As entrepreneurs ourselves, we understand the unique challenges startups face managing their rollercoaster growth. We’ve lived it. We know that even well-funded teams can lack the bandwidth to recruit, train, and integrate the operations staff needed to meet growing demand. And that even when the right employees are in place, many companies lack the crucial mid-management layer needed to drive employee performance and process improvements. Hugo was created with the high-growth startup in mind. We custom build or augment existing operations teams for companies in scaling mode, leaving founders and senior management to focus on what matters most: growth.
Key Responsibilities
WHAT YOU'LL BE DOING
- Lead the quarterly ISMS management review and reporting on the organization's technology risks.
- Collaborate with enterprise risk management function and lead IT risk management review meetings.
- Define a strategic roadmap and plan to deliver on the IT-GRC function objectives.
- Develop and maintain IT policies, standards and frameworks aligned with industry best practices (e.g., ISO 27001, NIST, COBIT etc.)
- Develop and implement an IT compliance management and monitoring framework, overseeing the organization’s compliance efforts based on industry standards (e.g., ISO27001, PCI-DSS, SOC 2, HITRUST).
- Monitor, and report on the organization’s legal and regulatory compliance obligations, including those related to legislation (e.g., GDPR, NDPR, Cybercrime Act, NDPA).
- Develop and implement an IT risk management framework to identify, assess, manage, and mitigate risks.
- Perform general Risk Control Self-Assessment for the department covering people, process, technology, and suppliers, assigning risk severity scores and tracking mitigation plans.
Must-Have Qualifications/Experience
WHAT QUALIFICATIONS YOU’LL NEED
- Hands-on, Individual contributor with strong communication (written and verbal) skills and the ability to work in a business partnering capacity whilst maintaining essential independence.
- Demonstrated track record of influencing stakeholders from different backgrounds and functions to drive risk-aware business outcomes.
- Demonstrated experience preparing and presenting risk reports to an executive and/or business leaders.
- An ability to lead strategically, with a commercial focus.
Preferred Background
- 10 years experience in a Governance, Risk and Compliance role, with at least 3 years interacting with business leaders and executive leadership team.
- IT-GRC background with expert level knowledge of industry practices, IT processes, compliance frameworks and standards (e.g., COBIT, NIST, PCI-DSS, ITIL, SOC2, Hitrust, ISO 27001 etc.)
- CISA, CRISC, CGEIT, or other relevant industry security-focused certifications preferred.
Method of Application
Signup to view application details.
Signup Now
