GRC Manager

About Us:

Obsidian Security was founded in 2017 to solve the unaddressed blindspot of SaaS Security. SaaS applications provide the tools employees need to succeed and hold the business' most critical information. If those tools become unavailable or that data is jeopardized, there is a detrimental impact on the organization.

Obsidian proudly offers the industry's most comprehensive and powerful SaaS defense solution. We are committed to solving the challenge of SaaS Security for our customers as efficiently and effectively as possible.

We're a passionate team optimizing for impact by solving some of the biggest challenges in cybersecurity today. We listen closely to our customers, iterate quickly, and (over) deliver to delight them. Working at Obsidian means contributing to an industry-leading cybersecurity product in an environment where customer satisfaction, privacy, and data ethics are paramount.

Job description

Obsidian is the leader in comprehensive SaaS security. Come join an exciting and hyper-growth company with great leadership, incredible employee benefits, and a culture of empowerment and exploration. We're a passionate team going for a huge impact by solving some of the biggest challenges in cybersecurity today. We listen closely to our customers, iterate quickly, and (over) deliver to delight them. We care about giving people an opportunity to do meaningful, rewarding work.

The GRC Manager reports to the CISO and is responsible for managing, administering, optimizing, and maturing Obsidian's Governance, Risk, and Compliance Program. The GRC Manager works closely with Information Security, Information Technology, Engineering, DevOps, HR, Finance, Data Science, and Privacy to support company Governance, Risk Management, and Compliance requirements. In addition, the GRC Manager facilitates and tracks company compliance obligations, coordinates internal and external audits, and manages the company risk register, master controls register, compliance automation platform, and dashboards.

Candidates applying for this sensitive and high-impact role should be experienced GRC professionals and highly organized, self-motivated, resilient team players with experience in security and privacy compliance frameworks such as SOC 2, ISO 27001, ISO 27701, GDPR, etc., implementing security and privacy compliance controls, policies, and procedures, and working with diverse stakeholder groups to navigate internal and external compliance activities and audits in an organization with a cybersecurity mission and modern tech stack. This is a multi-faceted role within a fast-moving startup and will require the successful candidate to possess an ownership mentality, sound judgment, personal responsibility, discipline, and initiative.

In this role, you will manage and administer the company's overall Governance, Risk Management, and Compliance mission and help drive alignment, maturity, capacity, and optimization where needed. This is a strategic and high-impact role.

Your Responsibilities Will Include

• Ensuring Obsidian maintains compliance with its GRC requirements and commitments
  • Manage, monitor, and track Obsidian GRC requirements for both internal and external obligations
  • Maintain the Obsidian master controls register and ensure that compliance framework controls are mapped, accurate, and up-to-date
  • Manage and maintain the Obsidian master risk register and ensure that inputs from throughout the organization are appropriately documented, assessed, and managed to resolution

• Leading and coordinating Obsidian compliance activities
  • Table-top exercises
  • Internal and external audits
  • Risk assessments
  • Monitoring of required compliance training
  • Organize and facilitate internal and external compliance activities such as
  • Ability to work with teams throughout the organization to collect and catalog required evidence for internal and external audits
  • Ability to work with vendors and other third parties to support GRC activities

• Providing governance support and oversight to help the organization manage risk
  • Designing, optimizing, and implementing governance controls, policies, and procedures to meet requirements while enabling the organization to achieve tactical and strategic goals efficiently
  • Monitoring, development, and administration of Obsidian GRC tooling, reporting, documentation, and dashboards
  • Ability to consistently drive adherence to and improvement in organizational compliance requirements, controls, and policies
    
    

What We're Looking For

• A person who is excited about working at a cybersecurity startup company
• A proven track record of successfully leading GRC programs and teams
• Excellent understanding of and experience in multiple compliance frameworks such as SOC 2, ISO 27001, ISO 27701, SSPA, FedRAMP, GDPR, HIPAA, etc.
• Passionate about security, privacy, and compliance while doing everything possible to support the overall mission
• Experience administering and configuring GRC or similar security and risk management tooling and automation
• Experience coordinating company-wide projects with cross-functional teams
• Experience in conducting, or participating in compliance audits and risk assessments
• Experience with modern IT systems such as Google Workspace, Microsoft 365, Slack
• Experience creating documentation, analytic dashboards, and reporting
• Experience designing, implementing, and optimizing security, privacy, or risk management controls

What We Can Do For You

• Be part of a team-first, low-ego, mission-focused culture
• Provide opportunities for professional development
• Provide opportunities to make high-impact contributions to security, privacy, and compliance
• Influence Obsidian product development
• Annual conference attendance budget
• Competitive salary, equity, and health benefits
• Opportunity to publish thought leadership content and develop your public brand
• Reserve your seat on our rocket ship We are funded by Greylock Partners, Google Ventures, Menlo Ventures, WingVC, Norwest Venture Partners, and are growing fast

Employee Benefits:

Our competitive benefits packages are designed to support our employees' well-being, both at work and at home.

• Competitive compensation with equity and 401k
• Comprehensive healthcare with dental and vision coverage
• Flexible paid time off and paid holiday time off
• 12 weeks of new parent or family leave
• Personal and professional development resources
• Compensation range $150k-175k

Please note that the base pay range is a guideline and for candidates who receive an offer, the base pay will vary based on factors such as work location, as well as the knowledge, skills and experience of the candidate. In addition to a competitive base salary, this position is also eligible for equity awards [and incentive compensation] based on factors such as experience, skills, and location.

At Obsidian, we are proud to be an equal-opportunity employer. We value diversity and hire for talent, passion, and compassion. In compliance with federal law, all persons hired will be required to submit satisfactory proof of identity and legal authorization.