Overview

The GRC team is seeking forward thinking, creative, technical, and talented IT compliance and security risk professionals with a strong background in regulatory controls requirements, process improvement, controls implementation, and security risk analysis.

RESPONSIBILITIES:

  • Evaluate, develop, manage and maintain ITGC policies, procedures, and controls for Squarespace systems (internally developed and vendor provided).
  • Actively work with stakeholders across the business (Finance, Accounting, Internal Controls, Engineering, etc.) to identify, document, and track remediation of ITGC and security control gaps.
  • Conduct periodic self-assessments of Squarespace’s adherence to internal policies, compliance reporting objectives and industry best practices.
  • Work closely with the Squarespace Internal Controls team and external auditors.
  • Communicate policy and procedure requirements to stakeholders.
  • Leverage knowledge of published risk and control frameworks (ISO, NIST, CIS, SOC, etc.) to develop a customized security risk and control framework for Squarespace based on the company’s risk profile.
  • Conduct security risk assessments across the organization, rank security risks, articulate risk in terms of business impact, and suggest reasonable strategies to mitigate risks.
  • Work closely with Squarespace Security Engineering teams to automate control processes and integrate the process side of security with the technical side of security.
  • Apply technical knowledge of Linux and access control by configuring and managing auditd access monitoring and accounting rules
  • Formally document and develop security policies (outside the scope of ITGC policies) and procedures.
  • Conduct vendor security risk assessments, provide risk based recommendations to the organization, and evaluate the company third party risk posture.
  • Grow and establish the GRC group within Squarespace and contribute to the GRC community through participation in conferences and sharing knowledge and approaches developed through our work at Squarespace.
  • Actively track project status and proactively communicate road blocks.

QUALIFICATIONS:

  • 5+ years relevant experience in an IT audit/compliance/risk management role
  • Experience with IT controls implementation in the context of SOX and SOC 2/3
  • Data analytics background utilizing NoSQL, SQL, and/or Python is strongly preferred
  • Experience working in a full Linux environment, Git, and CI/CD
  • Self-motivated and capable of coaching/mentoring staff as the team grows in size
  • PCI controls implementation, SAQ, and RoC experience is a plus
  • Experience with identifying, tracking, reporting and remediating IT procedural and technical risk
  • Working knowledge of web based technologies and cloud environments is desired to achieve success in this role
  • Big-4 is preferred
  • CISA and/or CRISC certification is strongly preferred

To apply for this job please visit www.squarespace.com.


You can apply to this job and others using your online resume. Click the link below to submit your online resume and email your application to this employer.