Director, GRC
New York City or Remote
Olo
Olo enables 600+ restaurant brands to scale online ordering and delivery, make data-driven business decisions, and personalize the guest experience.You will report to the CISO and can work remotely from anywhere in the U.S. or at Olo’s headquarters in NYC.
What You'll Do
- Monitor and mature GRC practices, including developing metrics and KPIs to identify areas for improvement and optimization
- Report regularly to the CISO, GRC Committee, and other senior management on the effectiveness of GRC, including key risks and compliance with policy and controls, and escalating issues as appropriate
- Oversee a unified control framework, including monitoring of controls to ensure alignment with various leading practice control frameworks, such as PCI-DSS, NIST CSF, CIS, COSO, and ISO.
- Educate and coach internal stakeholders on policies, controls, related practices, and general security awareness
- Serve as a key stakeholder to Product & Engineering and other teams to ensure processes and controls are designed and implemented appropriately
- Facilitate and coordinate internal and external audits, and control reviews including PCI-DSS audits and SOC control assessments
- Use experience and data gained during audits, control reviews, and incident investigations to improve technology related controls and practices
- Consult with Legal on privacy-related initiatives
- Oversee third party and vendor technology risk management practices, including Vendor Assessments in collaboration with other teams
- Participate in other technology related risk management practices, including Risk Assessments and Business Continuity Planning, as needed
- Develop and oversee a customer trust program, establishing a feedback loop in collaboration with other teams
- Deeply collaborate across Olo with Product & Engineering, Legal, People & Culture, Finance, and GTM teams, as well as external partners, auditors and customers
What We'll Expect From You
- 7+ years of Information Technology experience with a focus on Security, Privacy, Risk, and Compliance
- CISSP, CIPP, CIPM or similar certification preferred
- Deep understanding of security, privacy, control, cybersecurity incident response, disaster recovery, and business continuity concepts and related standards
- Familiarity with DevSecOps, Secure Development, and Cloud best practices
- Proven experience delivering PCI-DSS, SOC 2 Type 1 and Type 2, ISO 27001, NIST 800-53 and SOX 404 gap assessments and audits, and compliance with privacy regulations like CCPA and GDPR
- Proven experience creating and/or supporting: Policy Management Privacy, such as Privacy by Design and Data Subject Access Requests Disaster Recovery and Business Continuity Planning Risk Management, including Risk Assessments Vendor Management, including Vendor Assessments Partner Management, including Partner Assessments Customer Trust, including Questionnaire Response GRC metrics
- Adept at working with internal Product & Engineering, Legal, People & Culture, Finance and GTM teams, and external partners, auditors and customers
- Ability to work during critical incidents or to support coverage requirements
- Legally able to work in the U.S.
Olo is the engine of hospitality powering the restaurant industry's digital transformation. As a leading open SaaS platform, we enable over 600 restaurant brands to jointly reach 85 million connected guests across approximately 78,000 locations. More than two million orders per day run on Olo's platform, allowing brands to maximize the convergence of digital and brick-and-mortar operations while raising the bar on hospitality. The result: brands do more with less and make every guest feel like a regular. With integrations to over 300 technology partners, our customers can build digital experiences with the largest and most flexible restaurant commerce ecosystem on the market. You have likely used Olo and not even known it! Learn more at olo.com.
We’re remote-friendly. Since 2015, we have been evolving our culture to continue to support a more distributed workforce and now over 75% of our team works remotely across the U.S. If you're in the New York City area, you can choose to work remotely or from Olo's headquarters, located in Tribeca.
We offer great benefits, such as 20 days of paid time off, 10 separate sick days, 11 holidays, plus year-end closure, health, dental, and vision coverage for yourself and your family, a 401k match, remote-office stipend, company equity, a generous parental leave plan, volunteer time off, gift matching policy, and more!
Our best estimate of the compensation range for this opportunity is $176,827-$253,516 annually, depending on the experience you bring and your location. We look forward to discussing your salary expectations and our full total rewards offerings throughout the interview process.
We encourage you to apply!
We value diversity. At Olo, we know a diverse and inclusive team makes our workplace better. Don't meet every single qualification in the job description? Market data shows that women and people of color are less likely to apply to jobs unless they meet every single qualification. We are dedicated to building a diverse, inclusive, and authentic workplace that is free from discrimination and harassment; this allows us to make better decisions and better serve the communities we’re a part of. So if you're excited about this role but your previous experience doesn't align perfectly with every qualification in the job description, we encourage you to apply anyway. You may be just the right candidate for this or other roles.
All applicants receive consideration for employment. We do not discriminate on the basis of race, religion, color, national origin, gender identity, sexual orientation, pregnancy, age, marital status, veteran status, or disability status.
California Residents: CCPA notice
Tags: Audits CCPA CIPP CISO CISSP Cloud Compliance DevSecOps Finance GDPR Governance Incident response ISO 27001 KPIs Monitoring NIST NIST 800-53 Privacy Risk assessment Risk management SaaS SOC SOC 2 SOX Vendor management
Perks/benefits: 401(k) matching Equity Flex hours Flex vacation Health care Home office stipend Parental leave
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Senior Product Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Cyber Security Architect jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Chief Information Security Officer jobs
- Open Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Senior Information Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Consultant SOC / CERT H/F jobs
- Open IT Security Analyst jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Penetration Tester jobs
- Open IT Security Engineer jobs
- Open Security Operations Analyst jobs
- Open Cybersecurity Specialist jobs
- Open Sr. Security Engineer jobs
- Open Security Consultant jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open Agile-related jobs
- Open Application security-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open ISO 27001-related jobs
- Open Threat intelligence-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open Java-related jobs
- Open APIs-related jobs
- Open Security Clearance-related jobs
- Open Forensics-related jobs
- Open SaaS-related jobs
- Open CEH-related jobs
- Open EDR-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open DoD-related jobs