Checkr’s mission is to build a fairer future by improving understanding of the past. We believe all candidates, regardless of who they are, should have a fair chance to work. Established in 2014 and valued at $2.2B, Checkr is using technology to bring hiring to the next level. Our People Trust Platform uses artificial intelligence and machine learning to help thousands of companies modernize their background check process and make hiring safer, more efficient, and more inclusive. Some of our customers include, Uber, Instacart, Doordash, Netflix, Compass Group, and Adecco.

A career with Checkr is an opportunity to work with some of the best and brightest minds, disrupt an industry for a better future, and give otherwise overlooked candidates access to employment. Checkr has been recognized in Forbes Best Startup Employers and is a top Y Combinator company by valuation. 

Checkr is looking for an Senior Program Manager to lead the operationalization of security compliance programs to support various compliance regulations we need to comply with. This person will lead a team of security risk assessment specialists who will focus on performing risk assessments that address security threats, changes to systems and/or applications, process improvement initiatives, vendor assessments and other requests from the business.

What a typical week may look like at Checkr 

• Work with various operational teams across Checkr to drive towards a cohesive view of security risks. Maintain accurate reporting of remediation activities to bring appropriate visibility to stakeholders and their leadership regarding their open items.
• Monitor the security risk profiles of our vendors to objectively determine high risk vendors that require additional review.
• Maintain up-to-date detailed knowledge of the information security industry, including awareness of new or revised security solutions, improved security processes and the identification of current and new attacks.
• Conduct security audits and assessments, analyze results, identify remediation activities and/or compensating controls and track remediation efforts to completion.
• Develop metrics to measure and track compliance, risk and the effectiveness of the information security program.
• Respond to customers or other third-party inquiries.
• Identify security issues and provide the appropriate resolution or make recommendations to Sr. Management on how to resolve or identify compensating controls related to security findings.
• Participate as a member of the Incident Response Team by conducting forensic analysis and troubleshooting to assist in the containment and remediation of security incidents.
• Network traffic analysis, log analysis, prioritization and differentiation between potential intrusion attempts and false alarms.

What we value in a Senior Security Compliance Program Manager

• 5+ years working in governance, risk and compliance and/or information security and risk management.
• You have general knowledge across all of GRC, with focused expertise in your area.
• You have worked with both business and technical risk and understand how to translate between the two and communicate to various levels of technical and business management.
• You have familiarity with some relevant security frameworks such as FedRAMP, ISO 27001, SOC1/2, PCI, etc.
• Knowledge of common security certifications (i.e. ISO 27001, SOC1, SOC2) and ability to assemble significance from findings identified in these reports.
• Relevant BA/BS degree and/or certifications (CRISC, CISSP, CCIE, CISM, CISA, CCSK)
• You have built productive relationships with Technical Operations, Security Operations, Incident Response, Technical Compliance and other stakeholders.
• You have relevant knowledge of network engineering, systems engineering and related device engineering if appropriate as appropriate for your focus area.
• Knowledge of, or experience working with, Cloud technologies/environments, AWS is a plus
• Knowledge of infrastructure, network, engineer, programming is a plus
• Strong knowledge of security risk management frameworks including related regulatory compliance requirements (NIST CSF & 800-53, ISO27001, SOC, HITRUST, HIPAA, FedRamp, PCI, GDPR, etc.)
• Ability to communicate risk methodologies and concepts to the business unit and IT.
• Demonstrated experience with controls definition, development, implementation and assessment.
• Demonstrated experience leading and executing security assessments.
• Strong interpersonal skills and ability to work effectively with diverse and distributed teams.
• Strong attention to detail, project management and organizational skills.

What you get

• A fast-paced and collaborative environment
• Learning and development allowance
• Competitive compensation and opportunity for advancement
• 100% medical, dental and vision coverage
• Unlimited PTO policy
• Gym membership, transportation reimbursements

*The base salary for this position will vary based on geography and other factors.  In accordance with Colorado law, the base salary for this role if filled within Colorado is $94,000 - $110,000.

Equal Employment Opportunities at Checkr

Checkr is committed to hiring talented and qualified individuals with diverse backgrounds for all of its tech, non-tech, and leadership roles. Checkr believes that the gathering and celebration of unique backgrounds, qualities, and cultures enriches the workplace.   

Checkr also welcomes the opportunity to consider qualified applicants with prior arrest or conviction records. Checkr’s commitment to diversity extends to hiring talented individuals in spite of a prior criminal history in accordance with local, state, and/or federal laws, including the San Francisco’s Fair Chance Ordinance.

#LI-Remote