Director Security Governance Risk and Compliance

Our Security GRC team sits within Information Security and plays a critical role in earning and maintaining our customers trust. We ensure we meet our duty of care to our customers employees and partners by creating effective governance for upholding internal security policies distributing foundational security expertise across every department to create a strong security culture and bolstering customer and community trust by providing accessible and transparent information about our internal security program. The team and this role partners closely with other security teams Legal Sales HR and many other teams at Tricentis.

The Director reports to the Chief Information Security Officer and leads a team of professionals to oversee key programs and collaborates with business leaders to reduce business risk and support the Tricentis global growth strategy.

The director will use collaborative change management tactics that builds engagement establishes trust and effective relationships and ownership and inspires enthusiasm across the company. This is a strategic leadership role that has a strong handson component requiring a mix of strategic forethought people leadership and handson .

The Director plays a critical role in corporate M&A processes and customer and internal incident response and will also be responsible for building and maintaining a forward leaning compliance posture looking at the global compliance and regulatory landscape as a guide to help design and execute on a strategic roadmap. If you hate silos this is the company for you. This role will assist in building deeper layers of transparency and accountability while ensuring all roles have visibility to drive appropriate planning allocation and delivery.

What Youll Do:

• Lead and manage a global team to oversee security governance risk compliance customer trust and privacy activities reporting directly to the CISO.
• Directly manage and own the security policies procedures and controls with the goal of maintaining compliance to applicable regulations and beyond.
• Develop and implement a comprehensive information security risk management program including risk strategy selfassessment and analysis programs.
• Foster strong relationships with internal stakeholders external auditors and vendors while managing M&A due diligence training and awareness initiatives.
• Oversee data governance product certification and compliance efforts to align with regulatory controls while optimizing engineering velocity.
• Configure and maintain GRC tools for compliance evidence collection gap identification and risk management.
• Collaborate with Privacy Counsel on ISO 27701 certification lead security audits and refine policies and practices to meet evolving regulatory requirements.
• Support sales and marketing teams with certification roadmaps compliance reporting and alignment of initiatives with executive leadership goals.
• Foster continuous partnership with the sales team to maintain trust and transparency with customers ensuring clear communication of security and compliance efforts while addressing customer concerns and expectations
• Create and manage a security M&A due diligence plan.
• Use managementbyinfluence to drive operational changes in a proactive and supportive way that builds unity across corporate divisions.
• Work with the Marketing team to identify Level of Effort and ROI for new certifications while also ensuring that our Compliance & Certification efforts are adequately reflected in Marketing materials.
• Partner with engineering product management and customerfacing teams to create effective processes that ensure we meet the needs of our customers in the most optimized and compliant way possible.
  

Who You Are:

• You are an empathetic leader that seeks to understand each project team members strengths and constraints.
• You have a willingness to jump in and empower stakeholders to be editors instead of authors.
• You are comfortable at both the strategic and tactical level. You see the big picture and can create an inspirational vision but you thrive in leading and executing strategic initiatives of your own.
• You have the ability to work directly with Individual Contributors while also preparing & presenting reporting for Senior Leadership.
• While you are not responsible for the Security of the product you should have a highlevel familiarity with standard Security concepts as well as standard development frameworks such as Agile DevOps DevSecOps etc.
• You should be comfortable interacting with external stakeholders such as CTOs CISOs and VPs of Procurement.
• You will assist in streamlining our revenue pipeline by responding to and subsequently automating responses to our customers thirdparty validation activities.
  

Qualifications:

Experience:

• 10 years of experience in Governance Risk and Compliance or a related field with at least 35 years in a leadership or managerial position.
• Extensive experience in managing security policies procedures and controls in complex highly regulated environments.
• Proven track record of leading audit activities including internal assessments external compliance audits and thirdparty vendor management.
• Experience in developing and implementing risk management programs incident response strategies and data governance.
• Strong understanding of industry standards and regulatory frameworks (e.g. GDPR HIPAA SOC 2 ISO 27001 ISO 27701 ISO 9001 ISO 42001 DORA NIST).
• Strong understanding of Secure Controls Framework (SCF) and experience in implementing monitoring and continuously improving security controls to mitigate risks and ensure compliance with industry standards and regulatory requirements
• Experience in working closely with executive leadership product teams legal counsel and external auditors to ensure alignment with business goals and regulatory compliance.
• Strong communication and leadership skills to influence decisionmaking and drive operational change across various departments.

Preferred Certifications / Experience:

• GxP / FDA / ICH (leading certification efforts)
• FedRamp / FISMA (leading certification efforts)
• SarbanesOxley Act (SOX) and financial reporting audits
• LogicGate Administration
• Information security certification or risk management certifications preferred (CISA CISM CRISC CISSP)
• CIPP/e /us (or equivalent experience)
• HIPAA & HITECH (leading certification efforts)
  

Why Youll Love Working at Tricentis:

• Were passionate creators of products of experiences and of the future of software testing automation.
• We offer great benefits like flexible working hours 100 coverage of medical & dental premiums and company paid volunteer days.
• We live our values of Customer Success Continuous Innovation One Team Empowerment and Give Back. Team members truly want the best for each other and the company. People are happy to share their insights and lend help when needed.
• Our commitment to diversity and inclusion runs deep. We actively seek out those with different perspectives and consciously take steps to ensure everyone has a voice. We want to make the best; most innovative products and we need multiple perspectives to do that. That isnt just lipservice; we update our processes if we find a way it can be more inclusive.
• You will have the opportunity to make a real and meaningful impact for more than 1800 global customers with the best continuous testing platform in the world.
  

Our Package:

• Flexible working hours (no core time)
• Market competitive salary and annual performancebased bonus
• Supportive and engaged leadership team
• Career path and professional and personal development
• 401(k) plan full benefits package available
• Company paid Disability and Life Insurance
• Hybrid work environment
• Our commitment to diversity and inclusion runs deep. We actively seek out those with different perspectives and consciously take steps to ensure everyone has a voice
• Company paid holidays PTO and volunteer days

Tricentis is proud to be an equal opportunity workplace. Qualified applicants will receive consideration for employment without regard to race color religion sex national origin sexual orientation gender identity disability or protected veteran.

About The Company:

Tricentis is the global leader in enterprise continuous testing widely credited for reinventing software testing for DevOps cloud and enterprise applications. The Tricentis AIbased continuous testing platform provides a new and fundamentally different way to perform software testing. An approach thats totally automated fully codeless and intelligently driven by AI. It addresses both agile development and complex enterprise apps enabling enterprises to accelerate their digital transformation by dramatically increasing software release speed reducing costs and improving software quality.

Founded in 2007 Tricentis has been widely recognized as the leader in enterprise test automation by all major industry analysts including Forrester IDC and Gartners Magic Quadrant five years in a row. Tricentis has global offices throughout AMS / EMEA / APAC including Austria Australia Belgium Denmark France Germany India Poland Singapore Sweden Switzerland The Netherlands United Kingdom and the USA.