Red Ventures has an immediate opening for a business first strategic thinking leader to join our Governance, Risk, and Compliance program.
Red Ventures is on a mission to earn customer trust daily and enable unlimited innovation by relentlessly protecting against data and resiliency threats within our corporate, data center and cloud environments, and this role is critical to envisioning and building the future of risk and compliance in a data-driven business and world.
The Director of Governance, Risk & Compliance (GRC) is expected to have broad practical implementation knowledge of various security, privacy, business continuity and compliance frameworks, and can see themselves leading the charge with our business on the value creation opportunity of a strong GRC program; but, not with a compliance stick. Our group values strong cross-team communication & collaboration, the ability to network and integrate across the Red Ventures eco-system to inject value into the company at large, and create meaningful lasting relationships with our business partners, stakeholders, and executive leaders. As our Director or GRC, you will have broad latitude to work independently, as well as, frequent opportunities to coordinate and interact with a broad group of bright and energetic people throughout the company.
- Establish and maintain the IT Security Program at Red Ventures
- Define current and future GRC capabilities necessary to have strong data protection oversight and mechanisms to showcase those capabilities, enable sales and future-proof the business (ex: ISO27001, SOC1/SOC2/SSAE16, GDPR, etc.)
- Envision “what can be”, define a roadmap to get there, and operationalize the vision execution
- Prepare impact/risk analysis for management assessment of implementation impacts of security control, initiative and policy recommendations to business requirements
- Become the lead person to track Red Ventures’ compliance with various partner contracts and requirements.
- Understand the business, design and execute audit programs, execute testing, analyze findings, report writing and presentation to the business, as well as participating in corrective action planning, and tracking issues through remediation with business and technology owners
- Document and assess the design and operating effectiveness of controls and processes to meet established business objectives and security concerns in the IT and network groups across the business
- Facilitate meetings with business and technology stakeholders to discuss and understand processes and conduct risk assessments to identify and understand the business and related IT Risks, internal controls which mitigate these risks, and related opportunities for internal control improvement
- Have Fun
Desired Qualifications, Skills and Experience:
- 8+ years of current or former hands-on IT experience in IT security, operations, development or similar disciplines as a foundational basis
- 4+ years working with and strong familiarity with one or more IT Standards such as SSAE SOC2, ISO 27001, PCI, HIPAA/HITECH, NIST, CSA/CCM and similar.
- Ability to understand information security and network risks, with strong technical background and knowledge of Information Technology and security, including Linux, Windows and networking.
- Working experience (or strong knowledge) of Cloud environments and DevOps security compliance.
- Have proven and excellent verbal and written communication skills. E.g., you can talk to normal people about IT in a way they can understand. You also need to be concise and clear when creating documents and responding to requirements.
- Ability to manage multiple tasks and responsibilities, work alone or in small teams, achieve established goals and objectives, and communicate progress in a timely and meaningful manner.
- Ability to understand information security and network risks, with strong technical background and knowledge of Information Technology and security, including Linux, Windows and networking environments
- Experience working in an international environment
- Experience in Internal or External Audit in the IT Risk and Compliance space
About Red Ventures:
Red Ventures is a leading digital consumer choice platform based in Charlotte, North Carolina. Through deeply integrated brand partnerships and consumer-facing assets, Red Ventures connects online customers with products and services across high-growth industries including home services, financial services, and healthcare. Founded in 2000, Red Ventures has more than 2,700 employees in offices across the Carolinas, Seattle, Washington, and Sao Paulo, Brazil.