The Director, GRC (Governance, Risk, & Compliance) is a key role in the Chief Information Security Officer (CISO) organization of LogMeIn, reporting to directly to the CISO. The role will be responsible for developing a comprehensive security governance function, including the areas of policies, standards, and other such docs and processes; the area of risk management (risk identification, risk analysis, risk treatment, risk acceptance, and risk maintenance (risk register)); and the area of compliance (SOC1/2/3, ISO27k1/2, PCI, NIST, HIPAA). It will help enable the security organization to follow the Plan-Build-Run-Monitor approach from a planning and monitoring perspective ensuring processes are established to ensure secure adaptation, configuration, maintenance and support, of tooling and controls.
As we are creating a writing culture, we also want to establish a security-and privacy by design culture to ensure our security and privacy processes are solid and aligned. This role will have first and foremost an internal focus on the security organization. After accomplishing this, the scope will be broadened to focus on certain aspects of engineering and process optimization (IT, procurement, etc.).
- Lead a group of security, risk, compliance, and privacy analysts to support this newly created function on behalf and under the direction of the CISO. Ensure departmental goals will be reached and monitored ensuring sound technical and processual solutions and solid process enhancements
- Develop a comprehensive library for the policies, standards, procedures, plans, and other documentation with a clear structure and tracking capability (focus/scope, who, what, when due, status, etc.), leveraging common best practices and frameworks such as CIS, ISO, and NIST
- Create and/or maintain all the content of policies, standards and other docs per the tracker. Ensure alignment with CISO and board level guidance and proper cascade throughout the system
- Upgrade the risk management process from a qualitative to a more quantitative model, ensure proper alignment in process, documentation, and tooling
- Contribute to the compliance efforts by guidance, escalations to other organizational leaders where appropriate as determined by CISO and ensuring successful audits/evidence gatherings and timely compliance certifications
- Integrate into an existing security team with limited supervision and ensure full adoption of risk management and governance concepts and operationalization of designed security controls
- Other duties or tasks as assigned by management
As LogMeIn is a global organization, the Director GRC will have some regular meetings and conference calls outside of normal respective office hours. Flexibility on good time management and covering a global organization is required and expected.
- A Masters or Bachelors degree in a technical/security field with combination of prior GRC related work experience of at least 8-10 years (must have). You must have written and maintained adopted (!) policies for a larger organization for some years
- Expert level knowledge of security control frameworks such as CISv7 and v8, ISO27001/27002, NIST 800-53, SOC1-3, PCI, and others. Deep familiarity with core policy principles
- Fast thinker, conceptually strong, excellent interpersonal communication, teamwork and project-, and program management skills. Strong personal integrity, accountability, the ability to take ownership of specific projects and program action items and to lead security analysts and experts to accomplish their assigned objectives and tasks
- Very strong both written and verbal communication skills with the proven ability to translate business needs into proper policy statements. Well versed in deriving policy statements and standard documentation from leadership verbal or written guidance
- Strong sense of accountability with the ability to work independently under the guidance and direction of the CISO with limited supervision.
- Able to foster a collaborative and respectful working environment and build long-term business relationships with multiple areas and complex setups on a global scale
- High intrinsic motivation to move the needle and mature existing processes or structures to improve performance, resiliency, and security outcome. Must see and use GRC as a means to build security & privacy by design, by default, and by deployment, and not as an end in itself.
LogMeIn Product Portfolio: https://www.logmeininc.com/products
LogMeIns category-defining products unlock the potential of the modern workforce by making it possible for millions of people and businesses around the globe to do their best work simply and securelyon any device, from any location and at any time. A pioneer in remote work technology and a driving force behind todays work-from-anywhere movement, LogMeIn has become one of the worlds largest SaaS companies with tens of millions of active users, more than 3,500 global employees, over $1.3 billion in annual revenue and approximately 2 million customers worldwide who use its software as an essential part of their daily lives.