Senior Manager, GRC & Privacy (Remote) at Deepwatch, inc.
Who We Are
Guided by our Core Values, Deepwatch is securing the digital economy by tenaciously protecting enterprise networks - everywhere, everyday. Our team, many of the most technically astute minds in cybersecurity, serves an impressive list of Fortune 500/Global 2000 companies. Our success is driven by our unique IP, Cloud SecOps platform and strategic partnerships with industry leading technology vendors. Deepwatch is:
- CISO Choice Awards: MSSP Winner 2020 & 2021
- Great Place to Work® Certified 2020
- Goldman Sachs portfolio company: $53m Series B investment 2020
- Splunk Partner: #1 Volume MDR/MSSP - Splunk Managed SIEM
- Forrester: Top 10 MDR
What We Do
Deepwatch's innovative cloud platform and borderless SOC extends our customers' cybersecurity teams and proactively protects their brand, reputation and digital assets. Our powerful analytics platform analyzes billions of events each month and is trusted by hundreds of leading global organizations to provide 24/7/365 managed security services. We have developed some of the coolest, most innovative IP in the industry and we're expanding our platform by investing extensively in research and development.
What We Offer
- Choice of medical, dental and vision plans with Deepwatch paying 100% of premium for HDHP medical and dental along with a very generous portion for dependents
- FSA (Medical and Dependent) and HSA with employer contribution
- Employer Paid Life Insurance, Short Term Disability and Long Term Disability
- Supplemental Life/Critical Illness/Accident
- Generous Paid Time Off, 9 company holidays, 2 floating holidays
- 8 Weeks Paid Parental Leave
- Wellness contests and monthly educational programs (award-winning at that)
- Employee Assistance Program available to an employee's entire household, free and confidential, available 24/7 with 6 face-to-face counseling sessions
- Employee Discount Program
- Great Place to Work Certified
- Outstanding Rating on Glassdoor
- 100% Remote-First
- Very competitive salary
- Stock Options for all employees
- 401k with company match
- $2,400 annual stipend for Cell/Internet
- Annual all expense paid CKO trip
- Chairman's Club
- Employee and Customer Referral Bonus Programs
- Mentoring Program
- Limitless career progression and commitment to promoting from within
- $3,000 first year in Professional Development, increasing to $6,000 annually thereafter
- Company-wide initiatives, such as supporting https://www.stemforher.org/
- Paid Time Off for voting and volunteering
- Employee Affinity Groups: Supportive internal networks like Women of Deepwatch
- Annual credit to Deepwatch Swag Store
- Peer Recognition Program (Radical Performer)
- Having a blast! Monthly All Hands and Ask Me Anything calls, interactive wellness programs, social events, cross functional initiatives, annual Company Kick Off event, and department offsite meetings to name a few
Senior Manager, GRC and Privacy
Deepwatch is committed to providing our customers with peace of mind by effortlessly extending their cybersecurity capabilities through the deepwatch SOC cloud platform. By building a service using modern technologies, we provide our customers with a fast and scalable solution to their security needs.
As the leader of the GRC and Privacy team, and a member of the Information Security Team, you're helping build a strong foundation for deepwatch. You know what awesome looks like, you understand scalable risk management and compliance frameworks, and if implemented correctly can add tremendous value for our employees and customers. You can enable deepwatch to change for the better, by adopting proactive versus reactive ways of handling privacy and compliance, while enabling you to be an influential leader that helps us see around the next corner as we scale the business.
Lets face it, managing risk, compliance and privacy isn't an easy task. We're constantly surrounded with more check-boxes and frameworks than we know what to do with. At deepwatch, we're focused on using efficient, scalable and automated systems to make the process simple, intuitive and easy to understand and adhere to for the business. If this sounds like something you're all about, come join us, we're passionate about the experience and creating a more secure environment for our employees, and by extension our customers too.
- Work with the CISO to develop and lead a strategic roadmap for the GRC and Privacy function
- Build a strategic and comprehensive privacy program the defines, develops, implements and maintains policies and procedures that enable consistent and effective privacy practices
- Implement privacy and compliance controls through a unified approach that reduces overall risk and friction for our employees, prospects and customers
- Maintain a strong understanding and awareness of legislative and regulatory changes to ensure compliance
- Work with go to market functions to ensure that privacy and compliance interests are adequately represented and addressed
- Conduct ongoing internal compliance monitoring activities to ensure we're walking the walk and living up to our own commitments
- Drive overall budget for software, professional services, consulting and headcount as it relates to GRC and Privacy
- Work with key stakeholders to identify gaps and perform risk assessments in adherence to applicable frameworks
- Establish, get buy-in and support for strategic roadmaps to close gaps and align processes to to compliance requirements
- Communicate program and deliverable milestones, escalations and any potential short-falls to relevant stakeholders
- Monitor and evaluate applicable and ever-changing laws and regulations, rules and guidance to help maintain compliance and alignment with deepwatch goals
- Conduct org-wide compliance and privacy training, ensuring our people are armed with high value and actionable information to be successful in their day to day roles
- Ensure we're doing more than just running yearly audits, but staying the course related to SOC 2, PCI DSS, HIPAA, TRUSTe and GDPR throughout the year
- Support our employees by educating them about proactive security and enabling security and privacy by design
- Create informed and actionable metrics so we can better understand how we're meeting our commitments and improving our customers' trust in our products and services
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Required Experience, Skills and Knowledge
- Working with legal teams, making tradeoffs and coming up with solutions to customer needs
- 8+ years of Information Security experience, with 2+ years of GRC leadership experience
- Hands on experience with implementing GRC/Privacy programs
- Strong understanding and working knowledge of strategy, governance, risk and compliance frameworks
- Demonstrated experience successfully creating and executing a strategic privacy and compliance roadmap
- Experience with security and compliance requirements of cloud infrastructure, such as AWS and Azure
- Strong knowledge and understanding of SOC 2 and GDPR
- Work with third parties, in support of vendor security assessments, ability to make risk-based decisions and tradeoffs
- Ability to measure the effectiveness and maturity of the program using metrics and tools such as Snowflake and Tableau
- Thorough documentation abilities and process adherence mindset, with the ability to tailor solutions that are practical and low friction for employees, prospects and customers
- Ability to pass a pre-employment background and drug screen in accordance with applicable laws
Preferred Experience, Skills and Knowledge (bonus points, but not required)
- CIPT, CIPP/US, CISA, CIPT or CISSP are nice to haves but not required
- ISO 27k series, TRUSTe, PCI and HIPAA experience is a plus but not required
- Experience working with tools such as LogicGate, Google Workspace, Slack and other modern cloud-native platforms
- Experience with implementing FedRAMP or associated controls
Colorado* Candidates :
Minimum salary of $136,000 + bonus + commissions + stock options + benefits. Actual compensation may vary from posted hiring range based upon geographic location, work experience, education, and/or skill level.
*Note: Disclosure as required by sb19-085 (8-5-20) of the minimum salary compensation for this role when working remotely from the state of Colorado.
Equal Opportunity Employer
Deepwatch is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, disability status, marital status, sexual orientation, gender identity, genetic information, protected veteran status, or any other characteristic protected by law. In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification document form upon hire.
"This position will have access to customer data and as such is subject to International Traffic in Arms Regulations (ITAR). Upon application, candidates will be asked to confirm that they are a U.S. Person as defined by the following:
- A citizen of the U.S.;
- A lawful permanent resident of the United States;
- A person admitted to the United States as a refugee; or
- A person that has been granted asylum by the United States government."
The intent of this requirement is not to verify employment eligibility overall, but to ensure compliance with import/export regulations. If you do not meet these requirements, we encourage you to apply for other open roles at Deepwatch. This information will be verified upon offer of employment."