Senior Director, Risk Compliance & Trust (grc)

Our Opportunity

Snyk is seeking an experienced hands on GRC leader to strategize, build, operate, and mature our global GRC organization and lead cross-functional partnerships in maintaining commitments to Snyk customers, partners and employees.

You will lead an exceptional team that will deliver fit-for-purpose and integrated risk and compliance functions that enable risk-based prioritization, executive and board level reporting, and support implementation. You will be a champion of data privacy and security and build those requirements into product offerings & services as well as day-to-day business processes. You will work directly with the rest of the Snyk team at large to mature and maintain a sustainable GRC program for the enterprise.

You’ll Spend Your Time:

• Leading, motivating and developing a high performing security/privacy GRC team.
• Partnering with cross-functional Snyk leaders to mature and maintain a sustainable GRC program for the enterprise.
• Providing thought leadership on security-related regulatory and statutory matters that may impact the company.
• Providing vision and hands-on leadership for developing and supporting initiatives in the areas of security and privacy policies, standards, training, external audits and gap assessments, continuous control monitoring, customer assurance and risk assessments.
• Supporting procurement and commercial teams with respect to information security aspects of contract and relationship discussions with third parties.
• Designing, maintaining and communicating security/privacy assurance and compliance strategies and plans a specific focus on expansion of the security certification portfolio that are designed to keep Snyk abreast of regulatory and commercially driven framework requirements in markets Snyk expands to.
• Executing periodic organizational and asset level risk and impact assessments to identify security & privacy risks in a manner that drives Snyk leaders to invest in risk minimization efforts.
• Driving operational efficiencies through process and program improvements and implementation of automation toolsets to gain efficiencies.
• Providing advisory services to other teams on maintaining compliance with privacy and security policies and standards through the course of their business operations.
• Collaborating with legal on the development and implementation of information security and data protection policies and processes.
• Collaborating with security teams on matters relating to data assurance, data protection, threat defense, risk management, and regulatory compliance.
• Working closely with legal and product teams globally to review products, features, new applications and initiatives to provide legal risk mitigation strategies to ensure legal compliance for products from an information security perspective.
• Coordinating with legal, information security, trust & safety, privacy & data protection, and other cross-functional colleagues on all matters related to information security and incident response, including communication, policy development, and enforcement aspects.

What You’ll Need:

• 10+ years of experience leading all aspects of a Security/Privacy GRC program, ideally with some experience in a SaaS or Tech organization.
• Proven experience with and including driving certifications for multiple domestic and international security & privacy frameworks/standards such as ISO 27001, ISO 27701, SOC2, GDPR, IRAP, FedRAMP/StateRAMP, HIPAA, PCI DSS, CMMC.
• Proven ability to develop and retain high performing GRC professionals.
• Effective written and verbal communication skills, especially translating between business and technical terminology.
• Outstanding cross-functional partnership skills with a confirmed ability to lead multiple stakeholders with conflicting priorities in a fast and constantly changing environment.
• Certifications such as CRISC, CISA, CISSP or CISM are considered preferentially.

#LI-TF1