Director of Governance, Risk and Compliance (GRC)

Work for HAProxy Technologies

HAProxy Technologies is the company behind the world’s fastest and most widely used software load balancer. We’re a unique collection of talented and passionate people with a shared vision of simplifying the complexity of modern application architectures. HAProxy Enterprise is already an integral piece of the world’s top tech companies with its enterprise class features, services and premium support. HAProxy One, our newest product line, will deliver modern websites and applications with the utmost performance, security and observability at any scale regardless of the environment.

About The Team

In order to meet our ambitious goals, we need to scale our governance, risk and compliance team to accommodate our growing product lines and customer requirements. Under the direction of the VP of Operations, the Director of Governance, Risk and Compliance (GRC) will be responsible for developing, implementing, and operating the Company’s Information Security, Risk & Privacy Program in accordance with all applicable laws, rules and regulatory requirements. We are looking for talented and passionate individuals who have that Whatever It Takes attitude.

Your Duties

The (GRC) Director’s primary duty will be to establish best in class Security, Risk & Privacy programs and policies that will safeguard the company and its partners.

Responsibilities:

  • Develop, enhance, operationalize enterprise-level security, risk and privacy policies, processes and controls to mitigate risk and comply with applicable laws and regulations.
  • Performing activities to monitor and assess the security, risk and privacy controls on an ongoing basis. Work closely with the operational departments (Legal, Engineering, Sales, Support, Operations, …) to develop, monitor policies and standards in compliance with applicable privacy policy & regulations.
  • Collaborate with key stakeholders to review projects, business critical systems and related data to ensure compliance with data privacy laws, and if necessary, perform and advise on privacy impact assessments.
  • Complete ownership and responsibility to answer privacy questionnaires and client required privacy information. Coordinate, conduct and act as primary contact for all internal and external audits (privacy, security & compliance).
  • Lead the development and ongoing management of privacy programs across the company across all locations / jurisdictions.
  • Implement measures and a governance framework to manage data use in compliance with laws and regulations, including developing templates for data collection, assisting with data mapping, and vendor management reviews
  • Identify, track, monitor and report on privacy controls and all applicable Data Privacy requirements. Provide recommendations to stakeholders when appropriate.
  • Responsible for the regulatory training of all employees and contractors.

Your Skills

An compliance-minded leader that has a strong sense of integrity and the ability to balance business interests with the need for compliance standards.

Requirements:

  • Expertise in compliance standards, eg. ISO27K, SOC1/2, SSAE 16, NIST CSF and PCI DSS.
  • Strong understanding of data privacy regulations eg. CCPA, GDPR, HIPAA, PIPEDA, UK DPA and Privacy Shield.
  • Strong understanding and experience in enabling GRC solutions and common control framework for data regulations.
  • Certification(s) Preferred: Certified Information Privacy Professional (CIPP), Certified Information Privacy Manager (CIPM), Certified Information Privacy Technologist (CIPT), CISA, CISM.
  • 5+ years of experience in Information Security and/or Data Privacy Compliance positions.
  • Bachelor’s degree in the IT/Technology or legal field.
  • Ability to work independently in a fast-paced environment and handle multiple complex & confidential tasks.
  • Excellent communication, interpersonal skills, attention to detail and deadlines.
  • Excellent project management and process improvement skills

Bonus:

  • Knowledge of standards NIST, COBIT, SABSA, is an asset
  • Past experience in GRC/privacy based role for a SAAS company is an asset
  • Experience with WAF, Application or Content Delivery Networks is an asset
  • Knowledge of Business Continuity Planning, is an advantage

The Position

This is a full-time, remote role for candidates located in the United States, Canada or Europe.

Great Benefits

Wherever you are located, we put our employees and their families first by offering top of the line health and wellness coverage.

Growth

Being on the cutting edge of technology, employees have great opportunities to upskill and learn a vast array of technologies. Our goal is to promote your professional development and help you progress along one of our multiple career paths.

Job Code

ENG-JF-GRC-1

Max upload size 2Mb. Filetypes PDF, TXT, DOC, DOCX, ODT