Listing Description

Who We Are:

At Bandwidth, your music matters when you are part of the BAND.  We celebrate differences and encourage BANDmates to be their authentic selves.  #jointheband

What We Are Looking For:

The Information Security GRC Engineering Manager core function serves in a primary role as Manager and Technical Lead for the design,engineering, configuration and implementation of the Information Security ISMS/PIMS, the GRC supporting systems, tools, integrations, and all related applications. Secondary focus includes the administration, maintenance, and ongoing support of the ISMS/PIMS, and all related GRC tools for completeness, accuracy, effectiveness, and functionality. This role also assists with risk management, security and privacy controls, ISMS/PIMS requirements, policies, standards, baselines, guidelines, and procedures as well as assisting security leadership with formal risk/gap assessments including customer and prospect security reviews. The GRC Engineering Manager is expected to have formal compliance audit knowledge and experience, auditing experience of common security controls for compliance needs, and to act in a supporting role for security audits, leveraging the GRC systems and tools as needed. Audit support also includes internal compliance audits, reviews of users, access, roles, privileges, and permissions across complex IT environments. In the GRC Engineering Manager role you are expected to be aware of the enterprise’s security and privacy goals as established by the stated objectives, mission, policies, procedures, and guidelines. You will actively work towards achieving and upholding those goals for Bandwidth Inc. This role will liaison with peers in security and IT as well as across all technology departments.

What You'll Do:

• Plan, design, build, implement, and maintain the Security ISMS/PIMS system(s). 


• Plan, design, build, implement, and maintain the GRC systems, tools, and apps that support the ISMS/PIMS.


• Serve as the Engineer/Technical Lead for the Security ISMS/PIMS and GRC systems, tools, and apps.


• Manage the risk assessment process of third-party vendors (VRM Process).


• Help facilitate internal and external audits to support the Security program and overall compliance needs.


• Participate on the Security IRT as needed for Incident Management processing and support.


• Work across multiple teams to help drive reduction in risks, gaps, and non-compliances.


• Mentor junior GRC and other Information Security roles/staff as needed.


• Conduct internal audits to validate completeness and accuracy of the ISMS/PIMS, and security program.


• Support internal audits of Contractual and Policy controls to validate ISMS/PIMS effectiveness and compliance.


• Perform user access reviews (UARs) as needed for audits and reporting on a recurring basis.


• Develop remediation/corrective actions driven by audit results for compliance within the organization.


• Assist with information security and privacy awareness training, educational material, campaigns, and Manage the related records, KPI’s and metrics.

What You Need:

• Degree in IT or Information Security discipline or other equivalent combination of education and/or sufficient work experience that is focused on IT Security, Risk Management, Data Protection or Compliance. Certifications are preferred and welcomed, but not required for the role.


• Minimum 7 years in IT/Tech related roles, and 3+ years of Information Security and audit experience.


• Proficient understanding and working knowledge of common security standards and frameworks and the supporting systems and tools that are required for achieving and maintaining effective compliance.


• Experienced with operating industry standard Infosec GRC tools and supporting systems.


• Knowledge of common cyber-security tools; GRC, SIEMs, vulnerability scanners secops and appsec.


• Knowledge of common AWS cloud security standards including tools and supporting systems.


• Experience using Jira, Confluence, and ServiceNow.


• Understanding of IT systems, architecture, design, towards common industry best practices.


• Strong analytical skills (logical/critical thinking) reviewing reports, spotting trends, areas of concern, etc.


• Agile flexibility to move between work streams to help accommodate changes and priorities.


• Critical thinking and a problem solving mindset, propensities toward designing effective remediations.


• Familiarity of Windows, Linux, and Mac operating systems.

Bonus Points:

• Formal security related certifications, degree, and/or additional years of related work experience.


• IT Security compliance related auditing.


• ISMS/PIMS familiarity and use.


• Enterprise IT Security programs, systems, tools, and applications.


• Designing and delivering employee security awareness training.


• Business Continuity Plans and Disaster Recovery Plans


• Cloud security and architecture and common cloud security controls, especially AWS.


• General Security, IT, and Compliance Audits. Cloud Security and Compliance, prefer AWS. Security and Privacy standards and best practices. International security and privacy standards and regulations.

The Whole Person Promise: