GRC Manager

IT Administration Remote, United States


Description

ON24 is on a mission to transform the way marketers’ market, powering the live, always-on and personalized experiences that businesses need to create engagement, deliver data, find demand and drive revenue. Through the ON24 Platform, marketers can build data-rich, interactive webinars and content experiences, understand audience behavior and turn that intelligence into action. Informed by more than a billion engagement minutes -- including 12 million polls, 1.3 million surveys, 1.5 million conversations, and conversion of over 17 million resources -- marketers drive more revenue from ON24 experiences than any other digital channel. Headquartered in San Francisco, ON24 has a wide global footprint with eight offices in key regions, including London, Munich, Singapore, Stockholm and Sydney. For more information, visit https://www.on24.com. 

The GRC Analyst / Manager will be responsible for ON24’s information security governance, risk and compliance efforts to safeguard customer, employee, and company data in accordance with industry standards for a global enterprise SaaS company. You will work to determine and implement appropriate standards and controls, develop policies and procedures, manage security audits and assessments, and address third party risks.   

Responsibilities: 

30% Compliance 

  • Design, Implement, and maintain a continuous compliance framework. 
  • Perform internal auditing functions and compliance reviews. 
  • Oversee and participate in external audits and certifications. 
  • Create and maintain company security policies and procedures. 
  • Research new regulatory requirements, legal obligations, and framework revisions. 
  • Provide guidance and subject matter expertise to project teams on security and compliance. 
  •  Evaluate and implement GRC related products/solutions.  

30% Risk & Governance 

  • Collaborate with legal, IT, operations, and others on various governance related efforts.  
  • Manage the risk register and develop metrics for reporting risk. 
  • Recommend, document, and monitor implementation of risk treatment plans.  
  • Develop and maintain vendor risk management program. 
  • Oversee and perform internal assessments such as SIG and CSA CAIQ.  

20% Sales Support 

  • Support Sales and Solutions Engineering by maintaining knowledge base, assisting with inquiries, and representing ON24 in conversations with customers/prospects as they relate to security and compliance. 
  • Develop and maintain supporting security documentation, whitepapers, and other sales collateral. 

10% Awareness & Training  

  • Evangelize security across the organization. 
  • Develop and maintain security awareness training materials. 

10% Project Management 

  • Work across the organization to evaluate and address gaps in governance, risk and compliance. 
  • Manage cross-team initiatives related to security and compliance. 

Skills & Experience: 

  • Bachelor's degree or equivalent experience 
  • At least 5 years work experience in security, risk management, or audit related roles 
  • Hands-on experience implementing control frameworks and providing audit support for SOC 2 and ISO 27001 
  • Technical background in systems, operations, IT, or software development 
  • Experience with at least one cloud IaaS provider: Azure, GCP, AWS 
  • Deep understanding of security threat modeling, risk prioritization, and technical security measures 
  • Excellent written and verbal communication skills 
  • Ability to work effectively and drive results in a remote team setting 

Preferred: 

  • Security certifications, e.g. CISSP, CISA/CISM, GIAC, CCSK, etc. 
  • Experience working in a SaaS and/or hybrid-Cloud environments 
  • Experience securing/auditing cloud, virtualization, and containerization platforms  
  • Comfortable across Windows and Linux environments 
  • Experience with NIST SP 800-53 and FedRAMP authorization process 
  • Familiarity with frameworks like CIS Benchmarks, OpenSAMM 

Perks & Benefits:

  • Health benefits designed to fit the needs of you and your family — including medical, dental, and vision plans 
  • Generous PTO policy and wellness days to log off and recharge  
  • 11 paid company holidays for US-based employees+ 1 Floating Holiday + 2 Floating Wellness days 
  • Employee Stock Purchase Plan 
  • 401K Plan with employer match 
  • Reimbursements covering home office expenses, cell phone use, weekly team lunches, and classes for professional and personal development 
  • Fitness and wellness perks including ClassPass and discounted memberships with 24 Hour Fitness  

ON24 is proud to be an equal employment opportunities (EEO) workplace to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics. In addition to federal law requirements, ON24 complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training. 

Pursuant to the San Francisco Fair Chance Ordinance, ON24 will consider for employment qualified applicants with arrest and conviction records.