Want to learn more about what it's like to work at Handshake? Check out these interviews from our team members!

Your Impact:

Handshake is hiring a GRC lead (Governance, risk management, and compliance), in this role you will collaborate with business and technology stakeholders to identify privacy risk, assess the security controls around privacy data, and address privacy compliance requirements. You will be also responsible for policy and compliance documentation, requirements and controls are correctly and timely identified, mapped, tracked, and reported for the organization, aiding in compliance efforts related to regulatory, legal, and security frameworks, and working closely with other members of the Security Team and IT Infrastructure Teams.

The position will report directly to the Head of Information Security, and be a member of our Security team, resident under Handshake’s CTO organization.

Your Role:

• Conduct data protection impact assessments (DPIAs), Identify and evaluate the Company’s data processing activities 
• Develop, implement, and maintain a data privacy program in accordance with GDPR and other relevant international data protection regulations
• Facilitate Privacy by Design by working with key business stakeholders  and Collaborate with various departments to identify root causes and assist in the development of solutions Provide Data Privacy support to clients, including : Tracking and review Privacy Impact Assessments (PIAs), Completion of security and privacy questionnaires in response to client inquiries.
• Manages the Enterprise Risk Management program, scheduling and facilitating enterprise, regulation compliance and product/service risk assessments, tracking aggregate enterprise risk and trends, and reporting risk assessment results to management and relevant committees.
• Resolve compliance and privacy requests from external or prospect customers that are regulated under CCPA, GDPR  and other privacy regulations
• Support Marketing and Sales teams’ privacy compliance regarding their outreach activities and public-facing materials
• Appropriately assess risk when evaluating gaps and issues identified.
• Perform security and compliance checks on new vendors as part of the onboarding process..
• Manages the audit process from coordinating the annual risk assessment, coordinating the Request for Proposal process for selecting new audit firms, gathering request list items, interfacing with auditors, scheduling audit meetings, to preparing audit remediation reports.
• Generate executive reports of audit findings and recommendations
• Identify opportunities and provide actionable recommendations to enhance the security assessment process, such as updating and adapting security assessment work programs and questionnaires. Assist in selecting and tailoring security assessment and review approaches, methods, and tools to support security assessment objectives, identified risks, and business unit requirements.
• Collaboration with legal on compliance needs that involve legal reviews and recommendations
• Provide advisory services to business and technology teams concerning security compliance, controls and measurement. Identify areas for improvement and assist in the development of solutions.
• Assist in developing and administering privacy training and awareness programs for various groups within the company.
•  

Your Experience:

• 3-7 or more years of experience in a privacy and security compliance role
• Knowledge of information security/privacy standards and best practices (e.g., NIST, SANS) as well as regulations related to information security and data confidentiality (e.g., MA 201 CMR 17, FERPA, HIPAA, PCI, GDPR, etc.).
• Minimum One or more of the following Certifications: Certified Privacy Professional (CPP Preferred), CRISC, Certified Information Systems Auditor (CISA), Certified Information Privacy Management (CIPM), or others with comparable experience.
• Understanding of data protection and data governance capabilities, such as data classification, data discovery, DLP, masking, encryption and anomaly detection.
• Basic understanding of systems development life cycle methodologies required.
• Data privacy, compliance, security, and project management
•  

Bonus Areas of Expertise:

• Experience in legal operations

Benefits:

• Stock: Ownership in a fast-growing company.
• 401k: We care about your ability to save for your future.
• Family Focus: Parental leave and flexibility for families.
• Time Off: Flexible vacation policy to encourage people to rest and recharge.
• Healthcare: World-class medical, dental, and vision policies.
• Goodies: Whatever hardware and software you need to get the job done.
• Team Fun: Regularly scheduled events, movie nights, and book clubs. 
• Learning: Learning & Development stipend for you to grow your skills and career.
• Great team: Working with driven, fun, and kind people who are committed to making a difference!
• ...And much more!

We value diversity of all kinds, and are committed to building a diverse and inclusive workplace where we learn from each other. We are an equal opportunity employer and welcome people of all different backgrounds, experiences, abilities and perspectives.

Interested in what Handshake’s San Francisco HQ is like when we’re together? Check out this video: Just browsing or not ready to apply? Keep in touch with us!