MongoDB Program Manager - Governance Risk Compliance 

Spain, Catalonia, Barcelona 

635047125

This role can be fully remote in Spain, or based out of our Barcelona or Madrid offices with flexible in-office options.

• Support the adoption of a central control framework that translates to our environment
• Support the centralization of compliance data (evidence, processes, policies, etc.) to help compliance teams improve their audit response time and create consistent responses across the team
• Execute processes that manage high volumes of control performance data and report on them in an effective and accurate manner
• Collaborate with compliance team leads on executing roadmaps for future GRC programs
• Complete the initial gap assessment for compliance scope additions to understand overlap with existing framework and communicate requirements and estimated workloads to compliance leads
• Support operational activities such as control performance assessment via NIST CSF Maturity assessment and monitoring of effectiveness of the GRC Programs
• Support the GRC functions to help drive through ad-hoc deliverables as required
• Develop, review, and update documentation for MongoDB’s cloud customers
• Assist in building dashboards and presentations for various audiences (executive, business unit, ops, etc.)
• Support assessment activities as required to maintain compliance or evaluate the system by third party auditors
• Work within ticketing flows to ensure various projects remain on target
• Interface with and lead projects involving external auditors related to scheduling, drafting relevant communications and communicating metrics
• Help schedule and track gaps and remediations related to periodic internal audits
• Track internal Governance, Risk and Compliance actions, as well as present team roadmaps and timelines
• Help track schedules and identify any obstacles that may impact milestones and key delivery dates
• Arrange meetings
• Draft meeting agendas based on meeting's goals
• Draft presentations and communications around compliance program metrics
• Take meeting minutes and actions and follow up on their completion

• Bachelor's degree or equivalent practical experience
• Working knowledge of cloud controls and environments
• Experience with cloud security and major compliance standards such as ISO 27001, SOC 2, PCI, NIST CSF
• Experience with internal governance, risk, and compliance functions
• Experience with policies, procedures, and governance frameworks in a highly regulated industry
• Practical experience performing gap analysis, maturity assessments, and risk assessments
• Experience managing projects or workstreams at the enterprise level
• Experience implementing compliance technology and associated tools
• Ability to engage organizational levels simultaneously, leading to solutions/sustainable programs
• Knowledge of compliance and regulatory processes, including aligning policies to regulatory and business requirements
• Excellent attention to detail and organizational skills
• Practical understanding of cloud security compliance, risk management and information security principles
• Strong presentation building and communication skills
• Strong analytical, diagnostic, and critical thinking skills
• Excellent verbal, written and interpersonal communication skills with both technical and non-technical audiences

• Experience with obtaining the Esquema Nacional de Seguridad (ENS) certification, ISO 20000, or ISO 22301
• Experience working with Jira
• Project management experience including:
• process, metrics and dashboard reporting
• drafting communications
• drafting meeting minutes
• rollout of information security training and awareness program
• project management support and reporting
• A good understanding of audit process, methodology, standards and terminology -- CISSP, CISA, CISM, CRISC, ISO 27001 Lead Auditor or Implementor certifications welcome but not required
• The ability to work in a fast-paced tech environment, managing multiple large scale projects simultaneously
• A good understanding of Cloud Environments, Linux and Windows systems