Senior Specialist, Information Security Governance, Risk, and Compliance

Scout Motors   

Here at Scout Motors, we're carrying forward the heritage of one of the most iconic American vehicles in history. A vehicle dating back to 1960. One that forged the path for future generations of rugged SUVs and will do so once again.

But Scout is more than just a brand, it’s a legacy steeped in a culture of exploration, caretaking, and hard work.

Scout is all about respect.  Respect for the environment by developing electric vehicles with the capability to get you to any location.  Respect for the past and the future by taking an iconic American brand that hasn’t been around for a while, electrifying it, digitizing it, and loading it with American innovation.  Respect for communities by creating a company that stands for its people and its customers.  And respect for both work and play, with vehicles that are equally at home at a camp site, a job site, or on a Tuesday commute. 

At Scout Motors, we empower our talented, inclusive, and entrepreneurial teams to innovate. What makes a Scout? Someone who is a visionary and a leader, who seeks new paths and shares lessons learned. A knowledgeable doer who collaborates across the company to build better. A go-getter with unrivaled passion. 

Join us at Scout Motors and be part of shaping the future of transportation. If you're ready to drive change and make history, apply now!

Scout Motors Inc. (Scout) is hiring an Information Security Governance, Risk, and Compliance Senior Specialist that will be responsible for leading and driving the development and management of various elements of security governance, risk, and compliance, along with customer trust and privacy. This role will need to build functions/programs from scratch with limited oversight or direction to meet the objectives of the Information and Vehicle Security Team. Our ideal candidate for this role will be someone who has multiple years of experience in the GRC, customer trust, and data privacy space and wants to use that experience to build these functions for an excited EV automotive start backed by VW Group. Additionally, they need to  be analytical, data driven, and forward thinking to ensure the privacy, trust, or GRC functions are built to scale the business. This role will be an individual contributor (IC) role with potential for advancement and people management as the company grows. 

Why join us? Our Information Security GRC Team at Scout is helping to build the next generation of electric trucks and rugged SUVs for American drivers. You will be building and then owning security functions within the security organization. You will have the opportunity to engage with stakeholders and control owners across the organization as you work to build out the necessary pieces of GRC, customer trust, privacy, etc. You will provide real impact in moving the ball forward to support Scout’s aggressive growth strategy and vision.

What you’ll do

• Manage the development, annual review, and off-cycle requests for security policies and standards. 
• Manage the execution of cyber risk assessments for business processes, technology, and products and driving risk treatment activities with risk owners.
• Build functions for the engagement of privacy, trust and GRC programs with customers, employees, and stakeholders to enable “Security-as-a-service” principles and goals. 
• Assist in the buildout and management of the GRC tooling and associated data to include the GRC platform, TPRM application, Microsoft Purview DLP & Insider Threat, LMS, etc. 
• Manage external audits by the VW Group and certification bodies through the audit lifecycle. 
• Direct internal security IT audits to include evidence lifecycle management, control walkthrough scheduling and execution, and the documentation and management of control corrective action plans. 
• Own and manage the development of security compliance programs for industry security frameworks (SOX ITGCs, AICPA TSC [SOC 2], ISO 27001//27701/21434, TISAX, GDPR, CPRA, NIST CSF, etc.). 
• Work with engineering teams to drive the implementation of security requirements and controls across colocation infrastructure, multiple cloud environments (Azure/AWS), and dozens of third-party SaaS solutions. 
• Make recommendations to management regarding programs, processes, etc. to streamline and improve the way Scout executes its security objectives and goals.  
• Provide support and mentor other members on the team, sharing insights, knowledge, and experience. 
• Engage in team-building events, community engagement, team off-sites, peer-review & performance review cycles and activities.
• Take ownership for assigned tasks, document actions and status, and report during team stand-ups.

Location & Travel Expectations: The responsibilities of this role require attendance at in-person meetings and events regularly. This role can be based out of a Scout Motors location in Columbia, South Carolina; Novi, Michigan; or St. Louis, Missouri. Applicants should expect that the role will require the ability to convene with Scout colleagues in person and travel to participate in events on behalf of the company from time to time.

What you’ll bring 

We expect all Scouts to have integrity, curiosity, resourcefulness, and strive to exhibit a positive attitude, as well as a growth mindset. You’ll be comfortable with change and flexible in a fast-paced, high-growth environment. You’ll take a collaborative approach to achieve ambitious goals. Here's what else you'll bring: 

• Bachelor’s degree in computer science, Information Systems Management, Cybersecurity, Information Assurance or related field or equivalent relevant experience. 
• 8+ years of technical professional experience in IT audit, IT risk management, or security governance. 
• Extensive experience in assessing the effectiveness of information security controls (test of design, test of effectiveness, etc.). 
• Strong understanding and experience in security risk management activities (risk analysis, risk assessments, risk reporting, treatment etc.). 
• Experience across multiple security domains (access management, change management, security operations, etc.). 
• Strong knowledge of multiple industry accepted information security frameworks (e.g. SOX ITGCs, AICPA TSC [SOC 2], TISAX, ISO 27001, GDPR, CCPA, NIST CSF, etc.). 
• Experience with public cloud hosting providers (AWS, Azure, and/or GCP). 
• Experience building out GRC functions within third-party tooling platforms (RSA Archer, Standard Fusion, ServiceNow, Hyperproof, etc.). 
• Strong working knowledge of Microsoft Office and Google Workspace. 
• Exposure to working with 3rd parties on contract/engagement work (e.g. writing RFPs, getting quotes, writing business cases, reviewing SOWs, working with internal procurement teams, etc.). 
• Possess one or more industry accepted information security certifications (CISA, CISSP, CRISC, CCSK, CIPPP, etc.). 
• Experience providing training and guidance to junior team members and company users. 
• Strong communication and critical thinking skills, attention to detail, and experience collaborating cross-functionally with stakeholders.

What you'll gain

The benefits of joining Scout include the chance to build products and a company from the ground up.  This is a chance to create something new and lasting – with an iconic brand at its foundation.  In addition, Scout provides competitive compensation and benefits to support your physical, mental, and financial wellbeing. Program specifics are detailed in company policies and employee benefit guides, select highlights:

• Competitive insurance including:
  • Medical, dental, vision and income protection plans
• 401(k) program with:
  • An employer match and immediate vesting
• Generous Paid Time Off including:
  • 20 days planned PTO, as accrued
  • 40 hours of unplanned PTO and 14 company or floating holidays, annually
  • Up to 16 weeks of paid parental leave for biological and adoptive parents of all genders
  • Paid leave for circumstances related to bereavement, jury duty, voting time, or military leave

Pay Transparency

This is a full-time, exempt position eligible to receive a base salary and to participate in an annual performance bonus program. Final salary offered will be determined based on factors including but not limited to the candidate's skills and experience. The annual performance bonus program is preset and not candidate dependent.

Initial base salary range = $140,000-$160,000

Internal leveling code: IC8

Notice to applicants:

• Residing in San Francisco: Pursuant to the San Francisco Fair Chance Ordinance, Scout Motors will consider for employment qualified applicants with arrest and conviction records. 
• Residing in Los Angeles: Scout Motors will consider for employment qualified applicants with criminal histories in a manner consistent with the Los Angeles Fair Chance Initiative for Hiring Ordinance. 
• Residing in New York City: This role is not eligible for remote work in New York City.

Equal Opportunity

Scout is committed to employing a diverse workforce and is proud to be an Equal Opportunity Employer. Qualified applicants will receive consideration without regard to race, color, religion, sex, national origin, age, sexual orientation, gender identity, gender expression, veteran status, disability, pregnancy, or any other characteristics protected by law. Scout is committed to compliance with all applicable fair employment practice laws.