Director, Governance, Risk, and Compliance
We are seeking a highly motivated and experienced Director of Governance, Risk, and Compliance (GRC) to establish and lead our GRC function at Posit. This foundational leadership role requires a strategic and hands-on approach to building the department from the ground up, creating and implementing policies, frameworks, and processes to ensure compliance with regulatory requirements and manage risks across the organization.
The ideal candidate will be adept at working in fast-paced environments, comfortable with ambiguity, and possess a deep understanding of software and cloud security compliance frameworks. You'll work closely with senior leadership to ensure that our governance, risk, and compliance practices are aligned with our company's mission and growth strategy.
You will be responsible for identifying and driving initiatives to ensure compliance with federal, state, and international security and privacy regulations and contractual obligations. Our products are used in a variety of regulated environments, and we must know not only how those regulations apply to us but also be able to confidently and consistently share this information with our customers.
Since its inception, Posit has operated as a 100% distributed company with a SaaS-based infrastructure. This presents unique challenges and requires pragmatism and creativity to be successful. This position requires the ability to be proactive and strategic while being comfortable rolling up one's sleeves.
Key Responsibilities:
- Establish and lead the GRC function, developing a comprehensive governance, risk, and compliance strategy tailored to our company's size, industry, and regulatory environment.
- Develop and maintain a compliance roadmap to ensure alignment with business objectives, regulations, and customer expectations.
- Develop, implement, and maintain corporate governance policies, standards, and frameworks to manage risks and ensure compliance with applicable laws, regulations, and industry best practices.
- Perform risk assessments and build risk management processes to identify, analyze, and mitigate risks related to cybersecurity, data privacy, and operational activities.
- Lead the development and enforcement of compliance programs that address internal and external requirements, ensuring all employees understand and adhere to relevant policies and regulations.
- Collaborate with internal stakeholders (e.g., legal, product, IT, engineering) to ensure compliance requirements are integrated into product development, IT systems, and data management practices.
- Create and manage a regular reporting process to provide executive leadership with insight into the company's risk posture, compliance status, and audit results.
- Stay current on evolving regulatory environments, security threats, and compliance best practices, ensuring the company adapts its security posture accordingly.
- Work closely with senior leadership to communicate the company's compliance status and risk posture, making recommendations for improvements where necessary.
- Provide training and guidance to employees on security compliance best practices and foster a culture of security awareness throughout the organization.
- Serve as the main point of contact for internal and external audits, managing audit readiness, audit responses, and any remediation activities.
About you:
- Experience in governance, risk, and compliance, with a strong background in cybersecurity, data privacy, and risk management in the software or technology sector.
- Experience working in a software company, particularly in remote, cloud-based environments, is highly preferred.
- Experience managing and responding to audits, regulatory reviews, and compliance reporting.
- Metrics-driven, understands, develops, and delivers meaningful risk-based operational dashboards and reports to a broad audience, demonstrating our current program state and adherence to frameworks and standards.
- Strong project management and organizational skills, with the ability to manage multiple initiatives and priorities.
- Ability to think strategically while being hands-on with the development and execution of projects and initiatives.
- Excellent communication and interpersonal skills, with the ability to influence and collaborate effectively with cross-functional teams.
- You invest in strong relationships with your colleagues and employ empathy when working through their issues.
- You default to a collaborative and communicative mentality, believing that adversarial relationships harm an organization's long-term success.
- You are highly ethical, possess excellent decision-making capabilities, and execute good time management skills.
Posit offers competitive compensation with extensive human-first, people-focused benefits to prioritize your personal and financial well-being. Individual pay decisions are based on a number of factors, including qualifications for the role, experience level, and skillset. This hiring range reflects base salary and assumes that the job will be performed in the United States.
Hiring Range: $201,300—$276,760 USD
Working at Posit:
- We welcome all talented colleagues and are committed to a culture that represents diversity in all its forms.
- We prioritize giving ourselves “focus time” to get deep work done. We minimize meetings and attempt to operate asynchronously.
- We are a learning organization and take mentorship and career growth seriously. We hope to learn from you and we anticipate that you will also deepen your skills, influence, and leadership as a result of working at Posit.
- We operate under a unique sustainable business model: We have over 50% of our engineering dedicated to creating free and open source software. We are profitable and we plan to be around decades from now.
- Posit is a Public Benefit Corporation (PBC) and a Certified B Corporation, which means our open-source mission is codified into our charter. As a result, our corporate decisions balance the community's interests, customers, employees, and shareholders.
Posit is committed to being a diverse and inclusive workplace. We encourage applicants of different backgrounds, cultures, genders, experiences, abilities, and perspectives to apply.
#J-18808-Ljbffr