You’ll love it because you will…
- Governance Framework Implementation: Develop and implement information security governance frameworks that align with organizational objectives and compliance requirements.
- Policy and Procedure Management: Draft, review, and update information security policies, procedures, and guidelines to ensure they remain relevant and effective.
- Risk Management: Conduct regular information security risk assessments, identify vulnerabilities, and work with relevant stakeholders to implement mitigation strategies.
- Compliance and Auditing: Ensure the organization's compliance with legal, regulatory, and contractual information security requirements. Prepare for and support internal and external audits.
- Training and Awareness: Develop and deliver information security awareness training programs to employees and stakeholders to foster a security-conscious culture.
- Incident Management: Assist in the development and maintenance of the information security incident response plan. Participate in incident response activities and post-incident analyses.
- Stakeholder Engagement: Collaborate with IT, legal, and business units to ensure information security governance initiatives are understood and supported across the organization.
- Continuous Improvement: Monitor emerging security threats, technologies, and governance practices for continuous improvement of the information security governance framework.
- Act as a thought partner and independently identify opportunities for process improvement and effectively managing change
- Solicit feedback and buy-in from internal and external partners
-
We Require...
- 5+ years of relevant with a strong focus on governance, risk management, and compliance (GRC)
- Bachelor's degree in Information Technology, Cybersecurity, Computer Science, or a related field
- Strong knowledge of Information Security and Privacy Frameworks such as ISO 27001/27002, NIST, and GDPR
- Robust knowledge of risk assessment methodologies, information security audits, and compliance assessments
- Proven success in implementing an information security program
- A highly detail-oriented individual
- Leveraging expertise to develop holistic business solutions
- The means to Identify and handle ambiguity in complex situations
- Independent prioritization and self-management responsibilities
- Prior experience working cross-functionally
- Ability to simplify complex ideas
- Receptivity to feedback and buy-in from internal and external partners
- A thought partner who can pinpoint opportunity for process improvement effectively managing change
- A progressive thinker who offers experimental thought leadership
Spanx is proud of our continued Progressive People Practices…
- Company Healthcare Plan: $0.00 out of pocket (Employee only benefit)
Fertility testing and treatment are included in Spanx’s medical plans, even without the diagnosis of infertility.
- Parental Leave Policy: Primary caregiver receives 16 weeks AND will have the option to work a half-time schedule (20 hours per week) for up to four additional weeks with full-time (40 hours per week) pay.
- Mental Health Days: 10 days
- 401K: Matched up to 4% with immediate vesting.
- PTO & Company Holidays: PLUS two full weeks of companywide closures (one in the Spring; one between Christmas and NYE)
- Flex Friday: Year-round half day Fridays!
All your information will be kept confidential according to EEO guidelines.
