Sr. GRC Manager

Houston, Austin, Remote /
Information Security /
Full-time
About Us:

Cart.com is an ecommerce software and services company on a mission to democratize ecommerce and give digital merchants the freedom to grow. We are integrating all the pieces of the ecommerce value chain brands need to thrive, creating a truly end-to-end Ecommerce-as-a-Service platform that helps third party brands move faster, grow more quickly, and deliver on their promises more completely.  

The Sr. Governance, Risk, Compliance (GRC) Manager will oversee all GRC activities.  This includes implementing policies, procedures, and standards to govern the protection of corporate information systems, networks, data, and 3rd party services. The Manager will stay up to date on the latest cybersecurity intelligence while managing privacy workflows to ensure the company meets regulatory compliance.

Responsibilities

    • Implement security program using industry standard frameworks that align to regulatory requirements and business objectives.
    • Perform risk analysis for systems, processes, third-party tools/applications, and configurations.
    • Improve security posture through process, policy, automation, and the continuous advancement of capabilities.
    • Partner with cross-functional teams to identify specific third-party risks and recommend appropriate risk treatment action plans with pragmatic solutions to risk and control issues
    • Lead the day-to-day GRC function and mature the overall program.
    • Provide guidance to the Compliance team on certification efforts.
    • Manage, coach, and develop direct reports.
    • Provide guidance on process improvement.
    • Measure and report on the effectiveness of each program in your purview.
    • Manage Compliance initiatives across the business (i.e., NIST, ISO27001, SOC2, etc.).
    • Manage Payment Card Industry Data Security Standards (PCI DSS) audits.
    • Manage security training and phishing campaigns to mitigate social engineering attacks.
    • Develop and monitor security incident management program to ensure effectiveness.
    • Assess incidents, vulnerability scans, patching status, secure baselines, and penetration test result.
    • Document, and reports control failures, and gaps to stakeholders. Provides remediation guidance and prepares management reports to track remediation activities.
    • Partner with Legal on DPO/contract reviews, as well as privacy, and security matters as needed.
    • Manage privacy program/tools involving CCPA, CPRA, GDPR, etc.
    • Perform other related duties as assigned.

Experience

    • + years' experience in GRC management/leadership positions.
    • Experience in GRC Programs (i.e., Technology Governance, Issue Management, Metrics Management, Third-Party Risk Management, Risk Profile, etc.).
    • Strong business and technical acumen and ability to lead executive level discussions about compliance and risk.
    • Ability to align GRC initiatives to business strategy.
    • Experience assisting legal and privacy on customer contractual reviews and engagements.
    • Understanding of IT policies, laws, standards, and frameworks applicable to the specific technical role e.g., PCI DSS, ISO27001/2, and NIST CSF.
    • Experience creating and managing corporate policies.
    • Experience testing or auditing technical controls.
    • Creative problem solver and desire to learn.
    • Strong oral and written communication skills.
    • Experience working in an Agile environment preferred.

Education

    • Bachelor’s degree or equivalent work experience (Information Technology, Engineering, Cybersecurity, or a related technical field).
    • CISSP, CISA, CISM certifications or equivalent.
    • CIPP, CIPM, CIPT certifications or equivalent preferred.   
    • Microsoft, public cloud technical certifications preferred.
    • ITIL foundations certification preferred.
OUR CORE VALUES:

These aren’t just buried somewhere in an employee manual. We live and breathe them. They are on the walls and live in our hearts. They come up constantly in conversations and actions. They govern the decisions of the newest hire all the way up to our CEO:
 
WE ARE OBSESSED WITH BRANDS
We live for brands and are fanatical about their success.
 
WE THINK BEYOND THE BOX
We explore new ideas and discover creative solutions. We think openly about how to serve brands and solve problems.
 
WE DON'T GIVE UP
No one expected this to be easy. We are resilient— we dig in and keep going.
 
WE SPEAK UP
Every person here has an obligation to question norms, voice concerns, and offer their perspective.
 
WE WORK TOGETHER
We work with integrity and respect, ask for help, and extend the same help to others.
 
WE ARE HUMAN
Our people are our biggest strength. We have fun and make real connections with one another and with the brands we serve.
 

Cart.com is deeply committed to building a diverse and inclusive workplace. We’re proud to be an equal opportunity employer, seeking to identify and onboard people from all walks of life. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, family status, marital status, sexual orientation, national origin, genetics, neurodiversity, disability, age, or veteran status, or any other non-merit based or legally protected grounds.

#LI[SD1]