The Role

Do you have a passion for SaaS and cloud security? Are you passionate about solving important security, privacy and compliance problems for a rapidly growing cloud company? We at Outreach.io need a well-organized governance, risk, and compliance security professional to help mature, own and manage these foundational programs. We are looking for a capable security professional to manage the successful completion of our audits, assess our security risks and improve the efficiency of our security controls. This role blends project management skills together with traditional compliance expertise and a solid information security background together in order to successfully plan for and drive forward these programs. 

You will be responsible for operating our GRC program and maintaining our existing ISO 27001 and SOC 2 security accreditations. Our company is growing fast and this role will grow with it. You will collaborate with others across the company to identify and remediate risks, pass our audits, and improve the overall security posture across the company. You will be working with senior management, technical leaders and engineers, our external auditors and our customers as well.

Your Daily Adventures Will Include

• Leading the Outreach Information Security Management System (ISMS) governance, risk and compliance activities
• Evolving and expanding our GRC strategy to keep pace with Outreach’s rapid growth while reducing audit impact on operational and engineering teams
• Developing and evolving information security policy and helping educate teams of their responsibilities and obligations
• Translating key internal, industry and regulatory obligations including the ISO 27001 and SOC 2 into appropriate administrative and technical controls available to control owners
• Working with control owners to ensure effective and efficient control monitoring, as well as appropriate visibility of control activity
• Reviewing the operating effectiveness of current controls and developing a program of continual optimization based on feedback from both the ISMS and operational teams
• Extending the control framework to leverage commonalities between multiple assessments and improve the overall efficiency of the Outreach audit program
• Leading internal teams through the preparation for and successful completion of a variety of key industry and regulatory audits from audit readiness through final assessment including remediation activities
• Coordinating key internal, industry and regulatory audits including ISO 27001, SOC 2, TRUSTe, and others
• Ensuring all in-scope functions and teams are prepared for audits
• Managing auditor relationships
• Incorporating audit findings and recommendations into Information Security Management System (ISMS) and Control Framework programs
• Training and communicating responsibilities to control performers including the mapping, review and feedback of controls to specific audit requirements
• Reviewing audit evidence and any findings to assess and improve control effectiveness
• Working with Outreach management teams and engineers to identify and capture security risks and collaborate with risk owners to identify and put effective mitigations and remediations into place
• Organizing and presenting security risks to appropriate teams and managing risk treatment plans from creation through implementation
• Ensuring cross company support of all aspects of security by establishing partnerships with other Outreach teams with the overarching goal of improving trust of Outreach and its products

Basic Qualifications

• A minimum of 5 years of experience in the technical interpretation and practical application of an information security program specifically in governance, risk, and compliance
• Extensive information security auditing and compliance experience
• Thorough understanding of the latest regulatory requirements and associated security principles
• Experience authoring and management of information security policies and standards
• Experience managing a security risk program including the collection and identification of security risks and associated risk treatment plans
• Strong project management experience
• Direct experience interpreting industry and regulatory security requirements and authoring supporting controls
• Direct experience with security compliance regulatory frameworks - including ISO 27001, SOC2 and relevant security requirements.
• Strong process and procedure ownership experience for system audits
• Experience in establishing and maintaining compliance in AWS environments
• Ability to analyze problems and make appropriate decisions quickly
• Have a history of successful cross-organizational efforts
• Ability to drive complex programs and solutions using both direct and virtual teams
• Experience managing multiple external vendors across broad and complex work engagements
• Experience driving the development of GRC program strategies, performance metrics, and articulating the business value and costs
• Ability to work flexibly and independently to achieve results within the dynamic Outreach culture
• Excellent interpersonal and management skills
• Strong written and verbal communication skills
• Problem-solving skills and ability to work under pressure

Why You’ll Love It Here

• 100% medical, dental, and vision coverage for full-time employees

• Unlimited PTO (and people actually use it!)

• 401k to help you save for the future

• Company-organized and personal paid volunteer days to support the community that supports us

• Fun company and team outings because we play just as hard as we work

• Diversity and inclusion programs that promote employee resource groups like OWN (Outreach Women's Network)

• A parental leave program that includes not just extended time off but options for a paid night nurse, food delivery, gradual return to work, and the Gottman Institute's Bringing Home Baby course for new parents

• Employee referral bonuses to encourage the addition of great new people to the team

• Plus, unlimited snacks and beverages in our kitchen