Senior GRC

Senior GRC Information Technology United States Apply Description Exabeam is a global cybersecurity leader that delivers AI-driven security operations. High-integrity data ingestion, powerful analytics, and workflow automation power the industry’s most advanced self-managed and cloud-native security operations platform for threat detection, investigation, and response (TDIR). With a history of leadership in SIEM and UEBA, and a legacy rooted in AI, Exabeam empowers global security teams to combat cyberthreats, mitigate risk, and streamline security operations. Learn more at www.exabeam.com . The Senior Governance, Risk and Compliance (GRC) will have overall responsibility for Exabeam’s GRC and security awareness programs. You will be responsible for ensuring compliance with regulations and certifications such as the Global Data Protection Regulation (GDPR), TRUSTe, Privacy Shield, SOC2, ISO27001, HIPAA, PCI, CCPA, and FedRamp. You will develop, maintain, and ensure compliance with corporate policies, standards, and procedures in alignment with ISO27001 and NIST security frameworks. You will be responsible for reviewing contracts and agreements in a security context to ensure we can meet the security needs of our customers. You will manage the risk inventory. You will work closely with other security team members in completing cross functional projects. This is an opportunity to own and lead the governance, risk, compliance, and security awareness programs for a fast-paced, innovative, security product companyResponsibilities Establish and maintain Exabeam’s governance, risk, compliance, and security awareness programsWork with key stakeholders to ensure compliance with various regulations, such as the Global Data Protection Regulation (GDPR)Maintain or develop Exabeam’s various compliance certifications, such as TRUSTe, Privacy Shield, SOC2, ISO27001, FedRamp, HIPAA, PCI, and CCPADevelop and maintain corporate policies, standards, and procedures in alignment with ISO27001, NIST, and SOC2 frameworks and controlsEnsure business units are in compliance with all policies, standards, and proceduresPrioritize and drive remediation of security gaps; across all departmentsMonitor and report on the compliance and risk landscape of the companyLiaison for completion of third-party risk questionnaires, contracts, and management of our response databaseWork closely with other team members in completing cross functional projects and ensuring that other teams are accountable to governance, risk, and compliance regulationsDefine security strategies, metrics, reporting mechanisms and program services; and create maturity models and a roadmap for continual program improvementsCreate and manage the education and awareness programs; content, delivery, compliance, phishing and other testing, etc.Provide leadership, direction and guidance in assessing and evaluating information security risks and monitor compliance with security standards and appropriate policiesParticipate in risk remediation efforts across business unitsManage vendors and third party riskEstablish processes to review implementation of new technologies to ensure security compliance Requirements: 5+ years of experience in governance, risk management, and compliance roles in SaaS environment using Cloud Technologies Must have successful completion of a SOC2 Type 2 audit for a company providing SaaS on AWS, GCP, Mobile &/or IoT solutions Must have strong knowledge of regulatory requirements and industry standards (e.g., SOC2, ISO 27001, PCI, GDPR,IRAP). Experience auditing and applying control processes to networks and applicationsKnowledge of compliance regulations (GDPR, CCPA, etc.) and security frameworks (ISO27001, NIST, SOC2)Experience developing corporate security policies, standards, and proceduresExperience with security and risk managementAbility to apply knowledge by reading and interpreting regulations to formulate real world...