Team

Our Security Assurance department is in the business of trust, transparency, and advisory. We aim to prove to others and ourselves that we are trustworthy and do what we say. We deliver on this by aligning missions across four core programs: Supply Chain Risk Management, Privacy Operations, Security GRC, and Customer Trust & Security. In addition, we have a team of intelligent, dedicated, and highly collaborative SMEs responsible for building and maintaining well-defined solutions that help grow our business.

To support our growth and ambitious vision, we embrace agile principles and values, share openly, apply context-driven security mechanisms, default to action, and have an OSS-first mindset. We are a 100% remote company.

Role

The Senior Security GRC Manager will collaborate with teams across the company to understand, contextualize, design, implement, and report on our global security, risk, compliance and technology requirements for security. Ideally, you would be familiar with operating in a cloud-native, remote product organization.

This is a people manager role reporting to the Director of Security Assurance.

Skills

A successful candidate in this role would be able to:

Develop, build, and roll out information, cyber, open source and cloud security governance frameworks.

Lead a security governance structure that drives effective decision-making across the Grafana leadership team.

Establish a cadence for security program reviews, support existing accreditations and identify strategic maturity opportunities for compliance.

Implement a mechanism for quantifiable risk-based security evaluation, prioritization and ownership.

Build partnerships with cross-functional stakeholders who are decision-makers for security initiatives.

Socialize and provide awareness of policies, standards, processes, and controls with relevant stakeholders.

Design a comprehensive Security Risk Management framework aligned with the business and security strategies.

Develop and manage Security GRC reporting metrics and dashboards.

Partner with engineering and operations teams on the business continuity and digital resilience program.

Identify, design, and implement process improvement initiatives to ensure scalability, allowing us to work smart and reduce repetitive tasks for customers and internal teams.

Knowledge

You should know a lot about:

Security governance, risk management and compliance engineering in cloud-native environments (GCP, AWS, Azure, Kubernetes, LogicGate, Secureframe, Jira, ServiceNow GRC).

Information security frameworks and standards (SOC 2, ISO 27001, ISO 27018, ISO 27017, ISO 22301, CISv8, CSA STAR and TISAX).

Securing the workforce of a remote-first organization.

Operationalizing Business Impact Assessments (BIAs) and Business Continuity Management Systems (BCMS).

Translating minimum viable policies into realistic and measurable controls. Read more here: https://grafana.com/blog/2021/12/20/the-values-behind-scaling-cloud-native-security-at-grafana-labs/

You should have some knowledge of the following:

Privacy regulations and frameworks (GDPR, CPRA/CCPA, CSA CoC for GDPR, Privacy Shield, SCCs, ISO 27701).

Corporate IT security operations, technology trends, and current cyber threat landscape.

Working with Solutions Engineers and GTM teams to provide adequate artifacts for customer requirements.

Aptitude

You should be able to demonstrate the following:

Passion for understanding our customers, open source community, products, culture, and business model.

A strong desire to learn in a rapidly growing and dynamic startup environment.

Ability to work closely with end users in a consulting or support capability.

Excellent written and verbal communication skills.

Good interpersonal skills and capabilities to build long-term business relationships.

Education

BS/MS degree in engineering, computer science, or information security, or equivalent experience.

CISSP, CISA, CISM and/or other cloud security solutions certifications are a plus

About Grafana Labs: There are more than 950,000 active installations of Grafana around the globe, monitoring everything from beehives to climate change in the Alps. The instantly recognizable dashboards have been spotted everywhere from a NASA launch and Minecraft HQ to Wimbledon and the Tour de France. Grafana Labs also helps companies including Bloomberg, JPMorgan Chase, and eBay manage their observability strategies with full-stack offerings that can be run fully managed with Grafana Cloud, or self-managed with Grafana Enterprise Stack. The Grafana stack has grown to include four other open source projects, Grafana Loki (for logs), Grafana Tempo (for traces), Grafana Mimir (for metrics), and Grafana OnCall (for on-call management).

Benefits: For more information about the perks and benefits of working at Grafana, please check out our careers page.

A note about covid-19: All Grafanistas who wish to attend in-person events or travel for Grafana Labs must be fully-vaccinated.

Equal Opportunity Employer: At Grafana Labs we're building a company where a diverse mix of talented people want to come, stay, and do their best work. We know that our company runs on the hard work and the dedication of our passionate and creative employees. If you're excited about this role but your experience doesn't align perfectly with every qualification in the job description, we encourage you to apply anyways.

We will recruit, train, compensate and promote regardless of race, religion, colour, national origin, gender, disability, age, veteran status, and all the other fascinating characteristics that make us different and unique. We believe that equality and diversity builds a strong organisation and we're working hard to make sure that's the foundation of our organisation as we grow.

For information about how your personal data is used once you've applied to a job, check out our privacy policy.

Summary
Company name: Grafana Labs
Remote job title: Senior Manager, Security GRC
Job tags: ISO 22301, Cloud Native, CISSP