Director, Information Security Governance, Risk & Compliance
Director, Information Security Governance, Risk & Compliance
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Job Description
Teamwork makes the stream work.
Roku is changing how the world watches TV
Roku is the #1 TV streaming platform in the U.S. Canada and Mexico and weve set our sights on powering every television in the world. Roku pioneered streaming to the TV. Our mission is to be the TV streaming platform that connects the entire TV ecosystem. We connect consumers to the content they love enable content publishers to build and monetize large audiences and provide advertisers unique capabilities to engage consumers.
From your first day at Roku youll make a valuable - and valued - contribution. Were a fast-growing public company where no one is a bystander. We offer you the opportunity to delight millions of TV streamers around the world while gaining meaningful experience across a variety of disciplines.
About the Team
The Trust Engineering Team builds platforms used by all cloud engineers at Roku. Together these components are designed to be a cost-effective and secure platform of services Roku engineers use globally. The Trust GRC team owns the following segments:
- Privacy
- Customer Trust
- Cyber Security Training
- Policy
- Vendor Management
- Compliance with PCI SOX and GDPR
- Risk Registry
Our team members are smart collegial collaborative and focused on building the best-in-class platform. We foster a culture of experimentation looking for the best idea to take the day. As a leader on this team our Director Development Operations models this behaviour: If were not trying new things were not growing. And we need to grow and adapt so that Roku stays on top.
About The Role
The goal of GRC is to align IT Development and Operations with business goals while managing risks and meeting regulations. Assisting the organizations in avoiding poor and delayed decision making about cyber security risks.
What You Will Be Doing
As Director GRC you will lead Trusts GRC organization. This role involves responsibilities in the following key areas:
- Develop and implement security policies standards and guidelines
- Manage a team of GRC leaders
- Communicate security concerns and exposures
- Work with business and IT to deliver security solutions
- Identify and prioritize business risks
- Collaborate with stakeholders to implement security controls
- Maintain a risk repository
- Monitor compliance with laws and regulations
- SOX
- PCI
- GDPR / Privacy
- Develop strategies to improve governance practices
- Manage vendor security and risk assessments
- Manage corporate cybersecurity training
- Conduct annual tabletop exercises
Were Excited If You Have
Leadership Skills
- Expertise within a strategic engineering leadership role setting vision and leading teams of 15 people with excellent experience in leading and evolving managers.
- You enjoy building a world-class team attracting inspiring and retaining top talent. You will continue our build-out of a world class team of GRC analysist and engineers by attracting and hiring high quality talent across US UK and India. We are expanding in India so part of your time in this role will involve working closely with rest of engineering in supporting a development centre in India and attracting the best talent there
You have excellent soft skills and can effectively communicate and drive alignment with a diverse set of people ranging from developers to Roku executives
- Demonstrated ability to engage senior leadership and drive strategic outcomes
- Demonstrated ability to work with internal users as customers
- You enjoy the challenge of building internal platforms cross-team collaboration influencing the direction of the work and substantively contributing to system architecture
- Work with senior management and align roadmaps communication strategy and evolution of platform based on their feedback and users of our platform
- You are self-driven and enjoy taking complete ownership of initiatives
Business Skills
- Strong business acumen to quickly learn new business processes and understand how application performance requirements support the business in achieving revenue and profit goals
- Excellent collaboration skills must be eager to work as part of a cohesive team and work as a partner to other teams within Roku locally and globally
- Exceptional communication skills including the ability to gather relevant data and information actively listen dialogue freely verbalize ideas effectively negotiate tense situations successfully and manage and resolve conflict
- Proven presentation and facilitation skills
- Must excel working in team-oriented roles that rely on ability to collaborate with others
Technical Skills
- Experience within Cloud providers like AWS GCP and data canters
- Strong architectural abilities towards building a holistic experience
- Experience with Vendor Risk tools like SecurityScorecard UpGuard CyberGRX or OneTrust
- Experience with AI to automate security processes
- Expertise leading cyber security or technology teams.
- Expertise of documenting and implementing security policies standards and/or controls.
- Prior experience leading GRC efforts / program.
- Expert understanding of security best practices including NIST CSF NIST 800-53 ISO27001 and PCI DSS. Previous experience working with one of these frameworks.
- Knowledge of global regulatory standards and experience conducting assessments on SOX PCI GDPR
- Knowledge pertaining to global geographic data residency regimes
- Expert level of Information Security policy development and process creation
- Demonstrated ability to apply organizational information security policies
- Comfortable with interfacing with other internal or external organizations regarding security policy and standards violations security controls failure and incident response situations.
- Strong experience developing methods and procedures for risk analysis and mitigation to include Vulnerability Management (VM)
- IT Audit internal Audit and/or risk advisory experience is a plus
- Experience in managing cyber security training programs
- Experience in developing and conducting tabletop exercises
- Bachelors in Computer Science or equivalent work experience
- Ability to demonstrate security experience via certifications or significant career accomplishments.
#LI-AM3
Benefits
Roku is committed to offering a diverse range of benefits as part of our compensation package to support our employees and their families. Our comprehensive benefits include global access to mental health and financial wellness support and resources. Local benefits include statutory and voluntary benefits which may include healthcare (medical dental and vision) life accident disability commuter and retirement options (401(k)/pension). Our employees can take time off work for vacation and other personal reasons to balance their evolving work and life needs. Its important to note that not every benefit is available in all locations or for every role. For details specific to your location please consult with your recruiter.
The Roku Culture
Roku is a great place for people who want to work in a fast-paced environment where everyone is focused on the companys success rather than their own. We try to surround ourselves with people who are great at their jobs who are easy to work with and who keep their egos in check. We appreciate a sense of humor. We believe a fewer number of very talented folks can do more for less cost than a larger number of less talented teams. Were independent thinkers with big ideas who act boldly move fast and accomplish extraordinary things through collaboration and short at Roku youll be part of a company thats changing how the world watches TV.
We have a unique culture that we are proud of. We think of ourselves primarily as problem-solvers which itself is a two-part idea. We come up with the solution but the solution isnt real until it is built and delivered to the customer. That penchant for action gives us a pragmatic approach to innovation one that has served us well since 2002.
To learn more about Roku our global footprint and how weve grown visit providing your information you acknowledge that you want Roku to contact you about job roles that you have read Rokus Applicant Privacy Notice and understand that Roku will use your information as described in that notice. If you do not wish to receive any communications from Roku regarding this role or similar roles in the future you may unsubscribe here at any time.
Required Experience:
Director
Employment Type
Full Time
