Key skills
KanbanRisk ManagementOKRs
About this role
Role Overview
- Proactively and consistently manage the Tanium’s mission critical compliance frameworks, including ISO 27001, SOC2 Type 2, FedRAMP, and other frameworks
- Develop, enhance, and operationalize security, risk and privacy policies as well as associated business processes to mitigate risk and comply with applicable laws and regulations
- Own and manage the Tanium’s risk quantification & management program
- Own and manage GRC’s role in responding to client audit and RFP/RFI requests in a timely and effective manner
- Own and implement a vision for GRC tactics and methods which scale with Tanium’s business needs and balance efficient execution with comprehensive and repeatable processes
- Manage, support and inspire a team of GRC professionals
- Oversee third party technical risk assessments and related audit activity
- Serve as a subject matter expert for information security risk management principles and practices
- Collaborate with executives and key stakeholders across Tanium to review projects, assess business critical systems and ensure compliance with compliance frameworks and data privacy laws
- As necessary, perform and advise on privacy impact assessments
- Perform internal technical risk assessments/audits
- Proactively assesses potential items of risk and opportunities
- Promote a culture of information security across all business units
- Understand the role of systems and technology within the firm and the value they deliver to the business
- Stay abreast of impending changes to compliance & regulatory frameworks to guide annual planning cycles
Requirements
- Bachelor's Degree in Computer Science, IT or other relevant degree or equivalent work experience
- 7+ years of experience in Information Security and/or Data Privacy Compliance positions
- Practical, hands-on expertise implementing and managing Federal compliance frameworks such as FedRAMP, CMMC, etc.
- Deep expertise in common compliance standards, eg. ISO27001/270017/270018, SOC 2, NIST CSF
- Bonus points for hands-on, practical knowledge of PCI DSS
- Strong knowledge of the global data security regulatory environment
- Strong knowledge of global privacy regulations and requirements (eg. CCPA, GDPR, HIPAA, PIPEDA, UK DPA and Privacy Shield, and others)
- Highly skilled at making analytical risk-based decisions and recommendations
- Demonstrated ability to convey complex information in a clear and concise manner both verbally and in written form
- Demonstrated ability to engage directly with auditors and customers and address sensitive situations
- Demonstrated track record of managing a team of highly motivated, independent analysts/SMEs
- Experience with Objectives and Key Results (OKRs) and/or kanban principles
Benefits
- medical, dental and vision plan
- family planning benefits
- health savings account
- flexible spending account
- transportation savings account
- 401(k) retirement savings plan with company match
- life, accident and disability coverage
- business travel accident insurance
- employee assistance programs
- disability insurance
- other well-being benefits