Director, GRC & Security

The Job

We're looking for a Director or GRC and Security, to lead Panther's security and compliance initiatives. In this role, you’ll be responsible for driving our security strategy, ensuring the safety of our environment, and managing key certifications such as SOC2, HIPAA, ISO 27001, and PCI DSS. You’ll collaborate with teams across the organization, including Engineering, IT, and Sales, as well as external stakeholders and auditors, to ensure our security and compliance efforts align with business objectives. Additionally, you’ll lead initiatives to implement new compliance programs like FedRAMP, all while maintaining operational efficiency and fostering a culture of security throughout Panther. If you thrive in a fast-paced environment and have a passion for balancing security with compliance, we’d love to hear from you!

The Company

Panther is a cybersecurity company with the mission of detecting any breach, anywhere. The company was founded by security practitioners that lived through the difficulty of trying to protect large organizations and wanting to build a solution that many teams could use. Panther solves modern security problems with detection-as-code, a cloud-native architecture, and a robust security data lake. Panther’s platform, used by many industry innovators, enables security teams to focus on security, detect attacks, and protect their organizations without the prohibitive overhead or excessive operational costs.

Backed by Coatue Management, Lightspeed Venture Partners, S28 Capital, Snowflake Ventures, ICONIQ Growth, and Innovation Endeavors, Panther has raised $140M and is driving innovation disrupting the cyber security space. Panther's customers include industry-leading technology companies such as Figma, Gusto, Coinbase, and Dropbox, most of them being mid-large enterprises and they are very much modern technology cloud-forward companies. The company was featured for a second year in a row on EnterpriseTech30's startup list, most as recently as #6 on the list of mid-stage, emerging technology companies!

Panther is a remote-first company with a culture of flexibility, written documentation, open company communication, and collaboration. Our values guide our every move: Be an Owner, Create Customer Love, and Take Care of the Team. We believe that by building a diverse group of remote individuals, we can push forward our mission and create a rewarding, inclusive, and fun work environment for our entire team.

The Responsibilities

• Leading and building Panther’s Security and Compliance organization, and participating in the build out of Panther’s IT organization
• Partnering closely with internal teams such as IT, Sales, and Engineering to improve operational efficiency and achieve business outcomes beyond strictly compliance
• Acting as the primary conduit for communication between Panther’s engineering organization and external security and compliance partners (including auditors, ongoing security advisors, pentesters, and short-term contractors)
• Collaborating with other leaders across the company to develop an ongoing compliance strategy that drives quality and unlocks sales
• Owning Panther's existing compliance programs (SOC2, ISO 27001, and PCI DSS), ensuring continuity for Panther's certifications
• Leading Panther’s audit processes end to end, including directly interacting with auditors during assessments
• Identifying and implementing improvements to Panther’s compliance programs to reduce operational burden and complexity (e.g. introducing better automation or processes for evidence gathering, thoughtful alignment of audit calendars, streamlining responses to security and compliance questionnaires, etc)
• Implementing new compliance programs at Panther, such as FedRAMP, HIPAA, and others, partnering with external subject matter experts when appropriate
• Defining, executing, measuring, monitoring and reporting on compliance controls and initiatives, and maintaining all related documentation in Drata

The Requirements

• Ability to self-manage work and meet important deadlines in a fast-paced, rapidly evolving environment 
• Strong track record of successful collaboration across a diverse range of stakeholders, including internal teams (Engineering, Legal, etc) as well as external parties (auditors, contractors, etc)
• Excellent communication skills, with the ability to effectively translate needs and requirements across Engineering, Security and Legal disciplines
• Familiarity with modern security controls and concepts and ability to apply those concepts well enough to translate compliance requirements into modern, safe, efficient and effective controls
• Experience leading compliance initiatives, such as SOC2, ISO 27001, PCI DSS, HIPAA, FedRAMP, etc at a high-growth cloud-based company
• Experience defining, documenting, updating and mapping controls, policies, procedures, exceptions, risks, assets, vendors and people
• Firm technical grasp on cloud, cloud security, and engineering workflows, with specific experience in organizations that use AWS and Github.
• Preferred candidates: experience creating and maintaining compliance artifacts in Drata (or similar system)
• Preferred candidates:  Experience communicating directly with customers through activities such as answering compliance documentation questions or sales enablement calls

The Perks

• Equity
• Unlimited PTO policy, with a minimum requirement of 15 days off per year, as well as Observing major US holidays, as well as a 2-week break, end of year
• Latest tech equipment & budget for your customized tech needs
• Comprehensive medical, dental, and vision coverage
• 401k program 
• Remote-friendly
• Opportunities to attend industry conferences  (remote or in-person, and in conjunction with our in-person health and safety policy)
• Annual company off-sites in awesome locations (in conjunction with our in-person health and safety policy)

Cash compensation range: $180,000 - $230,000 USD Annually

The cash compensation above includes base salary and on-target commission for employees in eligible roles. In addition to cash compensation, all full-time Pantherinos are eligible to participate in our equity plan to receive Incentive Stock Options (ISO). Individual compensation packages are based on a few factors unique to each candidate, including their location, experience, and expertise, and may vary from the above-mentioned range.

Panther labs is an Equal Opportunity Employer. The Company prohibits discrimination and harassment on the basis of: race, color, national origin, ancestry, sex (including pregnancy, childbirth, breastfeeding), gender, gender identity, gender expression, sexual orientation, marital status, age, religious creed, physical disability, mental disability, genetic information, military or veteran status, or any other status protected by law. All employment decisions are decided on the basis of qualifications, merit, and business need.