Senior IS&T Governance Partner

Requirements

• A seasoned GRC / Information Security professional with 6-10+ years of experience across information security, compliance, risk management, and regulatory frameworks in technology-driven environments.
• Deeply experienced in security and compliance standards such as ISO 27001, SOC II, FedRAMP, PCI DSS v4, ISO 42001, and data protection regulations (e.g., GDPR, CCPA), with a strong understanding of how they apply in modern SaaS and AI platforms.
• A trusted advisor who can confidently engage with engineers, product leaders, legal teams, auditors, and enterprise customers, translating complex regulatory requirements into clear, practical actions.
• A hands-on operator who is comfortable moving between strategic governance design and detailed control implementation, audits, and evidence generation.
• A builder of scalable governance who designs processes and controls that enable speed and innovation rather than slow them down.
• A culture carrier who naturally embeds security, privacy, and compliance thinking into everyday decision-making across the organization.
• Analytical and pragmatic, balancing regulatory rigor with business reality to deliver solutions that are both compliant and operationally efficient.
• Resilient under pressure, remaining structured, credible, and decisive in audits, customer security reviews, and high-stakes compliance discussions.
• A continuous learner who stays current on emerging regulations, security standards, and best practices in cloud security, AI governance, and data protection.

Responsibilities

• Act as a core member of the remotely distributed IS&T Governance team, fostering a strong culture of security and compliance awareness across planning, development, and operational activities.
• Ensure that changes in product, development, and operational processes are properly documented, risk-assessed, and reviewed in a timely and structured manner.
• Partner with the Commercial organization by supporting security and compliance questionnaires, contributing to contract and DPA reviews, and participating in customer calls as a trusted subject matter expert.
• Manage and respond to incoming requests related to compliance, information security, and regulatory topics, providing clear, pragmatic, and actionable guidance to internal stakeholders.
• Serve as the internal authority on information security best practices, continuously promoting industry standards and driving their consistent adoption across the organization.
• Lead and support the preparation, execution, and continuous maintenance of security certifications and regulatory frameworks (e.g., ISO 27001, ISO 22301, SOC 2, PCI DSS, HIPAA).
• When new certifications or regulatory frameworks are required, take ownership of understanding the applicable security and legal requirements in close alignment with Legal and the DPO, and translate them into hands-on guidance for engineering, product, and operations teams.
• Drive the practical implementation and adoption of compliance controls by embedding governance and security requirements into daily workflows and technical designs.
• Contribute to the definition and continuous improvement of governance processes, policies, and standards to ensure scalability and long-term audit readiness.
• Support risk assessments, DPIAs, and control design activities for new products, features, and architectural changes.

Benefits

Skills