- Build functions for the engagement of privacy, trust and GRC programs with customers, employees, and stakeholders to enable “Security-as-a-service” principles and goals
- Manage the GRC tooling and associated data
- Manage external audits by customers and certification bodies through the audit lifecycle
- Direct security IT audits to include evidence of lifecycle management, control walkthrough scheduling and execution, documentation of control CAPs, and management of corrective action plans
- Own and manage the development of security compliance programs for industry security frameworks (SOX ITGCs, AICPA TSC [SOC 2], ISO 27001, GDPR, CCPA, NIST CSF, etc)
- Make recommendations to management regarding programs, processes, etc.
- Provide support and mentors others on the team, sharing insights, knowledge, and experience
- Complete peer review for the team to ensure others understand data sources, improve
What you must have:
- Bachelor’s degree in computer science, Information Systems Management, Cybersecurity, Information Assurance or related field or equivalent relevant experience
- 8+ years of technical professional experience in IT audit, IT risk management, or security governance
- Extensive experience in assessing the effectiveness of information security controls (test of design, test of effectiveness, etc)
- Strong understanding experience with cyber risk management and mitigation
- Experience in access management, change management, security operations, etc
- Strong knowledge of multiple industry accepted information security frameworks (e.g. SOX ITGCs, AICPA TSC [SOC 2], ISO 27001, GDPR, CCPA, INST CSF, etc)
- Experience with public cloud solutions providers (AWS, Azure, and/or GCP)
- Experience bringing out GRC functions within third-party tooling platforms (Archer, Metricstream, ServiceNow, etc.)
- Strong working knowledge of Microsoft Office and Google Workspace.
- Exposure to working with 3rd parties on contract/engagement work (e.g. writing RFPs, getting quotes, writing business cases, reviewing SOWs, working with internal procurement teams, etc)
- Possess one or more industry accepted information security certification (CISA, CISSP, CRISC, CCSK, CIPPP, etc)
- Experience providing training and guidance to junior team members
- Strong communication and critical thinking skills, attention to detail, and experience collaborating cross-functionally with stakeholders.
Nice to have:
- Experience in a startup environment
- Citizenship: Not Provided
- Incentives: Not Provided
- Education: Not Provided
- Travel: Not Provided
- Telework: Not Provided