Staff Risk and Policy Engineer
| Company | Procore Technologies |
|---|---|
| Location | Austin, TX, USA |
| Salary | $Not Provided – $Not Provided |
| Type | Full-Time |
| Degrees | Bachelor’s |
| Experience Level | Expert or higher |
Requirements
- 10+ years experience in a variety of technical and GRC management roles
- The following certifications are required: CISSP plus CISM or CISA or CRISC
- 4-year college degree
- Experience in creating impactful enterprise-wide risk programs
- Strong policy development skills, grounded in an appreciation for the impact of both well-crafted and poorly constructed policy
- Capability to create and drive program objectives
- Experience working with FedRAMP, SOC 2, ISO 27001
- Excellent writing and speaking skills
- Evidence of lifelong learning
Responsibilities
- Develop and report on technical KRIs
- Continuously enhance our risk register with new data and emerging risks
- Continuously communicate risks to stakeholders, tailoring messaging for different organizational levels
- Update our cyber policies to reflect organizational changes and drive maturity
- Spearhead and manage enterprise-wide communications about policy contents and changes
- Manage Cyber Risk Findings and & Policy Exceptions end-to-end
- Continuously uplevel the Risk and Policy programs in scope and efficiency
Preferred Qualifications
- Nice to have: CCSP