GRC Assessments Officer at Socure (Remote)
Socure is redefining identity verification with groundbreaking technology, supporting myriad organizations with the most accurate authentication tools in the industry.
What we build helps businesses scale faster, stop fraud, and ultimately allows millions of people who are excluded from the digital economy (due to outdated fraud detection models) to take part in it like everyone else.
Our culture is about innovation, winning, and customer obsession. We are full of top performers that prioritize excellence and results, as well as support for one another, on the path to achieving our mission: to verify 100% of good identities in real time and completely eliminate identity fraud for every applicant on the internet.
To learn more about working at Socure visit our career page here: https://www.socure.com/company/careers
What the role is:
We are looking for a GRC Assessments Officer in the Governance, Risk, and Compliance (GRC) Group to be based anywhere remotely in the USA.
Our GRC team has the unique opportunity and visibility to actively partner with departments across Socure taking a holistic view of the whole company and reducing risk. We are responsible for the operations and oversight of company policies, practices, and procedures and translating the requirements of legal, regulatory, and contractual obligations into real solutions.
This role reports to the Sr. GRC Officer within the larger Governance, Risk & Compliance Team.
What You'll Do:
- Support initiatives individually and as part of a larger GRC group to keep pace with a high-performance fast-growing data-driven company
- Respond to Security Questionnaires and RFPs arising from Socure’s prospects and existing customers.
- Execute IT Security controls, evidence gathering and approvals, ahead of customer reviews
- Present evidence on scheduled customer calls and walk through existing internal processes
- Join customer calls as needed ongoing assessments to provide additional information or clarification about our environment/existing practices as needed
- Collaborate and coordinate with internal contributors and Subject Matter Advisors (SMAs) to ensure that overall responses are complete, accurate and delivered on time.
- The position requires collaboration with multiple teams internally so we are looking for an individual with high initiative that has demonstrated the ability to work collaboratively in a team environment.
- The candidate must be detail oriented, have excellent communication, writing and organizational skills.
- Support fellow Socureans with technical GRC-related questions and topics and suggest solutions that minimize Risks to the success of Socure.
- Work with the GRC group to create, enhance, support, and enforce company policy and practices for risk mitigation
- Evaluate risks — known and unknown — within the company and its operations in accordance with known industry frameworks (ISO, NIST, etc.)
- Review, modify, and maintain existing practices and policies to reflect our operations and values within specific industry-standard frameworks (i.e. ISO, NIST, et al)
- Assist with annual external audits (SOC 2, ISO, etc.) as needed
- Other Ad-Hoc GRC initiatives, as required.
What You'll Bring:
- 3+ years IT security, IT risk, IT auditing, and/or IT compliance experience within a technology company, accounting firm, or other company operating in heavily regulated environments
- 2+ years experience of responding to Customer and Prospect Due Diligence Questionnaires and assisting/leading with onsite (virtual) assessments
- Bachelor’s Degree or Equivalent Work Experience evaluating risk across data and privacy
- Exceptional organizational skills
- Near-Uncanny attention to detail
- Ability to work independently, adjust priorities, and work in a continuously changing environment
- Extremely strong written and verbal communication skills
- Able to oversee and manage multiple projects simultaneously
- Must have familiarity with a majority of the following:
- AWS (IaaS - Infrastructure-as-a-Service)
- SaaS-based services and systems
- Authentication systems and schema
- Cloud-based hosting and virtualized networked systems
- Code Development methodologies and environments
- Database security
- Familiarity with related standards: AICPA (SSAE16/SOC reporting), ISO (27001 and associated certifications), NIST, and HITRUST frameworks, etc.
- Anticipated travel: 15% per year, post-COVID, remote work is expected at this time
- Regulatory knowledge, including data handling policies and procedures within and outside of the U.S. a plus
- Familiarity with different tools used in the Information Security space including but not limited to: SIEM Tools, OneTrust, JIRA, etc.
- Familiarity with RFP/RFI software e.g. Loopio, RFP.io etc
- Security or privacy certifications (CISA, Security+, CIPP, etc.)
- Competitive base salary
- Equity - every employee is a stakeholder in our upside
- Medical, dental and vision benefits for employees and their dependents
- Parental leave and fertility support
- Flexible PTO
- 401K with company match
- Stipend to supply your home office
- Annual professional development stipend
Socure's number one priority is to safeguard the health and well-being of our team members, our families and our communities. During this unprecedented time, we are closely monitoring COVID-19 developments and updating our response plan quarterly. We are regularly soliciting feedback from our employees to help inform our return-to-office strategy. For our team members who loved going into the office, we are looking forward to meeting once again! But until then, we are striving to ensure that Socureans have the resources and support they need to excel from home. This includes a work-from-home stipend so you can build your home office and fun, virtual events so you can continue to feel connected to your coworkers.
We are an equal opportunity employer and value diversity of all kinds at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.