What you will be doing:
- Conduct enterprise-wide risk analysis in collaboration with compliance and security teams, identifying strengths and weaknesses in security programs.
- Maintain oversight of GRC-related platform usage and administration, ensuring adherence to privacy, security, and compliance frameworks.
- Monitor third parties, vendors, and business partners to mitigate external risks, escalating issues to security management and business leads.
- Analyze findings and recommend security improvement initiatives that balance risk with operational efficiency and innovation, reporting gaps to security leadership.
- Stay informed about security changes affecting regulatory compliance and industry best practices, applying GRC expertise to key business areas.
- Define and track qualitative and quantitative metrics for assessing security program effectiveness, providing regular reports to security and business leaders.
- Ensure up-to-date configuration documentation and oversight of security systems and processes to minimize enterprise risk, participating in incident response activities as needed.
- Collaborate with security, audit, and risk management leaders to conduct ongoing program assessments and develop strategic technology and budget plans, serving as a liaison with auditors and overseeing disaster recovery and business continuity efforts.
What you should have:
- Bachelor’s degree in computer science, information assurance, MIS or related field, or equivalent industry experience.
- At least 5+ years’ experience in cybersecurity as a practitioner and 2 to 3+ years' exposure to various security frameworks.
- Strong business acumen and security technology skills for well-rounded proficiency and proven ability to align with security practices and compliance responsibilities.
- Experience and understanding of various regulatory requirements and laws, including but not limited to PCI, SOX, HIPAA, GDPR, and GLBA. Additional experience in one or more of the following: ISO 27001/2, ITIL, or NIST.
- Exceptional written and verbal communication skills and a proven ability to translate security and risk to all levels of the business.
- The capacity to understand legacy and progressive technology, security controls, and respective risks. Working knowledge of technologies such as cloud computing, DevOps, and application security is required.
- Up-to-date understanding of a wide range of incident response, system configuration, vulnerability management, and hardening guidelines.
- Track record of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating effectively.
- Holds, or is working toward, one or more of the following: CISSP, CRISC, CGEIT, or GRCP.
What we hope you have:
- Prior team leadership experience preferred.
- Preferred experience with cloud environments such as Amazon Web Services (AWS) and Microsoft Azure.
- Prior experience with leading GRC systems from vendors such as Vanta, RSA, MetricStream, and IBM.
- Demonstrated problem-solving capabilities and ability to manage complex local and international security requirements.
- Self-motivated, directed, and well-organized, with the vision to position controls in anticipation of threats.
- Successful track record of managing external entities’ contracts and relationships and mitigating risks to business development opportunities.
- Familiarity with state, federal, and international privacy laws.
- Highly trustworthy; leads by example.
Benefits:
- Open and transparent culture
- Life insurance, long and short-term disability coverage
- Paid maternity and paternity leave
- Fertility Benefits
- Generous vacation time, plus three 4-day summer holiday weekends
- Excellent medical, dental, and vision benefits
- 401k Plan with competitive company matching
- Bi-annual swag drops with cool Podium gear and apparel
- A stellar HQ (Utah) gym with local professional coaches and classes offered
- Onsite HQ (Utah) child care center, subsidized for employees
- Additional benefits for fully remote employees
Podium is an equal opportunity employer. Podium provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, gender, national origin, sexual orientation, gender identity or expression, age, disability, genetic information, marital status or veteran status.