This role can be fully remote in Spain, or based out of our Barcelona or Madrid offices with flexible in-office options.
Responsibilities
Support the adoption of a central control framework that translates to our environment
Support the centralization of compliance data (evidence, processes, policies, etc.) to help compliance teams improve their audit response time and create consistent responses across the team
Execute processes that manage high volumes of control performance data and report on them in an effective and accurate manner
Collaborate with compliance team leads on executing roadmaps for future GRC programs
Complete the initial gap assessment for compliance scope additions to understand overlap with existing framework and communicate requirements and estimated workloads to compliance leads
Support operational activities such as control performance assessment via NIST CSF Maturity assessment and monitoring of effectiveness of the GRC Programs
Support the GRC functions to help drive through ad-hoc deliverables as required
Develop, review, and update documentation for MongoDB’s cloud customers
Assist in building dashboards and presentations for various audiences (executive, business unit, ops, etc.)
Support assessment activities as required to maintain compliance or evaluate the system by third party auditors
Work within ticketing flows to ensure various projects remain on target
Interface with and lead projects involving external auditors related to scheduling, drafting relevant communications and communicating metrics
Help schedule and track gaps and remediations related to periodic internal audits
Track internal Governance, Risk and Compliance actions, as well as present team roadmaps and timelines
Help track schedules and identify any obstacles that may impact milestones and key delivery dates
Arrange meetings
Draft meeting agendas based on meeting's goals
Draft presentations and communications around compliance program metrics
Take meeting minutes and actions and follow up on their completion
Qualifications
Bachelor's degree or equivalent practical experience
Working knowledge of cloud controls and environments
Experience with cloud security and major compliance standards such as ISO 27001, SOC 2, PCI, NIST CSF
Experience with internal governance, risk, and compliance functions
Experience with policies, procedures, and governance frameworks in a highly regulated industry
Practical experience performing gap analysis, maturity assessments, and risk assessments
Experience managing projects or workstreams at the enterprise level
Experience implementing compliance technology and associated tools
Ability to engage organizational levels simultaneously, leading to solutions/sustainable programs
Knowledge of compliance and regulatory processes, including aligning policies to regulatory and business requirements
Excellent attention to detail and organizational skills
Practical understanding of cloud security compliance, risk management and information security principles
Strong presentation building and communication skills
Strong analytical, diagnostic, and critical thinking skills
Excellent verbal, written and interpersonal communication skills with both technical and non-technical audiences
Preferred Qualifications
Experience with obtaining the Esquema Nacional de Seguridad (ENS) certification, ISO 20000, or ISO 22301
Experience working with Jira
Project management experience including:
process, metrics and dashboard reporting
drafting communications
drafting meeting minutes
rollout of information security training and awareness program
project management support and reporting
A good understanding of audit process, methodology, standards and terminology -- CISSP, CISA, CISM, CRISC, ISO 27001 Lead Auditor or Implementor certifications welcome but not required
The ability to work in a fast-paced tech environment, managing multiple large scale projects simultaneously
A good understanding of Cloud Environments, Linux and Windows systems