Program Manager, GRC - SOX at Outreach

| Seattle
Sorry, this job was removed at 11:06 a.m. (PST) on Tuesday, September 14, 2021
Find out who's hiring in Seattle.
See all Project Mgmt jobs in Seattle
Do you have a passion for SaaS and cloud security? Are you passionate about solving important security, privacy and compliance problems for a rapidly growing cloud company? We at Outreach.io need a well-organized governance, risk, and compliance security professional to help operate and mature these foundational programs. We are looking for a capable security professional to manage the successful completion of our audits, assess our security risks and improve the efficiency of our security controls. This role blends project management skills together with traditional compliance expertise and a solid information security background together in order to successfully plan for and drive forward these programs.

You will be responsible for helping maintain existing and achieve new accreditations such as ISO 27001, SOX, HIPAA, and SOC 2. Our company is growing fast and this role will grow with it. You will collaborate with others across the company to identify and remediate risks, pass our audits, and improve the overall security posture across the company. You will be working with senior management, technical leaders and engineers, our external auditors and our customers as well.

  • Helping drive the Outreach Information Security Management System (ISMS), governance, risk and compliance activities.
  • Contributing to our GRC strategy to keep pace with Outreach’s rapid growth while reducing audit impact on operational and engineering teams.
  • Developing and evolving information security policy and helping educate teams of their responsibilities and obligations.
  • Translating key internal, industry and regulatory obligations including the ISO 27001 and SOC 2 into appropriate administrative and technical controls available to control owners.
  • Working with control owners to ensure effective and efficient control monitoring, as well as appropriate visibility of control activity.
  • Reviewing the operating effectiveness of current controls and developing a program of continual optimization based on feedback from both the ISMS and operational teams.
  • Extending the control framework to leverage commonalities between multiple assessments and improve the overall efficiency of the Outreach audit program.
  • Leading internal teams through the preparation for and successful completion of a variety of key industry and regulatory audits from audit readiness through final assessment including remediation activities.
  • Coordinating key internal, industry and regulatory audits including ISO 27001, SOC 2,TRUSTe, and others.
  • Ensuring all in-scope functions and teams are prepared for audits
  • Managing auditor relationships.
  • Incorporating audit findings and recommendations into Information Security
  • Management System (ISMS) and Control Framework programs.
  • Training and communicating responsibilities to control performers including the mapping, review and feedback of controls to specific audit requirements.
  • Reviewing audit evidence and any findings to assess and improve control effectiveness.
  • Working with Outreach management teams and engineers to identify and capture security risks and collaborate with risk owners to identify effective mitigations and remediations into place.
  • Organizing and presenting security risks to appropriate teams and managing risk treatment plans from creation through implementation.
  • Ensuring cross company support of all aspects of security by establishing partnerships with other Outreach teams with the overarching goal of improving trust of Outreach and its products.

Basic Qualifications

  • 4+ years of building and managing compliance programs including risk management, policy definition, and control design.
  • Bachelor’s degree.
  • Hands-on experience managing external auditors and on-site audits including proven experience passing ISO 27001, SOX, HIPAA or SOC 2 Type II audits.
  • Experience in establishing and maintaining compliance in AWS and cloud environments.
  • Technical familiarity with network, database and application security.
  • Thorough understanding of the latest regulatory requirements and associated security principles.
  • Familiarity with web related technologies (Web applications, Web Services, Service
  • Oriented Architectures) and of network/web related protocols.
  • Problem solving skills and ability to work under pressure.

Preferred Qualifications

  • A minimum of 4 years of experience in the technical interpretation and practical application of an information security program specifically in governance, risk, and compliance.
  • Extensive information security auditing and compliance experience.
  • Experience authoring and management of information security policies and standards.
  • Experience managing a security risk program including the collection and identification of security risks and associated risk treatment plans.
  • Strong project management experience.
  • Direct experience interpreting industry and regulatory security requirements and authoring supporting controls.
  • Direct experience with regulatory frameworks - including ISO 27001, SOX IT General Controls, HIPAA, or SOC2.
  • Have a history of successful cross-organizational efforts.
  • Ability to analyze problems and make appropriate decisions quickly.
  • Ability to drive large, complex programs and solutions.
  • Experience managing multiple external vendors across broad and complex work engagements.
  • Experience driving the development of GRC program strategies, performance metrics, and articulating the business value and costs.
  • Excellent interpersonal and management skills.
  • Strong written and verbal communication skills.
  • Ability to work flexibly and independently to achieve results within the dynamic Outreach culture.
  • Ability to maintain extreme confidentiality.

Why You’ll Love It Here

• Generous medical, dental, and vision coverage for full-time employees and their dependents
• Flexible time off
• 401k to help you save for the future
• Company-organized and personal paid volunteer days to support the community that supports us
• Fun company and team outings (or virtual events these days!) because we play just as hard as we work
• Diversity and inclusion programs that promote employee resource groups like OWN (Outreach Women's Network), AAPI, Rainbow (LGBTQIA+), Gender+, LatinX, Black Excellence, Disability Community, and Veterans
• A parental leave program that includes not just extended time off but options for a paid night nurse, food delivery, gradual return to work, and the Gottman Institute's Bringing Home Baby course for new parents
• Employee referral bonuses to encourage the addition of great new people to the team
• Plus, unlimited snacks and beverages in our kitchen (once we're back in the office, that is!)
• We’re an equal opportunity employer. All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status

Read Full Job Description
Apply now
By clicking continue you agree to Built In’s Privacy Policy and Terms of Use.

Technology we use

  • Engineering
    • GolangLanguages
    • JavascriptLanguages
    • PythonLanguages
    • RubyLanguages
    • Elixir Languages
    • ReactLibraries
    • ReduxLibraries
    • HadoopFrameworks
    • Node.jsFrameworks
    • Ruby on RailsFrameworks
    • SparkFrameworks
    • MySQLDatabases
    • RedisDatabases

Location

Our Lower Queen Anne office is located along the beautiful Elliott Bay waterfront north of Belltown, near Myrtle Edwards Park.

What are Outreach Perks + Benefits

Outreach Benefits Overview

At Outreach, we believe in taking care of our employees as whole people, and our benefits and perks reflect that value. We offer benefits and perks such as flexible time off, a 401k to help save for the future, employee resource groups, and Diversity, Equity, and Inclusion trainings. Our wellness benefits include a generous medical, dental, and vision package for full-time employees and their dependents, access to our EAP (Employee Assistance Program), mental health supports, and FSA and DCFSA options. For new parents, we offer a parental leave program that includes not just extended time off but options for a paid night nurse, food delivery, gradual return to work, and the Gottman Institute's Bringing Home Baby course.

Culture
Volunteer in local community
Outreach organizes quarterly events for employees to volunteer together in the community. We also offer paid time off for volunteer days.
Friends outside of work
Eat lunch together
Intracompany committees
Daily sync
Open door policy
Team owned deliverables
Team based strategic planning
Group brainstorming sessions
Pair programming
Open office floor plan
Diversity
Highly diverse management team
Outreach's leadership team is highly diverse, reflects our commitment to diversity and inclusion, and is focused on continuous improvement of our DEI initiatives.
Unconscious bias training
We offer DEI trainings to help facilitate understanding of issues surrounding equity and inclusion, including unconscious bias.
Diversity manifesto
Mean gender pay gap below 10%
Diversity Employee Resource Groups
Employee Resource Groups such as Outreach Womxn's Network (OWN) and others that exist to support employees from underrepresented populations are supported from the top down at Outreach.
Hiring Practices that Promote Diversity
Outreach provides training to encourage diverse hiring and the Recruiting Team is constantly searching for innovative ways to reach a diverse population of candidates.
Health Insurance & Wellness Benefits
Flexible Spending Account (FSA)
Disability Insurance
Dental Benefits
Vision Benefits
Health Insurance Benefits
Life Insurance
All employees receive a basic life insurance plan at the $100,000 level. Employees can elect voluntary life insurance if they would like additional coverage beyond the $100,000 level.
Wellness Programs
Outreach's EAP (Employee Assistance Program) offers free, confidential counseling, 24-hour crisis telephone counseling, addiction support, etc.
Mental Health Benefits
Retirement & Stock Options Benefits
401(K)
Company Equity
Performance Bonus
Child Care & Parental Leave Benefits
Generous Parental Leave
Flexible Work Schedule
Outreach provides flexible start and end times, as well as flexible Friday schedules.
Family Medical Leave
Return-to-work program post parental leave
Vacation & Time Off Benefits
Unlimited Vacation Policy
Generous PTO
Outreach offers unlimited PTO.
Paid Volunteer Time
Paid Holidays
Paid Sick Days
Outreach offers unlimited PTO.
Perks & Discounts
Beer on Tap
Casual Dress
Commuter Benefits
Company Outings
Stocked Kitchen
Some Meals Provided
Happy Hours
Parking
Pet Friendly
Relocation Assistance
Professional Development Benefits
Job Training & Conferences
Diversity Program
Lunch and learns
Cross functional training encouraged
Promote from within
More Jobs at Outreach94 open jobs
All Jobs
Finance
Data + Analytics
Design + UX
Dev + Engineer
Legal
Marketing
Operations
Product
Project Mgmt
Sales
Content
Data + Analytics
new
Seattle
Operations
new
Seattle
Operations
new
Seattle
Developer
new
Seattle
Operations
new
Seattle
Finance
new
Seattle
Sales
new
Seattle
Operations
new
Seattle
Sales
new
Seattle
Data + Analytics
new
Seattle
Operations
new
Seattle
Marketing
new
Seattle
Project Mgmt
new
Seattle
Sales
new
Seattle
Operations
new
Seattle
Content
new
Seattle
Operations
new
Seattle
Operations
new
Seattle
Operations
new
Seattle
Data + Analytics
new
Seattle
Sales
new
Seattle
Developer
new
Seattle
Sales
new
Seattle
Marketing
new
Seattle
Developer
new
Seattle
Operations
new
Seattle
Marketing
new
Seattle
Design + UX
new
Seattle
Data + Analytics
new
Seattle
Data + Analytics
new
Seattle
Data + Analytics
new
Seattle
Finance
new
Seattle