Senior Security GRC Manager - SOC 2 Compliance
New York, NY
Full Time Senior-level / Expert USD 153K - 192K
Spotify
Spotify is a digital music service that gives you access to millions of songs.
Spotify is seeking a Senior Security Governance, Risk, and Compliance (GRC) Manager to join the Security Studio who will work closely with our engineering teams and audit functions. You’ll be focused on handling the execution of tasks for the Security GRC Program within Spotify, primarily in relation to driving SOC 2 compliance, but also to other compliance and information security frameworks. You will work on ensuring tasks deliver high-quality value and are completed in a timely fashion. Additionally, you will play an integral part in recommending process improvements and in helping to implement these updates. This role will require a deep understanding of SOC 2 compliance, information security practices, as well as experience in working with technology teams.
What You'll Do
- Lead the SOC 2 compliance program and large-scale SOC 2 projects, identify dependencies, define success metrics and achievements, and ensure timely delivery
- Design, implement, monitor and maintain SOC 2 controls, while collaborating and building relationships with internal and external business partners
- Lead and handle all stages of SOC 2 audits, ensuring successful completion.
- Resolve appropriate scope of SOC 2 audits, encompassing new and existing service offerings, their supporting infrastructure, and associated processes.
- Lead and respond to customer security questionnaires while collaborating with internal teams, and drive questionnaire response automation
- Identify, assess, and advise on information security risks, processes and controls to a variety of business partners
Who You Are
- You have 5+ years of experience with SOC 2 compliance, including leading a SOC 2 compliance program, controls design, and implementation. Experience in the technology industry is preferred.
- You have 5+ years of experience with security frameworks, e.g. SOC 2, ISO27001, NIST CSF, PCI-DSS, etc., security controls design and implementation, and security best practices
- Prior IT Audit experience in areas of SOC 2, ITGC, SOX are preferred
- CISA, CISM, CISSP or other related certifications are preferred but not required.
- You have experience with privacy frameworks, such as GDPR or CCPA
- You are a strong collaborator, with experience working on teams composed of both technical and non-technical members
- You have a demonstrated ability to lead large projects, problem-solve, multitask, and have excellent organizational skills
- You have excellent written and verbal communication skills, with experience presenting to key stakeholders and partnering with internal collaborators and external auditors
- You thrive in a data-driven, fast-paced and innovative environment
Where You'll Be
- For this role you will be in New York.
Job stats:
0
0
0
Categories:
Compliance Jobs
Leadership Jobs
Tags: Audits Automation CCPA CISA CISM CISSP Compliance GDPR Governance ISO 27001 NIST Privacy SOC SOC 2 SOX
Perks/benefits: Flex hours Health care Parental leave
Region:
North America
Country:
United States
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.
Information Security Manager jobsInformation Systems Security Officer jobsInformation Security Officer jobsInformation System Security Officer jobsInformation Security Specialist jobsSenior Cybersecurity Engineer jobsSenior Cyber Security Engineer jobsSenior Network Security Engineer jobsSecurity Consultant jobsPrincipal Security Engineer jobsIT Security Engineer jobsSecurity Specialist jobsSenior Penetration Tester jobsSenior Information Security Analyst jobsCyber Security Specialist jobsChief Information Security Officer jobsCloud Security Architect jobsStaff Security Engineer jobsInformation System Security Officer (ISSO) jobsCybersecurity Consultant jobsSecurity Operations Analyst jobsCyber Security Architect jobsIT Security Analyst jobsThreat Intelligence Analyst jobsSenior Product Security Engineer jobs
SaaS jobsEncryption jobsMalware jobsRMF jobsSDLC jobsGDPR jobsEDR jobsIDS jobsSplunk jobsSQL jobsForensics jobsIPS jobsBash jobsTop Secret jobsCompTIA jobsITIL jobsDoDD 8570 jobsFinance jobsIntrusion detection jobsDocker jobsOWASP jobsUNIX jobsCRISC jobsTerraform jobsTCP/IP jobs
Active Directory jobsThreat detection jobsSANS jobsGIAC jobsPolygraph jobsBanking jobsClearance Required jobsVPN jobsJavaScript jobsOSCP jobsSOAR jobsData Analytics jobsCCSP jobsAnsible jobsJira jobsSOX jobsArtificial Intelligence jobsHIPAA jobsDNS jobsSOC 2 jobsMITRE ATT&CK jobsIT infrastructure jobsMachine Learning jobsGCIH jobsOracle jobs