Staff Risk and Policy Engineer

Job Description

We’re looking for a Staff Risk and Policy Engineer to join Procore’s Cybersecurity group. In this role, you’ll be responsible for making Cyber Risk a cornerstone of enterprise security, enabling executive decision-making and business prioritization by providing relevant and specific risk information about the most critical issues facing our company. You will also be responsible for defining and communicating Cyber Policy that defines our organizational values, fulfills internal obligations, promotes management of risk and liability, and meets compliance obligations.

As a Staff Risk and Policy Engineer, yours is a key position that will be pivotal to Procore’s continued maturity. You will use your extraordinary blend of technical background, GRC knowledge, and EQ to collaboratively lead this fast-moving organization to the next level of cyber risk management and smart cyber policy, partnering with roles from IC to executive throughout the company.While expectations for this role are very high, your work will also be very visible as the organization takes on a more risk-based approach to decisions. If you really want to make a positive impact on the security posture of a company and be part of, and rewarded for, the growth that results, join us!

This position reports into Senior Manager of Risk and Policy and will be based in our Austin, TX office. We’re looking for someone to join us immediately.

What you’ll do:

• Develop and report on technical KRIs

• Continuously enhance our risk register with new data and emerging risks

• Continuously communicate risks to stakeholders, tailoring messaging for different organizational levels

• Update our cyber policies to reflect organizational changes and drive maturity

• Spearhead and manage enterprise-wide communications about policy contents and changes  

• Manage Cyber Risk Findings and & Policy Exceptions end-to-end

• Continuously uplevel the Risk and Policy programs in scope and efficiency

What we’re looking for:

• 10+ years experience in a variety of technical and GRC management roles

• The following certifications are required: CISSP plus CISM or CISA. Nice to have: CCSP

• 4-year college degree

• Experience in creating impactful enterprise-wide risk programs

• Strong policy development skills, grounded in an appreciation for the impact of both well-crafted and poorly constructed policy

• Capability to create and drive program objectives

• Experience working with FedRAMP, SOC 2, ISO 27001

• Excellent writing and speaking skills

• Evidence of lifelong learning

Additional Information

Base Pay Range $168,560 - $231,770. Eligible for Bonus Incentive Compensation. Procore is committed to offering competitive, fair, and commensurate compensation, and has provided an estimated pay range for this role. Actual compensation will be based on a candidate’s job-related skills, experience, education or training, and location.

Perks & Benefits

At Procore, we invest in our employees and provide a full range of benefits and perks to help you grow and thrive. From generous paid time off and healthcare coverage to career enrichment and development programs, learn more details about what we offer and how we empower you to be your best.

About Us

Procore Technologies is building the software that builds the world. We provide cloud-based construction management software that helps clients more efficiently build skyscrapers, hospitals, retail centers, airports, housing complexes, and more. At Procore, we have worked hard to create and maintain a culture where you can own your work and are encouraged and given resources to try new ideas. Check us out on Glassdoor to see what others are saying about working at Procore.

We are an equal-opportunity employer and welcome builders of all backgrounds. We thrive in a dynamic and inclusive environment. We do not tolerate discrimination against candidates or employees on the basis of gender, sex, national origin, civil status, family status, sexual orientation, religion, age, disability, race, traveler community, status as a protected veteran or any other classification protected by law.

If you'd like to stay in touch and be the first to hear about new roles at Procore, join our Talent Community.

Alternative methods of applying for employment are available to individuals unable to submit an application through this site because of a disability. Contact our benefits team here to discuss reasonable accommodations.

For Los Angeles County (unincorporated) Candidates:

Procore will consider for employment all qualified applicants, including those with arrest or conviction records, in accordance with the requirements of applicable federal, state, and local laws, including the City of Los Angeles’ Fair Chance Initiative for Hiring Ordinance, the Los Angeles County Fair Chance Ordinance for Employers, and the California Fair Chance Act.

A criminal history may have a direct, adverse, and negative relationship on the following job duties, potentially resulting in the withdrawal of the conditional offer of employment: 1. appropriately managing, accessing, and handling confidential information including proprietary and trade secret information, as well as accessing Procore's information technology systems and platforms; 2. interacting with and occasionally having unsupervised contact with internal/external customers, stakeholders, and/or colleagues; and 3. exercising sound judgment.