GRC Director - Product
TrustCloud (https://www.trustcloud.ai) is on a mission to make it effortless to earn trust in every business relationship. We believe that if your customers trust you, they will do more with you. TrustCloud transforms Governance, Risk, and Compliance (GRC) into Trust Assurance. Trust Assurance is re-thinking GRC workflows using AI and API-based automation to lower cost by 70%, accelerate revenue by 60%, and reduce board of directors and business liability. With TrustCloud’s predictive intelligence and programmatic verification, SMBs and enterprises automate how they meet their customer, audit, and governance commitments so they can stay secure and grow their business. With the fastest, most cost-effective way to get audit-ready, answer security questionnaires and manage risk, TrustCloud turns GRC into a profit center. TrustCloud is used by over 700 companies, and is the inventor of the Trust Assurance space.
About the Role
Position: Full time
Reports to: CTO
Location: This role will be primarily remote, based in USA (work from home)
The Team Will Rely On You To:
- Develop TrustCloud’s Common Control Framework by designing common controls based on NIST 800-53, and mapping them to a diverse set of frameworks and standards.
- Develop testing and evidence strategies for TrustCloud’s Common Control Framework, and deploying them to our product catalog to be used by customers.
- Develop Risk Frameworks, in conjunction with our advisors, which include a set of Risks, Controls, and Policies focused around a particular issue, such as AI, Ransomware, and supply chain.
- Provide input and leadership as the voice of the GRC expert in TrustCloud’s new product features and capabilities.
- Develop product guides, in conjunction with our technical writers, that teach our customers on best practices
- Implement design-partner projects with cutting edge customers in a hands-on fashion.
- As a secondary role, occasionally provide training for our consulting and audit partners, and our support and customer success teams.
- Experience with one or more compliance frameworks -SOC 2, ISO 27001, HIPAA and security frameworks, such as NIST 800-53 and NIST CSF.
- Experience working in the GRC product industry, or having developed internal GRC tools for a mid-size or large company
- Experience owning a GRC program at a mid-size or large company is a plus.
- Knowledge and understand of privacy frameworks and regulations such as GDPR and CCPA is a plus
- Experience performing risk assessments.
- Experience with audits and audit preparation for companies running in a cloud/SaaS environment. Auditor experience is a plus.
- An understanding of cloud infrastructure, including familiarity with core concepts, setup, and configuration ( at least one of AWS, Azure, GCP).
- One or more certifications, such as CISA, CISM, or CISSP. Although not required, they are common for professionals in the space.
- An ability to manage multiple priorities at a time — good organization, time-management, and attention to detail.
Do You Align With Our Values?
TrustClouds values are resilient THREADs that are stitched into the very fabric of our culture.
- TRUST: We strive to continuously earn the trust of our team, customers, investors and all other stakeholders - proving we are dependable.
- HEALTH: We are diligent caretakers of the health of the business, but never prioritize it over the mental and physical health of our team.
- RESPECT: We are passionate about being respectful and courteous. There’s no excuse for being a jerk.
- EVIDENCE BASED DECISIONS: Our strategy and operations are driven by evidence, which we collect from our customers, product, team, and partners.
- ACTION ORIENTED: Each person is empowered to own things and make decisions, rather than wait for consensus.
- DIVERSITY: We work hard to nurture a team that is diverse in identity, belief, background, thought, and experience. Our diversity makes us stronger.
How do we find candidates?
We celebrate diversity at TrustCloud. To joyfully craft a product that is loved by everyone we need a team with all kinds of different perspectives, experiences and backgrounds. That's why we're committed to hiring people from different backgrounds, race, religion, national origin, gender identity, sexual orientation, gender identity, age, disability or veteran status. We understand that applying for a new job takes a lot of work and we really value your time. We are really looking forward to reading your application!