Manager, GRC Security

Posted:
12/2/2024, 4:16:48 AM

Location(s):
California, United States ⋅ Santa Barbara, California, United States

Experience Level(s):
Mid Level ⋅ Senior

Field(s):
IT & Security

Workplace Type:
Hybrid

About Us:  

We love going to work and think you should too. Our team is dedicated to trust, customer obsession, agility, and striving to be better everyday. These values serve as the foundation of our culture, guiding our actions and driving us towards excellence. We foster a culture of performance and recognition, allowing us to transform growth as we enable our employees to do the best work of their careers.

This position is located in Santa Barbara, CA. Our team is located in the heart of downtown Santa Barbara. Across the globe, our Centers of Energy serve as hubs where we accelerate productivity and collaboration, inspire creativity, and cultivate a culture of connection and celebration. Our teams coordinate their time in Centers of Energy to reflect how they work best.

LogicMonitor is proud to be an equal opportunity employer. We deeply care about our employees’ well-being, fostering an environment where every individual is valued and respected. We celebrate the diversity of our team, and are committed to fostering a culture of inclusivity. Come as you are, be yourself, and let's grow together.

To learn more about life at LogicMonitor, check out our Careers Page.

What You'll Do:

LM Envision, LogicMonitor's leading hybrid observability platform powered by AI, helps modern enterprises gain operational visibility into and predictability across their IT stacks, so they can continue to deliver extraordinary employee and customer experiences. LogicMonitor has a layered approach to intelligence, where AI and Machine Learning is baked into every facet of the LM Envision platform to help IT teams improve efficiency, minimize alert fatigue, proactively predict trends, and maximize enterprise growth and transformation. 

Our customers love LogicMonitor's ability to bring cloud and traditional IT together into one view, as seen in minimal churn rates, expansion business, and exciting new customer references. In fact, LogicMonitor has received the highest Net Promoter Score of any IT Infrastructure Management provider. LogicMonitor also boasts high employee satisfaction. We have been certified as a Great Place To Work®, and named one of BuiltIn's Best Places to Work for the sixth year in a row! 

Mission of the Position from Confluence Scorecard

Here's a closer look at this key role:

  • General
    • Mature the overall GRC strategy for the company, collaborating closely with other security team leaders, including LogicMonitor’s CISO
    • Manage a team of security GRC professionals to advance the overall program 
    • Collaborate with LogicMonitor’s Legal and Privacy team on common areas such as security controls for fulfilling privacy requirements
    • Program manage all GRC initiatives to achieve successful, timely completion, while working closely with stakeholders outside of the Information Security Team
    • Evolve LogicMonitor’s multi-year GRC strategy to embrace the company business strategy, market requirements, regulatory trends, industry trends, and the changing the threat landscape
    • Seek out and lead the operationalization of automation technologies to improve efficiencies and the program velocity, collaborating with other teams company-wide as appropriate.
    • Develop and operationalize metrics that quantify the effectiveness of the GRC program
  • Compliance
    • Oversee the team’s progress on fulfilling technical and non-technical FedRAMP security controls
    • Oversee the completion of annual external audits and certification efforts, including SOC2 Type 2, ISO 27001/17/18, FedRAMP, Australian IRAP controls, and company investor compliance requirements
    • Oversee the operationalization of an effective and comprehensive internal audit function to ensure satisfactory annual external audit results
    • Collaborate with other teams to collect security artifacts, manage deviations and exceptions, and improve processes to ensure an effective compliance program
    • Manage the team to ensure timely addressing of any non-conformity findings and corrections, including documentation and technical tasks
  • Risk management: 
    • Oversee the execution and continuous improvement of cybersecurity risk management framework, processes, procedures, and activities.
    • Oversee the benchmarking of risk management processes and dashboards with peer companies
    • Help socialize the risk management program and processes to key company stakeholders
    • Work with senior leaders to establish and improve integration of risk management processes into strategic planning processes
    • Cultivate strong working relationships with risk owners to ensure proper risk management program buy-in and accountability
    • Monitor the completeness of company initiatives and their impact to related cybersecurity risks
    • Collaborate with other security team leaders on advancing the company’s third party risk management program
  • Governance:
    • Oversee IT system security consultation within cloud-based and on-premises environments in accordance with NIST SP 800-53, 800-37, ISO, and PCI.
    • Support the team’s development of System Security Plans, Continuous Monitoring, Plan of Action and Milestones, Security Controls Assessment, Risk Exposure and FIPS 199 categorization in accordance with NIST requirements.
    • Support the CISO and the Infosec Program through proposed improvements around policy creation and content, maintenance, exception handling, enforcement, and metrics analysis
What You'll Need:
  • 7+ years of experience in relevant GRC functions related to risk management, preferably with cloud SaaS providers.
  • 5+ years of experience in cybersecurity, particularly in a SaaS or cloud environment
  • 3+ years experience leading a GRC team and managing people, including program planning, yearly performance reviews, coaching, career planning, and conflict resolution
  • Strong background in compliance and certification efforts for SOC2, ISO 27000 series, and NIST 800-53.
  • Excellent interpersonal and communication skills with the ability to establish strong working relationships with both technical and non-technical staff
  • Demonstrated history of leading multi-year programs to increased levels of maturity and success
  • Demonstrated problem-solving capabilities, and the ability to manage complex and evolving security requirements
  • Familiarity with industry leading GRC tool and how to effectively leverage them to drive the overall program

Residents of California, click Here to view our California Applicant Privacy Notice.

Anticipated Application Close Date: 02/03/2024

#LI-JP1 #BI-Hybrid #LI-Hybrid

LogicMonitor is dedicated to fostering a culture of transparency and fairness, including our commitment to pay transparency. We provide the base salary ranges for all positions posted within the United States. 

Compensation packages at LogicMonitor for eligible roles include base salary, a variable plan depending on role, along with comprehensive benefits. The range displayed on each job posting reflects the minimum and maximum base salary target for new hires in the position, determined by work location and additional factors, including job-related skills, experience, interview performance, and relevant education or training. LogicMonitor employees in eligible roles are also granted equity based compensation, subject to Board of Director approval. As part of our holistic compensation philosophy, your package will also include, but is not limited to: Comprehensive health, dental and vision coverage, generous parental leave policies, access to our Employee Assistance Program and various Wellness programs, a 401K with company matching, a learning and development stipend, and an unlimited vacation policy. For more information on our benefits, see our careers page.

The Base Salary range for this role is:
$136,500$160,650 USD

LogicMonitor

Website: http://www.logicmonitor.com/

Headquarter Location: Santa Barbara, California, United States

Employee Count: 1001-5000

Year Founded: 2007

IPO Status: Private

Last Funding Type: Debt Financing

Industries: Analytics ⋅ Application Performance Management ⋅ Cloud Infrastructure ⋅ DevOps ⋅ Information Technology ⋅ IT Infrastructure ⋅ IT Management ⋅ SaaS