Senior Governance, Risk, Compliance (GRC) Program Manager

 

 

Introduction

Are you searching for an opportunity to play a key role in driving the dramatic growth of a highly successful software company? 

At Poppulo, we’re working on what’s next in communications and workplace technology. As a pioneer in this industry, we understand that meaningfully reaching every employee is hard. And so is managing office space in a hybrid world. And so is improving the customer and guest experience. We exist to make each of these things easier. We exist to bring harmony to our customers. 

And we do that at enterprise scale. Our omnichannel employee communications, customer communications, and workplace experience platform is trusted by over 6,000 organizations today, reaching more than 35M employees and delivering content to 500,000+ digital signs.

We know there’s no such thing as a “perfect" candidate - we’re all a work in progress and are growing new skills and capabilities all the time. We encourage you to apply for a position with Poppulo even if you don’t meet 100% of the requirements. We believe in fostering an environment where there is a diversity of perspectives, in hopes that we can all thrive. 

The Opportunity

 

Poppulo is seeking a Sr. GRC Program Manager to join our security team.

The Senior Governance, Risk, and Compliance (GRC) Program Manager is responsible for providing guidance, executing assessments, collaborating with auditors, managing evidence, analyzing risks, ensuring adherence to processes, and communicating effectively with internal & external stakeholders. Collaborate within an expanding Cybersecurity team and work closely with internal Poppulo teams to ensure new and continued compliance with cybersecurity frameworks, required programs, and other related job duties.

The role of the Sr, GRC Program Manager will be to drive the development and maintenance of Poppulo’s Governance, Risk, and Compliance program; including business continuity planning, data, system, and network security controls.

All applicants must be authorized to work in Ireland.

Principal Duties & Responsibilities:

· Drive GRC guidance and interpretation of rules, regulations, risks, and best practices.

· Lead cybersecurity risk assessment and control attestation processes, including ongoing and annual assessments.

· Lead in the development and implementation of organization-wide risk management, including conducting risk assessments and monitoring cyber security risks.

· Work with stakeholders to provide remediation guidance for risks discovered during assessments.

· Collaborate with Internal and External Auditors on security assessments and audits, and support audit execution processes by providing compliance consultation and direction.

· Review control effectiveness evidence, collect, review, and upload evidence for compliance purposes.

· Identify and document emerging and residual risk, perform risk analysis and evaluation, and identify potential areas of risk.

· Directly engage with internal teams to ensure adherence to processes and troubleshoot, identify, analyze, and mitigate GRC-related risks in existing processes, policies, and procedures.

· Execute the information security compliance program, ensuring compliance with regulations, and develop and implement effective policies and practices to secure sensitive data.

· Lead to the development and implementation of governance frameworks, policies, and procedures.

· Lead security and GRC guidance and support to internal teams, prepare and communicate operational metrics and trend analysis for IT Leadership, and collaborate with cross-functional teams to align GRC efforts with business objectives.

· Stay up to date on regulatory developments and industry trends.

· Expected to travel up to 5% each year.

· Perform other duties as assigned.

 

Education & Experience:

· Bachelor's degree in Computer Science, Information Systems, Cyber Security related field, or equivalent experience.

· 5+ years’ experience in some form of GRC discipline; IS Audit, IT Compliance, Governance, Information Risk, etc.

· Relevant certification (e.g., CISSP, CISM, CISA, GRISC) or related are preferred.

 

Knowledge, Skills, and Abilities:

Required:

· Strong understanding of cybersecurity principles, risk management frameworks, and compliance standards (e.g., SOX, NIST CSF, ISO 27001, SOC 2, FedRAMP).

· Experience working with internal and external auditors.

· Process expertise in GRC areas is necessary (e.g. risk management, compliance & regulation, controls automation, continuous controls monitoring and security)

· Understanding of IT environments, risk, and assessment and auditing methodologies

· Have a strong working knowledge of some or all of ISO27001, SSAE16/18, Information security standards, GDPR, ITIL, cyber essentials

· Ability to lead and manage projects across multiple teams or groups (strong planning, organization and project management skills)

· Intellectual curiosity and analytical skills in areas of high complexity; sound judgment in resolving matters of high complexity

· Excellent communication and interpersonal skills: Oral, written and listening.

· Ability to work independently and collaboratively in a cross-functional environment.

 

 

Compensation 

Annual base salary gross:  Annual. The base salary range represents the low and high end of the Company's contemplated salary range for this position. Actual salaries will vary and will be based on various factors, such as the candidate’s qualifications, skills, competencies, and geographic location. The salary is one component of Company's total compensation package for employees. Other rewards and benefits include variable compensation, short-term incentives, health insurance (several options to choose from), accident and life insurance, access to the best in class learning and development platforms, flexible work arrangement, to name just a few!

Why Us? 

• An excellent workplace culture 
• Competitive salary 
• Company performance-related bonus
• Medical insurance 
• Flexible working hours 
• In-house soft skills training 

Who We Are

We are a values-driven organization that encourages our employees to bring their authentic selves to work every day and empowers everyone to make a tangible impact on our products, clients, and culture. We offer a dynamic environment with driven, fun, and flexible individuals who thrive on challenge and responsibility. This is an opportunity to contribute to our culture and join a company that’s on the move.

We live the Poppulo values each day, as they are key to everything we do.

• Bring Your Best Self
  We show up authentically, are self-aware and always strive to be better.
• See it. Own it. Solve it.
  We proactively innovate and solve for our customers and each other. We set an example with high standards for our work. We foster a culture of learning, acknowledging our successes and our failures.
• Together We’re Better
  We value and celebrate our diversity. We learn from others, respecting their expertise, and focus on building trust. That's what makes us a team.

Named a Great Place to Work in 2015, 2016, 2017, 2018, 2019, 2020, and 2021, we are a fast-growing global technology company, with offices in Ireland, the US, and the UK.

Poppulo is an equal opportunity employer.

We are committed to protecting your privacy. For details on how we collect, use, and protect your personal information, please refer to our Job Applicant Privacy Policy.