The GRC team is seeking forward thinking, creative, technical, and talented IT compliance and security risk professionals with a strong background in regulatory controls requirements, process improvement, controls implementation, and security risk analysis.
- Evaluate, develop, manage and maintain ITGC policies, procedures, and controls for Squarespace systems (internally developed and vendor provided).
- Actively work with stakeholders across the business (Finance, Accounting, Internal Controls, Engineering, etc.) to identify, document, and track remediation of ITGC and security control gaps.
- Conduct periodic self-assessments of Squarespace’s adherence to internal policies, compliance reporting objectives and industry best practices.
- Work closely with the Squarespace Internal Controls team and external auditors.
- Communicate policy and procedure requirements to stakeholders.
- Leverage knowledge of published risk and control frameworks (ISO, NIST, CIS, SOC, etc.) to develop a customized security risk and control framework for Squarespace based on the company’s risk profile.
- Conduct security risk assessments across the organization, rank security risks, articulate risk in terms of business impact, and suggest reasonable strategies to mitigate risks.
- Work closely with Squarespace Security Engineering teams to automate control processes and integrate the process side of security with the technical side of security.
- Apply technical knowledge of Linux and access control by configuring and managing auditd access monitoring and accounting rules
- Formally document and develop security policies (outside the scope of ITGC policies) and procedures.
- Conduct vendor security risk assessments, provide risk based recommendations to the organization, and evaluate the company third party risk posture.
- Grow and establish the GRC group within Squarespace and contribute to the GRC community through participation in conferences and sharing knowledge and approaches developed through our work at Squarespace.
- Actively track project status and proactively communicate road blocks.
- 5+ years relevant experience in an IT audit/compliance/risk management role
- Experience with IT controls implementation in the context of SOX and SOC 2/3
- Data analytics background utilizing NoSQL, SQL, and/or Python is strongly preferred
- Experience working in a full Linux environment, Git, and CI/CD
- Self-motivated and capable of coaching/mentoring staff as the team grows in size
- PCI controls implementation, SAQ, and RoC experience is a plus
- Experience with identifying, tracking, reporting and remediating IT procedural and technical risk
- Working knowledge of web based technologies and cloud environments is desired to achieve success in this role
- Big-4 is preferred
- CISA and/or CRISC certification is strongly preferred