Technical Program Manager, Governance, Risk & Compliance

Spotnana is seeking a Technical Program Manager to join our global Security & Trust team and lead our GRC efforts. The Security & Trust team is responsible for ensuring the security of our SaaS platform and overall enterprise. Reporting to the Director of Security Engineering, our ideal candidate will be a technical leader who can own all GRC processes. This leader will have the opportunity to build on and scale our existing GRC program, partnering with internal and external stakeholders to understand business requirements and setting the strategy, direction, and execution approach to meet these requirements.

• Lead Spotnana’s GRC program, including development of the GRC strategy and hands-on design and configuration of relevant systems, programs, and tools
• Define the scope, objectives, and key performance indicators (KPIs) for the GRC program and track and measure performance against these KPIs to report progress to stakeholders
• Collaborate with Product, Engineering, Operations, Legal, and others to ensure security of our products, services, and corporate environment
• Prepare and deliver penetration testing assessment for the enterprise
• Maintain enterprise compliance to major regulations and standards (PCI, SOC2, ISO 27001) through assessment and management of remediation of controls
• Implement processes to continuous monitor information security controls, risks, testing, and exceptions
• Work with external customers to complete security questionnaires and assessments, collect and share relevant proof of compliance and security certifications, and answer GRC and security questions regarding the product in the course of customer sales cycles and deployments
• Collaborate with senior executives, department heads, and external partners to communicate GRC strategies and drive program success
• Design and implement governance frameworks to ensure effective oversight of risk management and compliance activities
• Create, review, and maintain GRC policies, procedures, and standards to ensure Spotnana can meet legal, regulatory, and internal requirements
• Create and oversee risk management plans and strategy to mitigate identified risks
• Conduct internal audits to assess compliance with policies, regulations, and standards and address audit findings
• Develop training programs to educate employees on GRC topics and make sure they understand GRC requirements
• Lead the response to compliance or risk incidents including investigation, documentation, and resolution
• Prepare documentation and clearly communicate with external auditors and regulatory bodies to successfully complete required audits

• Significant technical depth and experience managing a global GRC program for a SaaS provider
• Proven experience with control frameworks such as ISO 2700x, PCI DSS, SOC2, HiTrust, HIPAA, NIST, and privacy law
• Demonstrated ability to develop and manage security policies, standards, guidelines and procedures
• Demonstrated experience driving information security audits and risk based decisions supporting business owner expectations and needs
• In-depth knowledge of GRC component parts and inter-relationships between risks, controls, issues, actions and incidents
• Experience managing multiple complex and large-scale projects, delivering to established timeframes
• Hands on experience driving security awareness programs and content

Spotnana strives to offer fair, industry-competitive and equitable compensation. Our approach holistically assesses total compensation, including cash, company equity and comprehensive benefits. Our market-based compensation approach uses data from trusted third party compensation sources to set salary ranges that are thoughtful and consistent with the role, industry, company size, and internal equity of our team. Each employee is paid within the minimum and maximum of their position’s compensation range based on their skills, experience, qualifications, and other job-related specifications. 

The annual cash compensation for this role is:

We care for the people who make everything possible - our benefits offerings include:

• Equity in the form of stock options which provides partial ownership in the company so you can share in the success of the company as it grows
• Pre-tax and ROTH 401(k) options via Fidelity with up to a 4% company match
• Comprehensive benefit plans covering medical, dental, vision, life, and disability effective on your hire date. We cover 100% of your employee premiums and 85% of your eligible dependents
• Pre-tax flexible spending account options for health, dependent care and commuter expenses
• 20 vacation days per year in additional to 10 company holidays, 4 company recharge/wellness days and an end of year company shutdown
• Up to 26 weeks of Parental Leave
• Monthly cell phone / internet stipend
• Additional benefits including access to RocketLawyer’s online legal platform, International Airlines Travel Agent Network (IATAN) membership, Pet Insurance through Fetch, Financial Wellness through Origin and SoFi, EAP through Mutual of Omaha, The Calm app through Kaiser, pre-tax parking/transit program and more