About the Job
Braintrace, one of Utah’s fastest growing technology companies, continues to expand! We are currently interviewing for a Director of Information Security, Risk and Compliance to join our incredibly talented technology team.
This director-level position will report to the Chief Information Security Officer and will be responsible for ensuring the internal Braintrace services are compliant with applicable compliance frameworks, while also assisting clients with their Compliance, Risk and Auditing requirements.
Duties and Responsibilities
- Consult with client leadership to build compliance and risk management best practices for the organization
- Partner with key teams to obtain and review evidence of compliance to support technical SOX, PCI, ISO, COSO and other compliance or audit requirements
- Support the completion of GDPR, SOX, PCI DSS, ISO and NYDFS readiness reviews or attestations for clients
- Manage and communicate key compliance or risk milestones for critical systems and complex processes to stakeholders
- Facilitate interaction between the business, internal and external auditors as needed
- Implement established audit, compliance and risk criteria
- Demonstrate strong knowledge in IT controls, risk assessments, and the design and testing of security measures
- Be a thought-leader in Information Security and align initiatives with business objectives of the company
- Conduct analysis and trending (reports, dashboards, status…etc.) on internal or external progress or events affecting information security
- Work closely with cross-functional teams and develop strong liaison relationships
- Support audit processes, as required
- Participate in special projects/research and prepare management reports
- Use GRC tools and create ISMS
- Ensure all IT policies and procedures are documented and updated according to regulatory standards
- Interface with internal and external requestors as an escalation point and review IT artifacts for completeness and satisfaction for the delivery of quality services regarding important issues/priorities, and deadline-sensitive information
- Engage with technical process owners to understand technical process steps, identify risk, and drive toward a completed documentation that aligns with the IT Governance and Risk Management programs
- Function as the GRC repository system and SharePoint SME and train/support clients with repository system usage, including one-on-one training and drafting training guidelines when necessary
- Define and deliver appropriate IT GRC metrics, analytics, and scorecards for internal and client use
- Develop and maintain risk register and design self-assessments to help identify risks
- Serve as an escalation point to track and follow-up on risk events
- Self-driven. You have amazing organizational skills, integrity, and great follow-through on tasks.
- Dynamic. You are innovative, creative, and constantly looking for ways to deliver superior solutions.
- A Team Player. You like the fact that our people genuinely care about each other, their projects and Braintrace. You go out of your way to educate and support the team efforts. There are brilliant people with great ideas throughout the company and you are one of them.
- Bachelor’s degree
- 5-10 years IT background; experience with information security, risk, compliance and regulatory issues preferred
- 3+ years prior experience supporting a management internal IT control environment
- 5-8 years IT audit, Information Security or Risk experience
- Intermediate knowledge/audit experience of the following: Active Directory, UNIX, Windows, VMWare, SQL, and other enterprise technologies
- Intermediate knowledge of the following technical areas: network security, operating system security, database security, secure system development, identity and access management, physical access controls, backup and critical job execution/monitoring, and information-security policy
- Experience with project management (planning, organizing, and managing resources to bring about the successful completion of specific project goals and objectives)
- Ability to identify problems, analyze data and present conclusions effectively
- Extremely strong verbal, written and presentation skills
- Industry Certifications (CISSP/CISA/CISM/CRISC) preferred
Compensation, Perks & Benefits
We know that talented people are attracted to companies with long-term success, an amazing culture, competitive pay, comprehensive benefits and outstanding career-advancement opportunities. If hired, you can expect:
- Highly competitive salary
- Medical/Dental/Vision benefits
- Tuition reimbursement, 401K, paid time-off
- Paid training, including off-site conferences, certification renewals and tests
- To work in a state-of-the-art Security Operations Center (SOC)
Braintrace does not discriminate in any aspect of employment on the basis of race, color, religion, national origin, ancestry, gender, sexual orientation, gender identity and/or expression, age, veteran status, disability, or any other characteristic protected by federal, state, or local employment discrimination laws where Braintrace does business. All new hires must pass a pre-employment drug test and criminal background check.