Security Compliance Strategist
As a Security Compliance Strategist you are in a leadership position within the Engineering organization – to partner with Engineering, Product Management, Technical Operations, IT, Internal Audit & Customer Experience teams to build and deliver key projects and programs. You will be the point person for clarifying strategic level goals, and outlining the execution plans to achieve them. Employing both a strategic focus, as well as a tactical approach is a must in this role. You will play a critical role in the delivery of a wide range of initiatives – from small, quick wins, to lengthy and complex compliance programs. The ideal candidate will have strong program / project management experience in a SaaS/mobile and agile environment.
Key Responsibilities
- Manage compliance projects across multiple teams, including operations, IT, IA and development
- Perform internal security compliance audit activities
- Perform external vendor security assessments
- Respond to sales security questionnaires and enable the business
- Advise internal business stakeholders on risk and compliance requirements and work in cross-functional partnership to help ensure those requirements are met
- Clearly explain our security compliance program to third parties, including customers and vendors
- Develop and produce security and compliance reporting that are meaningful and actionable for both technical/engineering and executive management audiences
- Develop and submit audit and compliance reports to governing bodies, legal entities, and/or external authorities
- Interpret applicable local and federal information technology laws and its impact on Grab's business
- Structure and kick-off continuous and/or time-bound programs within the Engineering organization by clarifying priorities, enabling the execution of deliverables, defining process flows, and providing continuous transparency
- Lead engineering initiatives to obtain industry compliance certifications
- Take a hands-on approach and partner with engineering team leads and managers to implement and adopt processes and procedures in accordance with compliance standards
- Lead the introduction of new processes / workflows, by creating and bringing proposed solutions to the teams. Work collaboratively to roll-out iteratively
- Build and maintain alignment across multiple teams for keeping a focus on execution, continuous improvement, and operational excellence
Desired Skills, Experience & Qualifications
- 5-10 years of experience in an equivalent risk and technology compliance related role
- Familiar with industry compliance standards as they relate to Software as a Service, such as SOC 1, SOC 2, PCI DSS, ISO 27001, ISO 27018
- Hands-on and proactive approach to unblock progress, introduce efficiencies, and provide workflow solutions
- Solid knowledge and understanding of security controls across all security domains such as access management, encryption methods, vulnerability management, network security, etc.
- Anticipate and mitigate risks – by having close involvement with teams’ goals and challenges, applying past experience, and keeping in mind the big picture
- Familiarity with Cloud Computing and Software as a Service
- Keen attention to detail and accuracy
