Director, Technology Governance, Risk and Compliance (GRC)
- San Jose, CA
Changing the world through digital experiences is what Adobe's all about. We give everyone-from emerging artists to global brands-everything they need to design and deliver exceptional digital experiences! We're passionate about empowering people to create beautiful and powerful images, videos, and apps, and transform how companies interact with customers across every screen.
We're on a mission to hire the very best and are committed to creating exceptional employee experiences where everyone is respected and has access to equal opportunity. We realize that new ideas can come from everywhere in the organization, and we know the next big idea could be yours!
The Director of Technology GRC (Governance, Risk & Compliance) will report to the SVP - Chief Security Officer and leads both strategic and tactical Technology Governance, Risk & Compliance programs across the company. The ideal candidate will "roll up" their sleeves to dig into details around all areas of risk and compliance including evaluating aspects of controls around people, process and technology; identifying risk-based solutions and mitigating system technology control gaps; partnering with business, and other partners to support the company's global growth and expansion. This strategic leadership position will interact directly with internal groups and external customers promoting Adobe's security and compliance standards, policies and procedures. Your prior operating and leadership experience in global, cross-functional and collaborative environments will ensure your success in this dynamic, high-impact position!
What you'll do
- Lead and manage the global Technology GRC group.
- Partner with rest of the Security team to identify strategic technology standard methodologies applicable for Adobe, and lead initiatives to drive awareness, adoption, adherence and automated monitoring of those.
- Lead a team of software composition analysts to identify potential 3rd party IP related liabilities and scan/clean Sour Code repo's on an ongoing basis in partnership with Legal.
- Provide global security compliance Subject Matter Expertise to all business units across Adobe.
- Oversee the execution and adoption of enterprise-wide Common Controls Framework (CCF).
- Ensure successful collaboration and alignment with key business leaders (IT, Security, Engineering, Internal Audit and Legal) for all Technology compliance efforts.
- Execute a continuous compliance monitoring and auditing program with an emphasis on automation.
- Oversee the management of an organization-wide Information Security policy framework and develop a set of enterprise policies and minimum standards in line with business objectives, laws and regulations.
- Oversee the exception management process for Information Security policies.
- Partner with the Vendor Management group to execute an ongoing vendor monitoring program to ensure technology and security risks are managed on an ongoing basis.
- Ensure that controls are adequate based on laws and regulatory expectations and industry standards (e.g. AICPA, ISO, PCI-DSS, SOX, GLBA, HIPPA, NIST etc.)
- Work with cross-company business operations' teams to establish and drive across several time horizons (i.e. weekly, quarterly, annually & and multi-year/strategic-planning)
- Oversee the development of realistic and robust plans to support complex audits and initiatives.
- Design and implement reliable and scalable governance gaps assessments to applicable regulations, and industry practices
- Drive accountability among various business functions and shared services by defining and implementing risk-based metrics.
- Business performance: drive cadence for prep and reviews for quarterly progress towards achievements, including quarterly communication updates, to multiple levels within the organization.
- Build out and executive upon a technology and security risk management strategy with clear roadmap deliverables.
- Lead ongoing remediation activities in relation to audit, compliance, and assessment findings.
- Build and lead a team of FedRAMP SME's to support Adobe's strategic market expansion in the US Fed Gov space.
- Partner with rest of the Security team to identify strategic technology standard methodologies applicable for Adobe, and lead initiatives to drive awareness, adoption, adherence and automated monitoring of those
- Build effective, trusting business relationships across the organization to support Adobe's strategic business direction in alignment with Adobe's Core Values and Capabilities
- Partner with other leaders and functional partners to drive initiatives including alignment of resources to the top priorities in service to the stated vision and strategy
- Model the Adobe Capabilities which include Being Creative, Being Focused and Being a Leader
What is needed to succeed
- 10+ years of shown experience in a compliance and regulatory role within a high-tech software company.
- BA or BS degree in a related field or equivalent practical experience; Engineering, Business, Finance; MBA preferred.
- Ability to build strong partnerships in a matrixed environment.
- Ability to effectively manage across multiple business/functional units and/or multiple programs.
- Excellent communication skills, written, verbal
- Ability to communicate objectives, plans, status and results clearly.
- Extraordinary ability to program manage across complex operations
- Critical thinking skills and able to take sizable problems and break them into small meaningful pieces as well as being able to utilize data to derive insights from metrics
- Track record of identifying and implementing creative solutions.
- Comfort with ambiguity, a can-do attitude and attention to operational details
- Ability to develop relationships and partnerships at all levels of the organization, exhibit strong leadership and influencing skills, and design, implement, and lead change management initiatives
- Ability to learn, grow and take on expanded duties as business needs evolve
- Excellent leadership skills and ability to communicate and influence at all levels and inspire through leadership to develop individuals and teams.
- Superb judgment and integrity, including excellent decision-making skills and a sense of urgency
Specialized Skills Desired:
- Internal and External Auditing
- Cloud Computing and Cloud Security
- PCI Assessment
- Vendor Security Management, Vulnerability Management (scans and penetration testing and Business Continuity Planning
- Experience with regulatory and compliance frameworks (FedRAMP, AICPA, ISO, PCI-DSS, SOX, GDPR, GLBA, HIPPA, NIST, others)
- Security and Compliance certifications (CISSP, CISA, CIA)
- Experience with other security processes (e.g.: Pen Testing, Vulnerability Scanning, Secure Coding, etc.)
Get to know the team
You will partner closely with the CSO and his leadership team. The CSO leads the vision, strategy, and operational direction for enterprise security, as well as communicates the mission of cybersecurity with broader executive leadership. The security of enterprise data is critical to the present and future success of Adobe. The Security team plays a key role in driving the cyber security program to proactively identifying and mitigating threats to the business, devise strategies for response and vulnerability management and maintaining relationships across the business to educate and promote information management practices. The global cross functional team includes direct and indirect teams spread across cloud, security operations, application, data, trust & safety, GRC, accessibility and other areas.
At Adobe, you will be immersed in an exceptional work environment that is recognized around the world. You will also be surrounded by colleagues who are committed to helping each other grow through our unique Check-In approach where ongoing feedback flows freely. If you're looking to make an impact, Adobe's the place for you. Discover what our employees are saying about their career experiences on the Adobe Life blog and explore the meaningful benefits we offer.
Adobe is an equal opportunity employer. We hire hardworking individuals, regardless of gender, race or color, ethnicity or national origin, age, disability, religion, sexual orientation, gender identity or expression, or veteran status. We know that when our employees feel appreciated and included, they can be more creative, innovative and successful. This is what it means to be Adobe For All. Learn more about our vision here.
We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.
Back to top