Director of Information Security GRC
At ASAPP, our mission is to solve complex and challenging problems by building transformative machine learning-powered products. We leverage artificial intelligence to address significant challenges that share three common characteristics: huge economic scale, systemic inefficiencies, and tremendous amounts of data. Our talented teams that drive our product innovation and development are located in New York City, San Francisco, Mountain View, and Buenos Aires.
We are seeking a Director of Information Security Governance, Risk and Compliance. Reporting to the CISO, the Director of Information Security GRC will work with the CISO, Chief Counsel, and other members of the company to develop and implement a GRC program that meets the requirements of ASAPP's enterprise customers and provides a level of assurance enabling ASAPP to stand out as the clear industry leader and a model to which others will aspire. ASAPP's vision is to not only provide compliant and secure enterprise solutions delivering core business value, but to also offer unparalleled value from a security and compliance perspective, leaving customers with exceptional strategic advantages.
What you'll do
- Develop and maintain a Rationalized Control Framework that meets the requirements associated with client contract terms and the standard of due care in their industries, including but not limited to NIST CSF, AICPA SOC 2, PCI DSS, HIPAA, GDPR, GLBA and FFIEC.
- Develop a target profile for the ASAPP's program maturity, aligned with the strategic objectives and timelines of the business.
- Develop, disseminate, maintain and ensure the adoption of Policies, Standards and Guidelines that are comprehensive with regard to the target profile, succinct and readable and reflective of an appropriate level of rigor.
- Work at all levels of the company to implement assurance processes in support of the Policies and Standards, innovating and automating where possible to achieve meaningful assurance outcomes in the most advantageous way possible.
- Conduct and coordinate internal and external risk and maturity assessments and audits (such as SOC 2 and PCI DSS), and report on progress, providing data and input for leadership, executive and board level presentations.
- Participate in the development of security terms in customer contracts--ensuring standardization and achievability to maximize efficiency and minimize risk.
- Respond to third-party inquiries, audits and reviews with accuracy and integrity ensuring professionalism and timeliness while leveraging rationalization, AUP's, innovative technology solutions, automation and pre-made materials to maximize efficiency, trust and customer satisfaction.
- Be active in the community and present your work at meet-ups and conferences, contributing to ASAPP's brand, supporting the Information Security talent growth, engagement and retention plan, raising awareness internally and furthering the evolution of the field of Information Security GRC for the common good.
- Manage and/or participate in both discrete and ongoing training programs and awareness campaigns to continually foster a culture of security among ASAPP personnel.
- Advise leadership and personnel with regard to the inherent and residual compliance and security risks associated with strategic initiatives, partnerships, products, and projects.
- Develop an efficient and effective third-party/vendor security risk management program, whereby an acceptable level of risk is maintained. Utilize technology and automation to add the greatest possible efficiency while achieving the appropriate level of assurance.
- Develop and maintain a comprehensive compliance calendar detailing all time bound compliance activities and ensure they are completed in a timely manner.
- Procure and schedule all applicable third party assessment activities, including network and application penetration tests, table top exercises and threat assessments, coordinating other teams and gathering input as necessary.
- Procure, coordinate and maintain third-party forensics retainers, and work with Legal to procure and maintain cyber insurance and relevant legal retainers with cyber counsel.
- Provide support, coordination and communication assistance as needed to the Incident Response Team and the Incident Response Leader when demanded by security incidents.
- Competitive compensation
- Free lunch daily
- Fully stocked kitchen and snack room
- Fitness and wellness perks
- Learning and development opportunities
ASAPP is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, disability, age, or veteran status. If you have a disability and need assistance with our employment application process, please email us at firstname.lastname@example.org to obtain assistance.