Security GRC Manager
1 month ago
Job type: Full-time
Hiring from: USA Only
Category: DevOps / Sysadmin
Postman is the world’s leading collaboration platform for API development. Postman's features simplify each step of building an API and streamline collaboration to help create better APIs—faster. More than 13 million developers and 500,000 organizations worldwide use Postman today.
Our customers are doing more and more astounding things with the Postman product every day, and as a result, we are growing rapidly.
Specifically, we’re looking for an experienced GRC leader to build out and scale our governance, risk, compliance, and privacy functions, as well as design and develop the appropriate programs and frameworks to cover Postman’s cyber risk and security assurance obligations. Your mission, should you choose to accept it, will be to lead the operationalization of Postman’s automated governance, risk, and compliance (GRC) programs while also driving efforts to mature and optimize Postman’s security policies, risk management processes, and compliance with standards and regulations such as SOC2, ISO, NIST, GDPR, CCPA, HIPAA, and PCI.
Cybersecurity is essential to what we do at Postman. Postman’s security team is responsible for cybersecurity across the entire organization, from employees to partners to customers. We help Postman design, build, deploy, and maintain secure software to ensure we're protecting every customer’s data and their investment in our products. We also focus on raising security awareness within the company, providing security intelligence and building tools to enable all “Postmanauts” (i.e., everyone who works at Postman) to feel a shared sense of responsibility for security and privacy concerns. Finally, we aim to constantly improve the security posture of our organization by iterating on our tooling and process.
- Develop and manage Postman’s security governance framework and cyber risk program to maintain the company’s compliance obligations
- Manage and mature Postman’s security policy framework, security awareness, vendor risk management, and security assurance programs.
- Recruit and manage a lean team of remote cyber risk professionals to simplify processes and relieve operational burdens
- Partner with business and engineering leaders to identify and evaluate risks/controls and make suggestions on mitigation strategies
- Work with key stakeholders to help guide the program and drive prioritization of risks for the company
- Work with cross-functional teams and leadership to drive organizational adoption efforts
- Implement the use of technology to streamline and automate manual controls
- Manage legal, regulatory, and contractual compliance obligations
- Create and manage the company’s vendor risk management program
- Manage security awareness and security assurance programs
- 5-7 years of hands-on cyber risk, governance, and compliance leadership
- Proven experience developing or maturing GRC programs, preferably within a high-growth Cloud/SaaS environment
- Passionate and creative in the use of technology to streamline and automate manual processes
- Experience with—and enthusiasm for—working with global, distributed teams
- Alignment with Postman’s values (you can find them listed on our careers page)
- An innate curiosity about how things work
- Lots of smiles
We offer competitive salary and benefits, and a flexible schedule working with a fun, collaborative team. Enjoy full medical coverage, unlimited PTO, and a monthly lunch stipend. (Yes, seriously. We want you to eat well wherever you’re at.) Plus, our wellness program will help you stay healthy from your location with fitness-related reimbursements. Our frequent and fascinating virtual team-building events will keep you connected, while our donation-matching program can support the causes you care about. We’re building a long-term company with an inclusive culture where everyone can be the best version of themselves, and we want you to be part of it. Join us, why dontcha?
Before you apply, please check if any restrictions apply in terms of time zone or country.
This job has a geo-restriction in place: USA Only.
Please mention that you come from Remotive when applying for this job.
Does this job need an edit? 🙈