Senior/Staff GRC Engineer

Posted:
9/23/2024, 7:42:25 PM

Location(s):
California, United States ⋅ San Francisco, California, United States

Experience Level(s):
Senior

Field(s):
IT & Security

Crusoe Energy is on a mission to unlock value in stranded energy resources through the power of computation.

Take a look at what we do! - https://www.youtube.com/watch?v=Rlt8k71Quqw 

We aim to align the long term interests of the climate with the future of global computing infrastructure. As data centers consume an exponentially growing power footprint to deliver technology to all connected devices, we are inspired by making sure that the energy meeting that demand is sourced in an environmentally responsible fashion. Crusoe co-locates mobile data centers with stranded energy resources, like flare gas and underloaded renewables, to deliver low-cost, carbon-negative distributed computing solutions. Crusoe Cloud is a managed cloud services platform powered by stranded energy that enables climate-friendly innovation in computationally intensive fields including artificial intelligence, graphics rendering, and computational biology.

About the Role:

The Crusoe security team is seeking a highly experienced GRC (Governance, Risk, and Compliance) Manager to build and enhance our security posture in alignment with industry regulations and best practices. In this role, you will be instrumental in securing our platform and cloud offerings by developing and scaling processes that govern security risk management, policy adherence, and compliance certification. This is a hands-on, strategic role where you’ll lead efforts to ensure that our governance, risk, and compliance programs support the company’s mission and growth while safeguarding Crusoe and our products. If you're passionate about shaping a critical function in a dynamic, innovative environment, we'd love to hear from you.

As a Senior/Staff GRC Engineer, you will be a key member of the Security team, responsible for driving our governance, risk, and compliance initiatives. You will work closely with senior leadership and cross-functional teams to design and implement policies and frameworks that manage and mitigate security risks across the organization. Your primary focus will be on developing scalable, efficient GRC processes that align with our business goals and ensure compliance with applicable regulations and standards.

A Day In The Life:

  • Develop and Manage GRC Programs: Lead the development and management of governance, risk, and compliance programs, ensuring they are scalable, repeatable, and aligned with industry best practices and business objectives.

  • Own Compliance Frameworks: Proactively manage critical compliance frameworks, including ISO 27001, SOC 2 Type 2, HIPAA, GDPR, and others, ensuring that the organization remains compliant with all relevant standards.

  • Hands-On Management of Compliance Automation Software: Implement and manage compliance automation tools to streamline GRC processes, ensuring that compliance activities are efficient, scalable, and auditable.

  • Design and Implement Risk Management Processes: Create and operationalize processes for identifying, assessing, and mitigating information security risks, collaborating with key stakeholders to align these processes with business needs.

  • Oversee Audits: Lead internal and external audit programs, ensuring they are completed efficiently and with minimal disruption to business operations. Work closely with audit teams to prepare for and respond to regulatory and customer audits.

  • Collaborate with Cross-Functional Teams: Work closely with teams across the organization, including engineering, legal, and product, to integrate GRC processes into their workflows and ensure that security and compliance requirements are met.

  • Privacy Management: Develop and enforce privacy policies and procedures to ensure compliance with global data privacy regulations, such as GDPR, CCPA, and HIPAA, and oversee privacy impact assessments.

  • Drive Continuous Improvement: Continuously assess and improve GRC processes, leveraging feedback and insights to enhance efficiency and effectiveness. Promote a culture of compliance and security awareness across the organization.

  • Manage Third-Party Risk: Oversee third-party risk management, including conducting risk assessments, managing vendor relationships, and ensuring that third-party services comply with our security and compliance standards.

You Will Thrive In This Role If You Have:

  • Experience: You have 7+ years of experience in Information Security, Governance, Risk, and Compliance roles, with at least 3 years in a leadership or managerial position.

  • Expertise: You have deep expertise in managing and implementing compliance frameworks such as ISO 27001, SOC 2, FedRAMP, HIPAA, HITRUST, NIST CSF, PCI DSS, and others.

  • Regulatory Knowledge: You possess strong knowledge of global data privacy regulations (e.g., GDPR, CCPA, HIPAA) and are skilled in translating regulatory requirements into practical, scalable solutions.

  • Technical Acumen: You have a strong understanding of information security concepts, cloud platform security, and cybersecurity operations, enabling you to effectively incorporate technical aspects into GRC strategies.

  • Analytical Skills: You excel at making data-driven decisions, assessing risks, and developing strategies to mitigate them. You have a propensity for clear, concise communication, both verbal and written.

  • Leadership: You have a proven track record of managing and mentoring teams, driving high performance, and fostering a culture of security and compliance.

  • Adaptability: You thrive in a dynamic, fast-paced environment and are comfortable navigating ambiguity and managing complex projects with multiple stakeholders.

Benefits:

  • Hybrid work schedule

  • Industry competitive pay

  • Restricted Stock Units in a fast growing, well-funded technology company

  • Health insurance package options that include HDHP and PPO, vision, and dental for you and your dependents

  • Employer contributions to HSA accounts 

  • Paid Parental Leave 

  • Paid life insurance, short-term and long-term disability 

  • Teladoc 

  • 401(k) with a 100% match up to 4% of salary

  • Generous paid time off and holiday schedule

  • Cell phone reimbursement

  • Tuition reimbursement

  • Subscription to the Calm app

  • MetLife Legal

  • Company paid commuter benefit; $50 per pay period

Compensation Range

Compensation will be paid in the range of $180,000 - $300,000. Restricted Stock Units are included in all offers. Compensation to be determined by the applicants knowledge, education, and abilities, as well as internal equity and alignment with market data.

Crusoe Energy is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, disability, genetic information, pregnancy, citizenship, marital status, sex/gender, sexual preference/ orientation, gender identity, age, veteran status, national origin, or any other status protected by law or regulation.