Purpose of the Job

As members of 6sense’s Security department, the Governance, Risk and Compliance (GRC) team aligns Security with business objectives while managing risks and meeting industry standards, regulations and contractual obligations. GRC enforces governance, implements risk management strategies, and ensures compliance through operating as the second line of defense.

Responsibilities & Accountabilities

• Execute on milestones for end-to-end GRC initiatives in accordance with the Security roadmap
• Oversee and execute complex control tests, third-party and operational security risk assessments and communicate results across multiple audiences with varying levels of sensitivity
• Develop issue and risk treatment plans with owners and test remediation for closure
• Design high-quality test plans and improve security control test activities through peer reviews that provide feedback and guidance to other GRC Engineers
• Mature security governance, training and awareness programs
• Improve GRC handbook pages, procedures and playbooks and maintain security program controlleddocuments
• Design GRC control automation and implement security GRC related automation tasks
• Flexible working hours that overlap with US Pacific time zone Monday - Thursday

Performance Measurement

• Maintains working knowledge of 6sense’s product, environment, systems and architecture
• Actively prepares for weekly 1:1s with Manager
• Drives remediation of security risks and threats

Educational and Experience Requirements

• 5+ years of experience being part of a Security GRC or similar team
• 5+ years of experience with formal control test documentation (design and operating effectiveness)
• Experience with security tools and cloud environments (e.g., GRC, Vulnerability Scanners, SIEM, SOAR, AWS)
• Experience with industry frameworks, regulations and standards, such as: ISO 27001, SOC 2, GDPR, PCI, SOX, NIST, etc.

Preferred Qualifications

• Big 4 (KPMG, Deloitte, PwC, EY) or similar experience
• Bachelor's degree in a related field
• Relevant industry certifications, such as CISSP, CISM, or GIAC, are highly desirable
• AuditBoard experience
• Adheres to strict deadlines and SLAs
• Participates in creation of milestones associated with major security projects
• Executes on milestones associated with major security projects
• Develops and maintains up to date handbook pages, runbooks, workflows and dashboards
• Provides project status update on weekly basis

Competencies and Behaviors

• Evangelizes security best practices
• Works independently to maintain and improve overall company security posture
• Collaborates with cross-functional teams
• Translates technical requirement into actionable and timebound requests
• Drives projects and tasks to completion by following up on questions, deadlines, and requests for input
• Maintains accuracy of information
• Proactive prioritization and escalation to management
• Strong communication skills, including verbal, written, and presentation skills