Director, GRC & IT

We’re searching for a senior leader to lead our Security and Compliance programs, and oversee our IT team. Reporting to the Senior Director of Engineering, the Director GRC & IT will have an immediate impact on the company by advancing our existing security and compliance programs and guiding our IT team. The ideal candidate will have demonstrable experience in IT, security and compliance in a growth stage B2B SaaS environment.

Your Impact

The Director GRC & IT will be responsible for leading Aurora’s global information security, data protection, and compliance programs. This role involves ensuring compliance with GDPR, SOC 2, and other relevant regulations and standards. The individual will manage risk, oversee security operations, develop and implement security policies, and ensure that all business processes meet industry standard security, legal and regulatory requirements.

• Develop and implement a comprehensive security and compliance strategy that aligns with Aurora’s business goals. Stay current with industry trends, threats, and technology solutions to proactively manage security risks.
• Drive all compliance initiatives including GDPR, CCPA, SOC2, ISO27001 etc. in close partnership with all departments through all phases of development, planning, execution, and maintenance
• Be the public face of Aurora’s posture on security and compliance to our customers and prospects. Take ownership of driving confidence in our security posture through conversations and security questionnaire responses to unblock revenue opportunities across a global customer base
• Develop and maintain an incident response plan. Lead the response to security incidents, ensuring timely resolution and communication. Conduct post-incident reviews and root cause analyses to prevent recurrence
• Be the thought leader and driver for Aurora Solar’s long-term security and compliance strategy and posture – corporate, cloud, and application
  • Foster a culture of “security in everything we do” across all levels of the organization
  • Establish annual and long-range security and compliance goals, define security strategies, metrics, reporting mechanisms and program services; and create maturity models and a roadmap for program improvements
  • Develop and deliver security and compliance training programs for employees at all levels
  • Lead the development and implementation of effective policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation
  • Develop and implement policies and frameworks governing the use of AI within the organization. Monitor and assess AI-related risks and ensure appropriate controls are in place
  • Lead efforts to internally assess, evaluate and make recommendations to management regarding the adequacy of the security controls for our applications, infrastructure and products
  • Work closely with business and technical leaders on a wide variety of security issues that require an in-depth understanding of infrastructure, cloud based applications and architecture
  • Examine impacts of new technologies on the organization's overall information security
• Work with Aurora’s legal department to ensure that corporate governance practices meet regulatory and legal requirements
• Oversee our IT team and initiatives

What You Bring

• 7+ years of experience leading IT, security, and compliance operations at a growth stage SaaS company
• Strong interpersonal and communication skills with the ability to influence at all levels of the organization
• A successful track record of leading the planning, execution and maintenance phases of complex security and compliance programs such as SOC2. Expertise in designing and implementing corporate and customer security policies
• Exercising sound judgment and common sense when it comes to security and compliance posture to strike the right balance between the spirit and the letter of the compliance framework/law
• Up-to-date knowledge of relevant regulatory frameworks, applicable laws and regulations
• Strong incident response skills, with the ability to lead investigations, coordinate with stakeholders, and implement corrective actions
• Strong project management skills with the ability to handle multiple projects simultaneously and meet deadlines
• Proven experience in managing security operations across multiple regions or countries, understanding global security landscapes and compliance requirements

Nice to Haves

• CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), CISA (Certified Information Systems Auditor), or equivalent security certifications are not necessary but highly desirable.
• Experience with Vanta or other GRC tooling
• Understanding of Agile development methodologies
• Experience in a fast growth startup environment

What We Offer

• 🏖️Flexible PTO - Take the time when you need it
• 🍼Parental Leave - 16 weeks with 100% base salary + gradual return to work
• 💰WFH Stipend - An initial $675 CAD(Non-engineers) or $1000 CAD (Engineering roles)
• 🏢 Coworking Stipend - $400 CAD / month if you prefer to be at a coworking facility near you
• ☀️Energize Fridays - Company-wide days to log off and recharge
• 📶Connectivity Stipend - Up to $100 CAD / month towards internet or phone
• 🩺Medical, Dental, and Vision - Aurora will cover 100% of premiums for employee-only and dependent coverage of our supplemental medical, dental, and vision plans
• Please take a look at our 2024 Canadian Benefits Booklet for a deeper dive into our offerings