Director of Governance, Risk and Compliance

The Opportunity at Altana

We are looking for a talented Information Security leader to guide governance, risk, and compliance (GRC) initiatives across the company.  In this role, you’ll be responsible for designing and leading a comprehensive governance program, including the establishment of security policies, standards, and procedures; designing a comprehensive security Risk Management program to identify, quantify, classify, and manage risks for the organization; and leading compliance efforts to accomplish SOC2 Type II, ISO 27001, FedRAMP and other certifications and attestations to demonstrate cybersecurity assurance internally and to our customers.  You will be responsible for collaborating cross-functionally with the business on GRC activities and leading the company’s obligation to identify technology and security risks, and manage legal, regulatory and compliance risks.  In this role, you’ll report to the VP of Information Security and play a critical role in maturing our controls and overall Information Security program.

Over the next 12 months, you will:

• Deliver Information Security compliance initiatives to ensure alignment to applicable standards/regulations, including necessary certifications or audits
• Serve as the liaison for all Information Security GRC audit and assessment initiatives for the organization with customers
• Define Altana’s Information Security standards, and oversee the security training and mentorship of Altana staff
• Maintain our control database; inventorying control ownership, control objectives, and control efficacy
• Recommend, develop, and manage the company’s risk register, including the definition and reporting on key risk indicators (KRIs) and key performance indicators (KPIs)
• Develop strong cross-functional working relationships internally and externally to support the ongoing maturation of Altana’s Information Security initiatives

What you bring to Altana:

• Deep understanding of and experience achieving/maintaining compliance with risk management methodologies, frameworks, and principles (e.g. SOC2, NIST CSF, NIST 800-53, DOD SRG, and ISO 27001, etc.).
• 10+ years of experience in Technology risk and compliance roles; preferably at a technology or SaaS / Cloud and / or as an auditor at a 3PAO
• Demonstrated ability to create and successfully implement GRC programs
• Strong project management skills to ensure accountability and results
• Strong oral and written communication skills along with refined presentation skills and the ability to work with other departments at varying levels of the organization, from executive to engineering to sales.
• Strong oral and written communication skills along with presentation skills; the ability to quickly build rapport with internal and external stakeholders
• Demonstrated experience presenting detailed, technical concepts to both technical and non-technical audiences
• Results oriented, values collaboration, self-motivated, and willing to adapt to change in a fast moving environment

Compensation at Altana

We are committed to providing competitive compensation for all roles at Altana. We carefully consider multiple factors when determining compensation, including your skills, experience, and location while balancing internal equity relative to peers at the company. The target base salary range for this role is $190,000 to $230,000. All full-time employees receive a competitive new hire equity grant, and may be eligible for additional bonus compensation depending on role.