Sorry, this listing is no longer accepting applications. Don’t worry, we have more awesome opportunities and internships for you.

Governance, Risk and Compliance (GRC) Manager

T

TRICENTIS

Governance, Risk and Compliance (GRC) Manager

Atlanta, GA
Full Time
Paid
Similar Jobs
  • Responsibilities

    Job Description

    Company Description With the industry’s #1 CONTINUOUS TESTING PLATFORM, Tricentis is recognized for reinventing software testing for DevOps. Through agile test management and advanced test automation optimized to support 150+ technologies, we provide automated insight into the business risks of your software releases—transforming testing from a roadblock to a catalyst for innovation. The result is accelerated software delivery speed, improved cost efficiency, and reduced business risk.

    Tricentis is the only vendor to achieve “LEADER” STATUS in all three top analyst reports (i.e., the “Triple Crown”). This honor is based on our technical leadership, innovation, and a Global 2000 customer base of 1500+ companies, including global enterprises such as Allianz, Cisco, Dolby, First Data, HSBC, Office Depot, Samsung, Starbucks, Vodafone, Whole Foods, and WorldPay. Customers rely on Tricentis to achieve and sustain test automation rates of over 90 percent—increasing risk coverage while accelerating testing to keep pace with Agile and DevOps.

    Tricentis has a GLOBAL PRESENCE in Austria, Australia, Belgium, Denmark, Germany, India, Netherlands, Singapore, Switzerland, Poland, the UK and United States.

    Job Description SUMMARY: The Governance, Risk, and Compliance Manager is responsible for assessing and documenting Tricentis’ compliance and risk posture as they relate to its information assets.

    The purpose of this position is to provide highly skilled technical and information security expertise for development and implementation of the information security risk management program. Responsibilities require leadership and project management; experience, as well as expertise to ensure effective system-wide security analysis; standards and testing; risk assessment; awareness and education; and development of policies, standards and guidelines.

    DUTIES AND RESPONSIBILITIES:

    LEADERSHIP

    • Perform other duties as assigned to ensure the smooth functioning of the department and maintain the reputation of the organization as a viable business partner.
    • Recommend programmatic and technical directions and operate with a high degree of independence in matters relating to the investigation, impact, and analysis of security incidents, decisions regarding risk, and measures for product, computer, and network security.

    RISK

    • Lead the development and implementation of the organization-wide risk management function of the information security program to ensure information security risks are identified and monitored.
    • Internally assess, evaluate and make recommendations to management regarding the adequacy of the security controls for the Company's information and technology systems.
    • Evaluate vendor risk, participate in the vendor management process.

    POLICY/COMPLIANCE

    • Lead the organization-wide information security compliance program, ensuring IT activities, processes, and procedures meet defined requirements, policies and regulations.
    • Assist in the develop and implementation of effective and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation and alignment with business objectives.
    • Execute strategy for dealing with increasing number of audits, compliance checks and external assessment processes from customers and external auditors relating to effective security practices, ISO 27001/2, SOC 2, and potentially FedRAMP.

    OUTREACH/AWARENESS

    • Interacts in both oral and written communications with all levels of Company staff including; IT, engineering, senior leadership, general counsel, auditors, customers, and technology vendors and contractors, in matters related to information security.

    AUDIT

    • Work with customers, external auditors, and outside consultants as appropriate on required security assessments and audits.
    • Coordinate and track all information technology and security related audits including scope of audits, parties involved, timelines, auditing agencies and outcomes. Work with auditors as appropriate to keep audit focus in scope, maintain excellent relationships with audit entities and provide a consistent perspective that continually puts the organization in its best light. Provide guidance, evaluation and advocacy on audit responses.

    PROBLEM-SOLVING SKILLS

    • Must be able to assess computer hardware, software, and systems for security risks or violations and work with company staff and technology vendors to recommend solutions. Must be able to assess the status of complex multi-location projects as well as identify and track appropriate corrective measures to resolve issues as they arise. Must have a strong customer service orientation and the ability to project that attitude to customers in remote locations.

    SECURITY AWARENESS

    • Manage the security awareness training program and strategies to address awareness and training for all stakeholders as well as technical solutions.

    CONTINGENCY PLANNING (IR, BC, DR)

    • Assist in the development and implementation of Business Continuity Planning and testing.

    Qualifications

    • 5 years of advanced IT skills with a high level of information security experience and expertise
    • Knowledge of information security risk management frameworks and compliance practices, including ISO 27005 and NIST 800-30
    • Knowledge of securing network technologies, client, and server operating systems.
    • Ability to develop security standards and guidelines based on best practices and industry standards
    • Excellent interpersonal, communication, and presentation skills, including formal report writing experience
    • Understanding of common security and privacy standards, regulations, and laws relating to a cloud software development company (e.g., SOC 2, ISO 27001/2, GDPR)
    • Security awareness training
    • BCP development and testing

    Preferred Qualifications

    • Bachelor’s degree in information technology or other related field
    • Skills in documenting risk and compliance activities
    • Information security related training or certifications such as CISSP, CRISC, or CISA.
    • Experience performing information security audits or risk assessments
    • Familiarity with security auditing processes
    • An understanding of policy development and dissemination

    Additional Information We offer:

    • Market conform salary + success-oriented bonus
    • Favorable working atmosphere in a rapidly expanding company
    • Personal and professional development
    • corporate travel insurance (CTI)
    • Variety of career opportunities and a wide range of tasks
    • permanent, full-time employment

    Tricentis is proud to be an equal opportunity workplace. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran.