InfoSec Governance Risk and Compliance Lead (Cybersecurity)
Вакансия из Hirify Global, списка международных tech-компанийДля мэтча и отклика нужен Plus
Мэтч & Сопровод
Для мэтча с этой вакансией нужен Plus
Описание вакансии
TL;DR
InfoSec Governance Risk and Compliance Lead (Cybersecurity): Spearheading information security risk and compliance initiatives to ensure alignment with world-class security standards with an accent on GRC strategy, third-party risk management, and SOC 2 audit cycles. Focus on optimizing procurement security reviews, managing technology risk processes, and scaling the GRC function within a B2B SaaS environment.
Location: Remote (Must be based in Australia or the following US states: CA, MD, MA, IL, OR, WA, CO, TX, FL, PA, LA, MO, DC)
Company
is a fast-growing B2B SaaS company specializing in cybersecurity and third-party risk management.
What you will do
- Drive the GRC strategy and take primary ownership of technology and cybersecurity risk.
- Lead Third-Party Risk Management (TPRM) evaluations and embed security reviews into the procurement lifecycle.
- Own the annual SOC 2 Type II audit cycle, including design and coordination of remediations.
- Architect and maintain the technology risk management process and deliver executive-ready reporting.
- Draft and maintain a robust framework of InfoSec policies, standards, and guidelines.
- Implement company-wide security awareness and compliance training programs.
Requirements
- 4+ years of experience in Information Security, IT Audit, or GRC within a technical, cloud-based landscape.
- Hands-on expertise with modern GRC platforms and Third-Party Risk Management (TPRM) tools.
- Experience partnering with legal and procurement teams to review vendor contracts and security exhibits (e.g., GDPR/CCPA).
- Ability to translate complex technical risks into clear business impacts for diverse stakeholders.
- Must be based in Australia or the US states of CA, MD, MA, IL, OR, WA, CO, TX, FL, PA, LA, MO, or DC.
Nice to have
- 6+ years of experience, including 2+ years in a lead or senior capacity in B2B SaaS.
- Proven track record of leading SOC 2 Type II, ISO 27001, or NIST audits from scratch.
- Professional certifications such as CISA, CRISC, CISM, or CISSP.
- Experience scaling GRC functions within a rapidly expanding global startup.
Culture & Benefits
- Fully remote working environment with available physical offices in Sydney and Hobart.
- Annual $1500 USD Learning & Development allowance.
- Monthly lifestyle subsidy and WFH set-up allowance.
- 18 weeks of paid parental leave and generous personal/sick leave.
- Provision of top-spec hardware and paid subscriptions for generative AI tools.
Будьте осторожны: если работодатель просит войти в их систему, используя iCloud/Google, прислать код/пароль, запустить код/ПО, не делайте этого - это мошенники. Обязательно жмите "Пожаловаться" или пишите в поддержку. Подробнее в гайде →
Похожие вакансии
Senior Information Security Specialist (GRC)
Information Security Governance, Risk and Compliance Specialist (Cybersecurity)
Senior Security GRC Lead (SaaS)
Senior Information Security Engineer (GRC)
GRC Services Risk Consultant (Cybersecurity)