Director, Governance, Risk & Compliance
Who We Are
Red Canary was founded to create a world where every organization can make its greatest impact without fear of cyber attack. Our combination of market-defining technology, processes, and expertise are preventing breaches every day. We are completely changing the way security is delivered and setting the new standard for security. If our mission resonates with you, let’s talk!
What We Believe In
- Do what’s right for the customer
- Be kind and authentic
- Deliver great quality
- Be relentless
Challenges You Will Solve
At Red Canary, the protection of our customers and their data is of the utmost importance. Red Canary’s Governance, Risk & Compliance (GRC) team ensures that our people, platforms, and data remain secure from all forms of harm. As the Director, GRC, you will help ensure that our controls, policies, and procedures are designed and executed to deliver the best possible outcomes for Red Canary and our customers. The Director, GRC is responsible for overseeing the entire scope of Red Canary’s GRC program.
What You'll Do
- Create and maintain information security policies, standards and controls
- Oversee the technical risk management process, including risk analysis and mitigation activities
- Implement and run procedures and controls to assure compliance with applicable regulatory and legal requirements
- Owns the SOC 2, ISO 27001, ISO 27701, and other external audit processes
- Manage the technical Internal Audit program
- Manage periodic technical security assessments against Red Canary’s infrastructure and products
- Manage our privacy program, and relationship with the legal department in regards to privacy practices
- Create and maintain customer-facing security program documentation
- Assist sales and legal with customer contractual negotiations in relation to security requirements
- Provide leadership for incident response activities
- Facilitate the business continuity and disaster recovery programs
- Provide leadership on Vulnerability Management, and Training & Awareness programs
- Lead the vendor risk management program
- Work closely with other Trust team members in completing cross functional projects
- Provide reporting and metrics to senior leadership
What You'll Bring
- Experience applying security frameworks such as ISO 2700x, NIST 800-53 or the NIST Cybersecurity Framework
- Subject matter expertise developing, executing, and sustaining company-wide programs, policies, and procedures
- The ability to speak the language of auditors, but you can articulate modern technological paradigms (i.e., infrastructure-as-code, CI/CD, etc.)
- Experience managing a team in a fast paced environment
- Understanding of the unique risks presented by cloud-native architecture, and compliance and audit strategies for environments heavily reliant on SaaS
- Outstanding written and verbal communication skills
Targeted base salary range: $170,000 - $200,000 + bonus eligibility and equity depending on experience
Why Red Canary?
Red Canary is where people embody our mission to improve security outcomes for all. People work hard to maintain a culture that encourages authenticity in order to do your best work. Our people are driven and committed to finding the best security outcomes, delivering real and actionable answers, and being transparent along the way.
At Red Canary, we offer a very rich benefits program to our full-time team members so they can focus on their families and improving our customers’ security. For a full list of benefits, please review our Benefits Summary:
https://redcanary.com/wp-content/uploads/2021/01/Benefit-Summary-Red-Canary.pdf
Individuals seeking employment at Red Canary are considered without regard to race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, gender identity, or sexual orientation.