Director, GRC

At Olo we operate a digital food ordering platform used by many of the country’s largest restaurant chains, reaching millions of consumers, and we take great pride in the reliability, security, and performance of our systems and services. We are looking for a talented governance, risk, and compliance leader to lead and evolve our technology related internal controls and related practices in a second line function. The Director, GRC will oversee compliance with technology-related internal controls, industry leading practices, regulatory requirements (including PCI-DSS), and play a crucial role in interacting with other internal teams and external partners, auditors, and customers. 
You will report to the CISO and can work remotely from anywhere in the U.S. or at Olo’s headquarters in NYC.

What You'll Do

• Monitor and mature GRC practices, including developing metrics and KPIs to identify areas for improvement and optimization
• Report regularly to the CISO, GRC Committee, and other senior management on the effectiveness of GRC, including key risks and compliance with policy and controls, and escalating issues as appropriate
• Oversee a unified control framework, including monitoring of controls to ensure alignment with various leading practice control frameworks, such as PCI-DSS, NIST CSF, CIS, COSO, and ISO.
• Educate and coach internal stakeholders on policies, controls, related practices, and general security awareness
• Serve as a key stakeholder to Product & Engineering and other teams to ensure processes and controls are designed and implemented appropriately
• Facilitate and coordinate internal and external audits, and control reviews including PCI-DSS audits and SOC control assessments
• Use experience and data gained during audits, control reviews, and incident investigations to improve technology related controls and practices
• Consult with Legal on privacy-related initiatives
• Oversee third party and vendor technology risk management practices, including Vendor Assessments in collaboration with other teams
• Participate in other technology related risk management practices, including Risk Assessments and Business Continuity Planning, as needed
• Develop and oversee a customer trust program, establishing a feedback loop in collaboration with other teams
• Deeply collaborate across Olo with Product & Engineering, Legal, People & Culture, Finance, and GTM teams, as well as external partners, auditors and customers

What We'll Expect From You

• 7+ years of Information Technology experience with a focus on Security, Privacy, Risk, and Compliance
• CISSP, CIPP, CIPM or similar certification preferred
• Deep understanding of security, privacy, control, cybersecurity incident response, disaster recovery, and business continuity concepts and related standards
• Familiarity with DevSecOps, Secure Development, and Cloud best practices
• Proven experience delivering PCI-DSS, SOC 2 Type 1 and Type 2, ISO 27001, NIST 800-53 and SOX 404 gap assessments and audits, and compliance with privacy regulations like CCPA and GDPR
• Proven experience creating and/or supporting:
Policy Management Privacy, such as Privacy by Design and Data Subject Access Requests Disaster Recovery and Business Continuity Planning Risk Management, including Risk Assessments Vendor Management, including Vendor Assessments Partner Management, including Partner Assessments Customer Trust, including Questionnaire Response GRC metrics
• Adept at working with internal Product & Engineering, Legal, People & Culture, Finance and GTM teams, and external partners, auditors and customers
• Ability to work during critical incidents or to support coverage requirements
• Legally able to work in the U.S.

About Olo
Olo is the engine of hospitality powering the restaurant industry's digital transformation. As a leading open SaaS platform, we enable over 600 restaurant brands to jointly reach 85 million connected guests across approximately 78,000 locations. More than two million orders per day run on Olo's platform, allowing brands to maximize the convergence of digital and brick-and-mortar operations while raising the bar on hospitality. The result: brands do more with less and make every guest feel like a regular. With integrations to over 300 technology partners, our customers can build digital experiences with the largest and most flexible restaurant commerce ecosystem on the market. You have likely used Olo and not even known it! Learn more at olo.com.
We’re remote-friendly. Since 2015, we have been evolving our culture to continue to support a more distributed workforce and now over 75% of our team works remotely across the U.S. If you're in the New York City area, you can choose to work remotely or from Olo's headquarters, located in Tribeca.
We offer great benefits, such as 20 days of paid time off, 10 separate sick days, 11 holidays, plus year-end closure, health, dental, and vision coverage for yourself and your family, a 401k match, remote-office stipend, company equity, a generous parental leave plan, volunteer time off, gift matching policy, and more!
Our best estimate of the compensation range for this opportunity is $176,827-$253,516 annually, depending on the experience you bring and your location. We look forward to discussing your salary expectations and our full total rewards offerings throughout the interview process.
We encourage you to apply!
We value diversity. At Olo, we know a diverse and inclusive team makes our workplace better. Don't meet every single qualification in the job description? Market data shows that women and people of color are less likely to apply to jobs unless they meet every single qualification. We are dedicated to building a diverse, inclusive, and authentic workplace that is free from discrimination and harassment; this allows us to make better decisions and better serve the communities we’re a part of. So if you're excited about this role but your previous experience doesn't align perfectly with every qualification in the job description, we encourage you to apply anyway. You may be just the right candidate for this or other roles.
All applicants receive consideration for employment. We do not discriminate on the basis of race, religion, color, national origin, gender identity, sexual orientation, pregnancy, age, marital status, veteran status, or disability status. 
California Residents: CCPA notice