Expoint - all jobs in one place

Finding the best job has never been easier

Limitless High-tech career opportunities - Expoint

MongoDB Program Manager - Governance Risk Compliance 
Spain, Catalonia, Barcelona 
635047125

24.06.2024

This role can be fully remote in Spain, or based out of our Barcelona or Madrid offices with flexible in-office options.

Responsibilities
  • Support the adoption of a central control framework that translates to our environment
  • Support the centralization of compliance data (evidence, processes, policies, etc.) to help compliance teams improve their audit response time and create consistent responses across the team
  • Execute processes that manage high volumes of control performance data and report on them in an effective and accurate manner
  • Collaborate with compliance team leads on executing roadmaps for future GRC programs
  • Complete the initial gap assessment for compliance scope additions to understand overlap with existing framework and communicate requirements and estimated workloads to compliance leads
  • Support operational activities such as control performance assessment via NIST CSF Maturity assessment and monitoring of effectiveness of the GRC Programs
  • Support the GRC functions to help drive through ad-hoc deliverables as required
  • Develop, review, and update documentation for MongoDB’s cloud customers
  • Assist in building dashboards and presentations for various audiences (executive, business unit, ops, etc.)
  • Support assessment activities as required to maintain compliance or evaluate the system by third party auditors
  • Work within ticketing flows to ensure various projects remain on target
  • Interface with and lead projects involving external auditors related to scheduling, drafting relevant communications and communicating metrics
  • Help schedule and track gaps and remediations related to periodic internal audits
  • Track internal Governance, Risk and Compliance actions, as well as present team roadmaps and timelines
  • Help track schedules and identify any obstacles that may impact milestones and key delivery dates
  • Arrange meetings
  • Draft meeting agendas based on meeting's goals
  • Draft presentations and communications around compliance program metrics
  • Take meeting minutes and actions and follow up on their completion
Qualifications
  • Bachelor's degree or equivalent practical experience
  • Working knowledge of cloud controls and environments
  • Experience with cloud security and major compliance standards such as ISO 27001, SOC 2, PCI, NIST CSF
  • Experience with internal governance, risk, and compliance functions
  • Experience with policies, procedures, and governance frameworks in a highly regulated industry
  • Practical experience performing gap analysis, maturity assessments, and risk assessments
  • Experience managing projects or workstreams at the enterprise level
  • Experience implementing compliance technology and associated tools
  • Ability to engage organizational levels simultaneously, leading to solutions/sustainable programs
  • Knowledge of compliance and regulatory processes, including aligning policies to regulatory and business requirements
  • Excellent attention to detail and organizational skills
  • Practical understanding of cloud security compliance, risk management and information security principles
  • Strong presentation building and communication skills
  • Strong analytical, diagnostic, and critical thinking skills
  • Excellent verbal, written and interpersonal communication skills with both technical and non-technical audiences
Preferred Qualifications
  • Experience with obtaining the Esquema Nacional de Seguridad (ENS) certification, ISO 20000, or ISO 22301
  • Experience working with Jira
  • Project management experience including:
    • process, metrics and dashboard reporting
    • drafting communications
    • drafting meeting minutes
    • rollout of information security training and awareness program
    • project management support and reporting
  • A good understanding of audit process, methodology, standards and terminology -- CISSP, CISA, CISM, CRISC, ISO 27001 Lead Auditor or Implementor certifications welcome but not required
  • The ability to work in a fast-paced tech environment, managing multiple large scale projects simultaneously
  • A good understanding of Cloud Environments, Linux and Windows systems