InfoSec Governance Risk and Compliance Lead

Job not on LinkedIn

🔥 0 minutes ago

Apply Now

Find Similar Remote Jobs

Receive Emails For Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Upload Resume

UpGuard

WebsiteLinkedInAll Job Openings

51 - 200 employees

Founded 2012

🔒 Cybersecurity

☁️ SaaS

🏢 Enterprise

Cybersecurity • SaaS • Enterprise

UpGuard is a comprehensive third-party risk and attack surface management platform. The company provides solutions for vendor risk management, including features like automated risk assessments, security ratings, and data leak detection. UpGuard's platform integrates AI to enhance security questionnaires and provides real-time alerts, ensuring continuous monitoring and complete visibility of security postures. Its services are utilized by industries such as financial services, technology, and healthcare to secure customer data and streamline trust management process with advanced cybersecurity tools.

📋 Description

• Drive the development, maturity, and execution of UpGuard’s InfoSec Governance, Risk, and Compliance function, with primary ownership over technology and cybersecurity risk. • Partner closely with procurement, legal, and business stakeholders to embed security reviews into the purchasing lifecycle. Lead Third-Party Risk Management (TPRM) evaluations for new and existing vendors. • Review security exhibits, Data Processing Agreements, and security questionnaires during procurement negotiations to safeguard UpGuard and its customers. • Partner with the CISO to contribute expert analysis on broader enterprise and operational risk matters, ensuring a unified approach to risk management. • Architect and run the technology and security components of the Risk Management process. You will maintain, continually improve, and deliver executive-ready reporting on trends, vulnerabilities, and strategic insights. • Formally own the technology and security control components of UpGuard’s annual SOC 2 Type II audit cycle. Design, manage, and coordinate remediations and improvements stemming from prior cycles, incident post-mortems, and internal assessments. • Work cross-functionally with the Product team to develop public-facing trust documentation, while identifying security control gaps and improvement opportunities within the Product Development Life Cycle (PDLC). • Draft, implement, and maintain a robust framework of InfoSec policies, standards, processes, and guidelines tailored to an evolving threat landscape. • Design and implement comprehensive, company-wide security awareness and compliance training programs utilizing the MindTickle platform.

🎯 Requirements

• 4+ years of dedicated experience in Information Security, IT Audit, or GRC within a technical, cloud-based landscape. • Deep familiarity and hands-on experience with modern technology risk management frameworks, GRC platforms, and Third-Party Risk Management (TPRM) tools. • Experience partnering with procurement, legal, and privacy teams across diverse geographic areas (e.g., GDPR/CCPA, anti-corruption) to review vendor contracts, technical agreements, and security exhibits. • A clear, collaborative communicator capable of translating complex technical risks into clear business impacts for stakeholders, customers, and vendors. • The ability to work independently, take swift initiative, and manage the fine details while never losing sight of long-term strategic goals. • A skillful issue-spotter and adaptive learner who can confidently navigate ambiguity and evaluate legal/business risk trade-offs. • High ethical standards, meticulous attention to detail, a team-first attitude, and a dual passion for teaching and learning.

🏖️ Benefits

• Monthly Lifestyle subsidy: Use this for financial, physical, and mental well-being • WFH set-up allowance: To ensure you have the right environment to work in, we will help you get set up within your first 3 months at UpGuard • $1500 USD annual Learning & Development allowance: To support your career development, all team members will be able to expense development opportunities against this allowance • Annual leave: PTO plus two additional UpGuardian leave days to give you time to recharge your batteries. • 18 weeks paid Parental Leave: Irrespective of parenting role • Personal Leave Allowance: This includes sick & carer’s leave • Fully remote working environment: While we have physical offices in Sydney & Hobart, we do not mandate compulsory attendance • Top-spec hardware: All team members will be provided with top-spec laptops for their role • Generative AI subsidy: UpGuard provides paid subscriptions for all team members to access generative AI tools to support their work