Director of Governance, Risk and Compliance (GRC)
- Remote - United States, Canada, Europe
- Full-Time
HAProxy Technologies is the company behind HAProxy, the world’s fastest and most widely used software load balancer. Organizations rapidly deploy HAProxy products to deliver websites and applications with the utmost performance, observability and security at any scale and in any environment. HAProxy Technologies is headquartered in Newton, MA, with multiple offices across the US and Europe.
The (GRC) Director’s primary role will be to establish best in class Security, Risk & Privacy programs and policies that will safeguard the company and its partners.
Develop, enhance, operationalize enterprise-level security, risk and privacy policies, processes and controls to mitigate risk and comply with applicable laws and regulations.
Performing activities to monitor and assess the security, risk and privacy controls on an ongoing basis. Work closely with the operational departments (Legal, Engineering, Sales, Support, Operations, …) to develop, monitor policies and standards in compliance with applicable privacy policy & regulations.
Collaborate with key stakeholders to review projects, business critical systems and related data to ensure compliance with data privacy laws, and if necessary, perform and advise on privacy impact assessments.
Complete ownership and responsibility to answer privacy questionnaires and client required privacy information. Coordinate, conduct and act as primary contact for all internal and external audits (privacy, security & compliance).
Lead the development and ongoing management of privacy programs across the company across all locations / jurisdictions.
Implement measures and a governance framework to manage data use in compliance with laws and regulations, including developing templates for data collection, assisting with data mapping, and vendor management reviews.
Identify, track, monitor and report on privacy controls and all applicable Data Privacy requirements. Provide recommendations to stakeholders when appropriate.
Responsible for the regulatory training of all employees and contractors.
An compliance-minded leader that has a strong sense of integrity and the ability to balance business interests with the need for compliance standards.
Bachelor’s degree in the IT/Technology or legal field.
5+ years of experience in Information Security and/or Data Privacy Compliance positions.
Expertise in compliance standards, eg. ISO27K, SOC1/2, SSAE 16, NIST CSF and PCI DSS.
Strong understanding of data privacy regulations eg. CCPA, GDPR, HIPAA, PIPEDA, UK DPA and Privacy Shield.
Strong understanding and experience in enabling GRC solutions and common control framework for data regulations.
Certification(s) Preferred: Certified Information Privacy Professional (CIPP), Certified Information Privacy Manager (CIPM), Certified Information Privacy Technologist (CIPT), CISA, CISM.
Excellent project management and process improvement skills.
Ability to work independently in a fast-paced environment and handle multiple complex & confidential tasks.
Excellent communication, interpersonal skills and attention to details & deadlines.
Bonus:
Knowledge of standards NIST, COBIT, SABSA, is an asset.
Past experience in GRC/privacy based role for a SAAS company is an asset.
Experience with WAF, Application or Content Delivery Networks is an asset.
Knowledge of Business Continuity Planning, is an advantage.
We’re a unique collection of talented and passionate people with a shared vision of simplifying the complexity of modern application architectures. In order to meet our ambitious goals, we need to scale our governance, risk and compliance team to accommodate our growing product lines and customer requirements. Under the direction of the VP of Operations, the Director of Governance, Risk and Compliance (GRC) will be responsible for developing, implementing, and operating the Company’s Information Security, Risk & Privacy Program in accordance with all applicable laws, rules and regulatory requirements. We are looking for talented and passionate individuals who have that Whatever It Takes attitude.
This is a full-time, remote role for candidates located in the United States, Canada or Europe.
Wherever you are located, we put our employees and their families first by offering top of the line health and wellness coverage.
Being on the cutting edge of technology, employees have great opportunities to upskill and learn a vast array of technologies. Our goal is to promote your professional development and help you progress along one of our multiple career paths.
View other open positions >