About the role
At WeaveGrid, we are working to accelerate the electrification of transportation and the decarbonization of the electric grid. Ensuring the safety, security and trust of our users and partners is paramount.
As the Cybersecurity and Compliance Program Manager you will lead the definition, implementation, and monitoring of information security and risk management controls, and compliance with applicable frameworks. This role is highly cross functional and partners with teams across the company including Engineering, Product, Legal, People Operations and external consultants.
- Establish and manage security, privacy, and compliance programs and projects end-to-end, from design phase to project closures
- Including Information Security, Vulnerability Management, Vendor Risk Management, Incident Response, and Business Continuity
- Develop and drive project timelines, roadmaps and milestones for multiple projects
- Communicate program updates, progress and timelines to stakeholders and upper management on a regular basis
- Own achieving compliance with upcoming information security and privacy requirements - those mandated by law, contracts, and strategic roadmap
- Work with Legal, People Operations, Product, Engineering, and vendors to ensure adherence to existing commitments
- Manage audits and certification programs (including SOC 2)
- Manage relevant GRC, IT, and cloud security tooling to support programs
- Manage external vendors and consultants as needed
- Support Business Development team to answer security questionnaires and contract requirements from prospective and current clients
You’re excited to solve hard problems in a rapidly scaling environment. You’re excited about supporting a world with 100% clean transportation, while maintaining high grid reliability. While you may not have experience working directly with utilities or electric vehicles, you understand that they require rigorous information security infrastructure and practices that need to be communicated to several stakeholders within WeaveGrid.
You understand that this is an industry where trust is paramount, and that your role will be critical in building and maintaining the trust our partners have in us now. You want to grow and leverage WeaveGrid’s positive reputation in our industry by ensuring that we deliver not only a secure platform, but also a supporting organization that is prepared for contingencies. You enjoy working in a fast-paced environment at a high growth company, while demonstrating a high degree of empathy for clients and team members across departments.
To meet the needs of this role, you will bring:
- Eagerness to take initiative and independently manage complexity in a rapidly growing company and industry
- Significant domain expertise in several of the following frameworks: NIST CSF, CIS, OWASP, SOC 2, CCPA, ISO-27001, NERC CIP, NIST 800-53
- Experience with at least two of the following areas: policy administration, GRC tooling administration, security questionnaires, requirements gathering and communication to stakeholders
- Flexibility and willingness to take on a variety of tasks in response to immediate needs, while maintaining attention to detail
- Excellent written and interpersonal communication skills among various functional areas
- Comfort with remote collaboration tools. Travel required, when appropriate in accordance with health guidelines
- 3+ years of successful technical program management for SaaS product
- 3+ years of experience working in cybersecurity or compliance for a SaaS product
- Preference for experience in data intensive Enterprise SaaS and/or multi-sided platforms
- Well versed in relevant business operations and IT tooling: Okta, Google Workspace, Microsoft 365, Slack, Jira, etc
- BA/BS, or equivalent experience, in technical field