Government Risk and Compliance (GRC) Lead

Governance Risk and Compliance (GRC) Lead 

(New York City - US)

Founded in 2000, Ivalua is a leading global provider of cloud-based procurement solutions.

COMPANY OVERVIEW

At Ivalua we are a global community of exceptional professionals, who believe that digital transformation revolutionizes supply chain sustainability and resiliency to unlock the power of supplier collaboration. 

We achieve this through our leading cloud-based spend management platform that empowers hundreds of the world's most admired brands to effectively manage all categories of spend and all suppliers to increase profitability, improve ESG (environmental, social, and corporate governance) performance, lower risk, and improve productivity. Driven by our passions and fueled by our shared ambitions, we empower and challenge each other to create meaningful experiences for our colleagues, customers, partners, and communities. 

Learn more at www.ivalua.com. Follow us on LinkedIn and Twitter.

THE OPPORTUNITY

CONTEXT:

Our team is very hands-on with a strong mindset of problem solving while also having the ability to think of the implementation holistically and provide solutions that solve the customer’s long-term challenges. Our team works hard, plays hard and enjoys all indoor and outdoor activities that the company organizes from time to time, so that you can focus, work collaboratively, and be at your creative best. 

With over 60 global team members, the IT team works hard, plays hard and enjoys all indoor and outdoor activities that the company organizes from time to time, so that you can focus, work collaboratively, and be at your creative best. 

ROLE: 

This is an exciting opportunity for a GRC lead. You will be part of the InfoSec team with a mission to  build, maintain and continuously improve its Information Security program, giving peace of mind, assurance of protection and safety to our customers. 

WHAT YOU WILL DO WITH US 

• Lead security self assessments, audits, certifications for various compliance initiatives e.g. OC1/SOC2, ISO 27001, FedRAMP, IRAP, PCI-DSS, SecNum Cloud, CE+, BSI C5, NIST 800-53 etc.
• Understand and assess technical controls at different layers of TCP/IP model, including evaluating technical control implementation and communicating clear and actionable requirements to various technical teams
• Coordinate and manage customer security audits and contract reviews for AMER region and support other regions
• Effectively respond to InfoSec questions and present technical architecture and security controls to customers and prospects 
• Perform continuous compliance and monitoring capabilities, including executing on various security and availability controls (e.g. BIA,  DR testing, security incident response, etc.) 
• Manage the security incident response process (responding to reported security incidents, working closely with key stakeholders to coordinate incident remediation efforts, ensure proper communication and task assignment during incident response, etc.)
• Help automate and enhance security operation processes
• Support Governance, Risk & Compliance (GRC) tools implementation and utilization

YOUR PROFILE

If you have the below experience and strengths this role could be for you:

Skills and Experience:

• Preferred Bachelor’s Degree in a related field or equivalent experience
• At least 5 years experience working with IT and security personnel as well as security concepts at all layers of a technology (e.g. Network, Infrastructure, Web Application, Cloud Platforms (e.g. Azure, AWS, GCP) environments
• Strong working knowledge of a broad range of audit and Information Security frameworks (NIST CSF & 800-53, ISO27001, SOC, HITRUST, HIPAA, FedRAMP, PCI, GDPR, etc.)
• Hands on experience in leading  audits/reviews against some of the InfoSec frameworks mentioned above
• Knowledge of risk and security industry literature and knowledge bases (OWASP, MITRE ATT&CK, NIST 800-39, etc.)
• Relevant audit and/or Information Security certifications (e.g., CISSP, CISA, CISM, Azure Cloud Security) are desired

Soft Skills :

• Excellent interpersonal, communication and organizational skills
• Team player with the ability to interface effectively with a broad range of individuals and roles, including IT and vendors
• High degree of initiative, dependable and able to work well with limited supervision

WHAT HAPPENS NEXT

If your application fits this specific position’s needs, our skilled Talent team will reach out to schedule an initial screening call. Get one step closer to achieving your goals – apply today! 

Our Talent team will guide you through every step of the interview process - from preparation to completion. They're here to support you! 

Our recruitment process is designed to assess your competencies through a series of personalized interviews with internal stakeholders relevant to the role. 

Interviews will be conducted virtually via video or on-site with face-to-face meetings.

LIFE AT IVALUA

• Hybrid working model (3 days in the office per week)
• We're a team dedicated to pushing the boundaries of product innovation and technology
• Sustainable Growth, Privately Held
• A stable and cash-flow positive Company since 10 years
• Snacks and weekly lunches in the office
• Feel empowered to pursue your goals with improved team collaboration and increased creativity/productivity
• Unlock and unleash your full professional potential with our exceptional training and career development program
• Join a dynamic and international team of top-notch professionals who are experts in their respective fields. Collaborate with like-minded individuals who are deeply passionate and highly motivated about their work. Experience a truly diverse and inclusive work environment where your unique contributions are highly valued
• Regular social events, competitive outings, team running events, and musical activities,
• Comparably recognized Ivalua for the following (https://www.comparably.com/companies/ivalua) : 

Powered by People - Powered by You!

United by our values we embrace diversity and equity in the broadest possible sense to create an inclusive workplace. To help our customers make supply chains more efficient, sustainable and resilient, we rely on a global team with a variety of backgrounds, skills and views. We believe in equal opportunity and in diversity as a driver of innovation that cultivates a spirit of inclusiveness, creates a productive and fun place to work, and provides fulfilling career opportunities for all Ivaluans. https://www.linkedin.com/company/ivalua/about/

Experience life at Ivalua - check out our captivating video! Gain insight into our unique company culture and get a glimpse of what it's like to work with us.

Ivalua’s core values include a priority on Care & Grow People. We take matters like pay equity very seriously and strive to reward our employees appropriately and fairly for their talents.

The compensation range for this position reflects the cost of labor across our US locations and is based upon careful and continual market research. In addition to location, compensation may also vary based upon job-related knowledge, skills, and experience.

Title: Government Risk and Compliance (GRC) Lead

Range minimum: USD 112000

Range maximum: USD 208000

Additional compensation / rewards: Ivalua also offers exceptional benefits including medical, dental, vision and transportation.

#LI-PDE

#LI-HYBRID