Our Security Assurance department is in the business of trust, transparency, and advisory. We aim to prove to others and ourselves that we are trustworthy and do what we say. We deliver on this by aligning missions across four core programs: Supply Chain Risk Management, Privacy Operations, Security GRC, and Customer Trust & Security. In addition, we have a team of intelligent, dedicated, and highly collaborative SMEs responsible for building and maintaining well-defined solutions that help grow our business.
To support our growth and ambitious vision, we embrace agile principles and values, share openly, apply context-driven security mechanisms, default to action, and have an OSS-first mindset. We are a 100% remote company.
The Senior Security GRC Manager will collaborate with teams across the company to understand, contextualize, design, implement, and report on our global security, risk, compliance and technology requirements for security. Ideally, you would be familiar with operating in a cloud-native, remote product organization.
This is a people manager role reporting to the Director of Security Assurance.
A successful candidate in this role would be able to:
Develop, build, and roll out information, cyber, open source and cloud security governance frameworks.
Lead a security governance structure that drives effective decision-making across the Grafana leadership team.
Establish a cadence for security program reviews, support existing accreditations and identify strategic maturity opportunities for compliance.
Implement a mechanism for quantifiable risk-based security evaluation, prioritization and ownership.
Build partnerships with cross-functional stakeholders who are decision-makers for security initiatives.
Socialize and provide awareness of policies, standards, processes, and controls with relevant stakeholders.
Design a comprehensive Security Risk Management framework aligned with the business and security strategies.
Develop and manage Security GRC reporting metrics and dashboards.
Partner with engineering and operations teams on the business continuity and digital resilience program.
Identify, design, and implement process improvement initiatives to ensure scalability, allowing us to work smart and reduce repetitive tasks for customers and internal teams.
You should know a lot about:
Security governance, risk management and compliance engineering in cloud-native environments (GCP, AWS, Azure, Kubernetes, LogicGate, Secureframe, Jira, ServiceNow GRC).
Information security frameworks and standards (SOC 2, ISO 27001, ISO 27018, ISO 27017, ISO 22301, CISv8, CSA STAR and TISAX).
Securing the workforce of a remote-first organization.
Operationalizing Business Impact Assessments (BIAs) and Business Continuity Management Systems (BCMS).
Translating minimum viable policies into realistic and measurable controls. Read more here: https://grafana.com/blog/2021/12/20/the-values-behind-scaling-cloud-native-security-at-grafana-labs/
You should have some knowledge of the following:
Privacy regulations and frameworks (GDPR, CPRA/CCPA, CSA CoC for GDPR, Privacy Shield, SCCs, ISO 27701).
Corporate IT security operations, technology trends, and current cyber threat landscape.
Working with Solutions Engineers and GTM teams to provide adequate artifacts for customer requirements.
You should be able to demonstrate the following:
Passion for understanding our customers, open source community, products, culture, and business model.
A strong desire to learn in a rapidly growing and dynamic startup environment.
Ability to work closely with end users in a consulting or support capability.
Excellent written and verbal communication skills.
Good interpersonal skills and capabilities to build long-term business relationships.
BS/MS degree in engineering, computer science, or information security, or equivalent experience.
CISSP, CISA, CISM and/or other cloud security solutions certifications are a plus