Risk Specialist, GRCP

General understanding of security, compliance, and privacy frameworks such as SOC2, ISO27001, ISO27701, GDPR, CCPA Experienced with SaaS/Cloud suppliers Familiarity with cloud data compliance and working with public cloud solutions (AWS) Knowledge of and interest in third party information security challenges and trends, including emerging threats Independent self-starter, ability to manage multiple projects simultaneously Detail-oriented and organized Ability to take action quickly and drive to improve processes for efficiency Flexible and able to change gears and focus depending on team and company priorities Certifications such as CISA or CISSP is a plus

Conduct third party security and privacy reviews on softwares, contractors, and other services to Airtable to reduce third party risks Identify third party business risks and recommend risk treatment options to internal business stakeholders Determine security contract requirements and communicate those to the Procurement & Legal team Communicate with vendors and internal stakeholders to gather information needed for initial and periodic security and compliance reviews, validations, and audits, and to understand business objectives Perform annual reviews on critical vendors to meet compliance and customer requirements Collaborate with Procurement, IT, Legal, Finance to improve third party due diligence process Provide general support to the GRCP team as needed