Director, Governance, Risk, Compliance (GRC)
About the Position:
The Compliance Manager will be an integral part of the team responsible for our growing global compliance program. This person should be an agile compliance manager that has the ability to quickly ramp up on security requirements needed in order to acquire FedRAMP certification, with direct experience working with 3PAO’s, policies and security controls in line with ISO 27002 and NIST 800-53.
This position will help guide many large and complex projects and will work closely across partner teams in Security, Operations, Engineering and Product Management. This person must have the ability to capture and articulate technical regulatory requirements, in a manner that brings clarity and eliminates confusion. The successful candidate has a communicative and collaborative approach to management. You know how to assess risks, and you’re adept at guiding individual teams in striking a healthy balance between their needs and the needs of the larger program. You set a high standard in your own work, and also enjoy helping others with their project challenges. This role will require a mix of business and technical acumen, the ability to inspire and influence decisions pertaining to regulatory standards and a polished ability to communicate with key stakeholders.
- Analyze, assess and recommend security controls for FedRAMP compliance
- Perform compliance management and oversight of Scrum teams for implementing security controls
- Work with auditors, applications, infrastructure and other teams to achieve and maintain FedRAMP compliance
- Customer focus and ability to leverage intuition, customer input, and data to rapidly test and validate products and features.
- Designing security strategy phases needed to achieve compliance objectives against a deadline, with our ideal state on a collaborative timeline.
- Taking on in-flight compliance programs including FedRAMP, HIPAA and GDPR efforts and others as they come online
- Relationship management and leadership of cross-cutting security development projects
- Guide vision for evidence creation, validation, and assessment workflows
- Self-motivated and not afraid to tackle unknowns, demonstrate a strong bias to action
- Strong verbal, presentation and written communication skills with the ability to appropriately communicate with the intended audience
- Proven track record of handling multiple projects simultaneously.
- Participate in the development and oversight of required corrective action plans relating to security compliance issues.
- Support business relationships with the internal and external security auditors and regulators.
- Support the communication of policies, procedures, and plans to internal stakeholders regarding security and compliance best practices around applicable laws, regulations, and controls.
- Partner with internal teams to ensure successful security programs that align with compliance requirements.
- Have confidence running large scale cross-cutting projects, requiring parallel efforts from dozens of teams.
- Have the uncanny ability to see dependencies, blockers, gotchas and curveballs before others do, and your detailed project planning will account for them.
- Ability to balance security priorities with compliance needs.
- Strong and proven project management skills required.
- Experience with developing security and compliance reporting.
- Understanding of FedRAMP controls and Federal agency security requirements and processes.
- Experience in Agile, Lean and/or scrum methodologies, not afraid to try and develop new process or methods
- Demonstrated successful leadership skills with the ability to work effectively across various levels.
- Clear experience and working knowledge of documentation management and GRC tools is a plus.
- Exemplary track record of implementing innovative risk countermeasures and security controls specific to PCI-DSS, SSAE-16 and ISO-27001.
- Self-directed and well organized; must be able to work with minimal supervision and meet deadlines with multiple projects
- Experience in articulating security posture in a structured form, e.g. via RFP/RFI or questionnaires preferred
- Certifications in one or more of the following areas preferred: CISSP, CISA, CISM, GCIH, CIPP, CC
About Our Benefits:
- Competitive medical, dental, and vision insurance for you and your family
- 401(k) and pre-tax health care, dependent care and commuter benefits (FSA)
- “No policy” vacation policy
- Commute up the peninsula on the MuleSoft shuttle
- Gym discounts and on-site yoga classes
- Mac or PC
- Fully stocked kitchen, regularly catered lunches, weekly happy hours, family nights
- Annual, all-company weeklong MeetUp trip for collaboration, learning, and inspiration
Meet Some of MuleSoft's Employees
Team Lead, Account Development
Tracy coaches, trains, and provides continuous sales education for her MuleSoft Account Development Representative Team. She executes on finding qualify opportunities that result in closed won business.
Back to top