Staff Security Program Manager (GRC)

View full description

Requirements:

• Proven experience in information security and compliance, including project management.
• Strong understanding of cybersecurity principles, frameworks, and best practices.
• Experience working with external auditors and a strong understanding of audit methodology.
• Technical aptitude to navigate compliance controls and cloud security best practices.
• Strong experience with auditing security objectives of SOC2, PCI, HIPAA, FedRAMP (800-53), ISO 27001.
• Proven project management skills, with the ability to manage multiple projects simultaneously.
• Excellent organizational and time management skills, with the ability to prioritize and multitask.
• Excellent communication skills to keep internal and external stakeholders aligned.
• Drive, a proactive attitude, and thorough attention to detail.

Responsibilities:

• Lead the transformation of EDBs common controls framework and associated policies and procedures to support business growth and reduce information risks.
• Contribute to the annual planning process for Information Security initiatives, ensuring alignment with business objectives.
• Oversee and drive security and compliance initiatives, including maintaining industry-standard accreditations.
• Lead, coordinate, and manage audits, working with internal teams and third-party auditors.
• Educate and consult with control owners on effective control environments and audit evidence.
• Manage the Plan of Action and Milestones (POAM) related to security exceptions, ensuring timely completion.
• Forge essential working relationships with engineering leadership, product management, and executive management.
• Participate in customer security diligence efforts, managing questionnaires and requests while continuously improving the efficiency and effectiveness of the response process.
• Identify, develop, and implement metrics that effectively measure the performance and effectiveness of our information security initiatives.