Manager, Security GRC
Marigold helps brands foster customer relationships through the science and art of connection. Marigold Relationship Marketing is a suite of world-class martech solutions that help marketers create long term customer love and loyalty. Marigold provides the most comprehensive set of use cases for marketers at any level. Headquartered in Nashville, Tennessee, Marigold has offices globally across the United States, Europe, Australia, New Zealand, South America and Central America, as well as in Japan.
At Marigold we are committed to accommodating the email marketing needs of growing companies, which is the philosophy behind our continuous additions of innovative marketing technologies. We have an opportunity for a Manager of Governance, Risk, and Compliance (“GRC”) to join our global Security GRC Team, helping Marigold to realize its mission by addressing key security and compliance challenges in our global Security Program, and to build trust with customers and prospects.
We are looking for a talented and motivated individual who is looking to take the next step in their information security career with formal management responsibilities and a desire to improve on the status quo. The ideal candidate will have excellent communication skills, a working knowledge of current information security related compliance frameworks, and experience in designing and assessing information security controls across a broad range of domains including, but not limited to asset management, third party security, logical access, and other related domains. Successful candidates have led and managed external audits.
You will join the team as a “player-coach” whose primary focus is supporting Marigold’s global GRC program through management and execution of security assurance and compliance activities, including ISO 27001, SOC 2, and other compliance audits, providing technical security advisory support to our sales and support teams when dealing with requests for information from Marigold’s customers and prospects, with additional opportunities in related formal programs for vendor risk management, internal audit, and IT risk management.
This role will report to the VP Security, Chief Information Security Officer.
Drive, manage, and improve ongoing external audit activities (SOC 1, SOC 2, ISO 27001)
Participate as a member of the Information Security Management team to drive improvements in team direction and capabilities.
Lead and develop a growing GRC team.
Plan, manage and execute on technology and security assurance activities (user reviews, process and technical assessments)
Respond to customer security questionnaires
Participate in customer / prospect security meetings
Participate as a member of the Information Security team to ensure all the latest security capabilities and features are accurately represented
Influence change across other teams to improve the organizational security posture
Represent the Information Security team through interactions with other internal business teams (Product, Engineering, Finance, Sales, Client Support, etc.)
Develop expertise on Marigold’s products and services from a security lens
Equivalent experience: 3+ years
Direct experience leading external audit responses (e.g. SOC 2 Type 2, ISO 27001, etc.)
Direct experience with IT risk management activities; participating in risk assessments, business impact analysis, etc.
Demonstrated strong verbal communication and presentation skills; this role must communicate effectively across a wide range of stakeholders
Working knowledge gained from direct experience in the following areas:
External audit response (SOC, ISO 27001)
security questionnaire formats e.g. SIG, CAIQ, etc.
IT risk management activities - participating in risk assessments, business impact analysis, etc.
Working knowledge of the following Information Security related areas:
Concepts including, but not limited to, security policy management and governance, data and transmission encryption, network and endpoint security, identity management and user access principles.
Technologies including, but not limited to firewalls & WAFs, encryption, remote access systems, MFA
Working knowledge of privacy legislation and requirements such as GDPR, CCPA
Direct experience mapping questionnaires to industry standard controls
Direct experience working with questionnaire library products e.g. Loopio, Whistic, etc.
Direct experience with external audit within a SaaS organization / environment
Industry relevant certifications (ICS2, ISACA)
Functional understanding of privacy legislation and requirements such as GDPR, CCPA
Degree qualified in a related IT discipline
Competitive salary and benefits including: medical/dental/vision, life and accident insurance, 401(k)
Unlimited PTO (we call it Open Time Away) and a generous paid holiday schedule
Flexible work hours
Training budget to ensure you are always learning and growing