Information Security Risk and Compliance Lead at Guild Education
Guild is hiring an Information Security Risk and Compliance Lead. This role reports to the Chief Information Security Officer and will be responsible for assisting the group on risk assessments and management, ensuring Information Security policies and procedures remain relevant and up to date, interface with audit, IT, and software engineering groups to ensure Guild is compliant to SOC I & II, NIST 800-171 and FERPA controls, and collaborating with other departments to ensure compliance to policies and procedures are maintained.
The ideal candidate will be a self-starter with good written and verbal communication skills, project management skills, and fluent in risk management, audit and compliance principles and processes.
As Information Security Risk and Compliance Lead, you will:
- Lead Information Security Governance, Risk, and Compliance group.
- Lead efforts to internally assess, evaluate and make recommendations to management regarding the adequacy of the security controls for Guild's data and information technology systems.
- Assist in ongoing risk assessments and analysis of new and upcoming projects or controls
- Maintain and coordinate policy and procedure reviews, coordinate training and communication to ensure all Guilders meet compliance requirements
- Assist with the coordination with Guild’s external auditors regarding organization controls (SOC I & II) and coordinate to resolve identified gaps
- Work closely with IT leaders, technical experts, deans and administrative leaders across Guild on a wide variety of security and compliance issues that require an in-depth understanding of the IT environment in their units, as well as the research landscape and federal regulations that pertain to their unit’s administrative, academic and research areas.
- Drive the identification of risks, associated controls and their treatment, communicating and working with engineering leadership to develop remediations to risk.
- Partnering with the compliance analysts, security engineers, engineering leadership and other key stakeholders and ensuring risks are appropriately shared, managed and reported.
- Create and maintain policies, standards, procedures and guidelines to changing Infosec Landscape
You are a strong fit for this role if you have:
- Previous experience in defining and writing controls, understanding of IT General Controls (ITGCs).
- Practical hands-on experience in a Risk Management environment
- Data Governance, Information Security and Compliance knowledge
- Basic knowledge of NIST requirements
- Foundational understanding of Cloud infrastructure concepts
- Experience reviewing cloud technologies (AWS, Heroku, SalesForce) and DevOps environments
- SOC 1 and 2 experience
- Experience using NIST 800-171 or 899-53 as a framework
- Working knowledge of Data Privacy and compliance requirements (GDPR, CCPA, HIPAA, etc)
- Experience with ITGCs as related to SOX.
Guild is increasing economic mobility for working adults by partnering with the largest employers in the country to offer education as a benefit to their employees via our marketplace of nonprofit universities and education institutions. Guild’s proprietary technology platform facilitates the administration of this innovative benefit and our team of coaches helps each employee navigate the path back to school, providing individualized support from day one through program completion.
We also just became the latest female-led company to hit a $1billion valuation and the only B-corp with those qualifications. Our Series D round was led by Ken Chenault, General Catalyst Partners chairman and former CEO of AMEX, and joined by Emerson Collective, LeadEdge Capital, and Iconiq.
Guild Education is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.