Listing Description

Workrise is hiring a Staff Advisor, Security Privacy, Trust, and GRC that will be responsible for leading and driving the development and management of the data privacy, customer trust, and security governance, risk, and compliance functions. This role will need to build functions from scratch with limited oversight or direction to meet the objectives of the Security Organization. Our ideal candidate for this role will be someone who has multiple years of experience in the privacy, trust, or GRC space and wants to use that experience to build these functions for a promising and exciting startup. Additionally, this leader needs to be analytical, data driven, and forward thinking to ensure the privacy, trust, or GRC functions are built to scale the business.  

• Bachelor’s degree in Computer Science, Information Systems Management, Cybersecurity, Information Assurance or related field or equivalent experience.


• 5 - 10 years of technical professional experience in IT audit, IT risk management, or security governance.


• Extensive experience in assessing the effectiveness of information security controls (test of design, test of effectiveness, etc.). 


• Strong understanding experience with cyber risk management and mitigation.


• Experience across all control domains (i.e., access management, change management, security operations, etc.).


• Strong knowledge of multiple industry accepted information security frameworks (SOX ITGCs, AICPA TSC [SOC 2], ISO 27001, GDPR, CCPA, NIST CSF, etc.). 


• Experience with public cloud solution providers (AWS, Azure, and/or Google).


• Experience building out GRC functions within third-party tooling platforms (Archer, Metricstream, ServiceNow, etc.)


• Extensive experience performing walkthroughs of business processes to identify critical controls to include the evidence needed to satisfy control validation requirements.


• Good communication skills, strong work ethic, critical thinking, attention to detail, and excited to collaborate with team members. 


• Manage initiatives while also bringing personal skills and experience to assignments and deliverables.


• Strong working knowledge of Microsoft Office and Google Docs, Sheets, Slides, etc.


• Enthusiastic about learning everything there is to know in the Privacy, Customer Trust, and GRC space!


• Multiple industry-accepted information security certification (CISA, CISSP, CRISC, CCSK, CIPP etc.). 


• Experience leading and mentoring junior team members. 


• Exposure to working with third parties on contract/engagement work (writing RFPs, getting quotes, writing business cases, reviewing SOWs, working with internal procurement teams, etc.).