Senior Director, GRC & Privacy

San Francisco, California   |   Full Time

The Director of GRC & Privacy - will be responsible for establishing the framework, articulating the strategy, and leading the development of the Organization Governance, Risk Management, and Compliance Controls ecosystem to meet Board, Senior Management, and Regulatory expectations, in conjunction with other teams.  The director is responsible for the establishment, operationalization, and continuous improvement of global Governance, Risk management, Compliance, and Privacy. As the Director, GRC, and Privacy you will provide leadership to a growing global team.  Requires a great deal of responsibility that will include, but not be limited to, the following -


About GRC & Privacy team:

The GRC and Privacy team is responsible for managing the organization's overall governance, enterprise risk management, compliance, and data privacy regulations.  The objective of the GRC and Privacy team is to enable a structured approach to align IT with business objectives, while effectively managing risk and meeting compliance & data privacy requirements.


Responsibilities include:


  • Develop and lead strategic roadmap of the GRC & privacy function.

  • Implement, review and assess the Enterprise risk framework by conducting risk assessments periodically.

  • Reduce risk and improve control effectiveness, privacy and compliance through an integrated and unified approach that reduces the ill effects of organizational silos and redundancies.

  • Assurance over the compliance of standards and regulations Chargebee needs to follow. Examples are - SOC, PCI, ISO 27001, SOX, NIST, etc including GDPR, CCPA, and  other applicable data privacy laws

  • Maintain a strong awareness of legislative changes or amendments to ensure ongoing and future compliance

  • Build a strategic and comprehensive privacy program that defines, develops, maintains, and implements policies and processes that enable consistent, effective privacy practices.

  • Work with GTM functions, legal counsel, and other related parties to represent the organization's information privacy interests with external parties (state or local government bodies) who undertake to adopt or amend privacy legislation, regulation, or standard.

  • Conduct related ongoing compliance monitoring activities in coordination with the organization's other compliance and operational assessment functions.

  • Develop a communication strategy for verbal and written communications to the three lines of defense to raise awareness of the overall program, ensure engagement, and update on progress against the plan

  • Improve Chargebee’s GRC and Privacy posture externally by delivering customer delights and driving Privacy as a competitive edge for Chargebee.

  • Driving the Budgets w.r.t People and technology and demonstrating the value

  • Responsible for delivering key metrics to the leadership as part of the GRC and Privacy function.

 

Requirements:


  • 12+ years of IS experience with 4+ years of GRC leadership experience

  • Hands-on experience in implementing GRC programs. 

  • Thorough knowledge of strategy, governance, risk management, and compliance concepts

  • Working knowledge of compliance frameworks (CIS, NIST, OWASP, PCI)

  • Have the mental acuity to analyze complex sets of data and requirements and present that data in a manner that's clear and concise.  

  • Experience working with COSO and COBIT frameworks and their role in Enterprise Risk Management

  • Demonstrated ability to create and successfully execute strategic Privacy  and compliance roadmap

  • Experience securing various Cloud architectures and deployment strategies such as Software-as-a-service, Infrastructure-as-a-service (AWS), Platform as a service, etc

  • Experience working with technology environments, including information security, encryption methods, and privacy-based solutions

  • Knowledge and understanding of relevant legal and regulatory requirements including PCI-DSS, SOC, HIPAA, GDPR 

  • Work with 3rd party vendors and provide Product requirements for Privacy/GRC compliance

  • Thorough documentation abilities and process adherence culture

  • Practical experience in leading internal and external compliance audits 

  • Excellent written and verbal communication skills



Chargebee might be the opportunity you’re looking for

  • If you’re interested in how subscription businesses can get more efficient.
  • If you’re hungry to give and receive feedback, fully understanding that challenging perspectives are the only way that you can grow.
  • If you can bring empathy to problem solving.
If this sounds interesting but you’re not sure you'll tick all the boxes, apply anyway! There’s tons of room to grow at Chargebee.

Let’s talk

apply with your résumé to get
the conversation started

Submit Your Application

You have successfully applied
  • You have errors in applying