Compliance Program Manager (GRC)

  • Full Time
  • Remote
  • Senior Level

Website Honeycomb.io

What We’re Building
Honeycomb is a service for the near and present future, redefining observability and raising expectations of what our developer tools can do for us! We’re working with well known companies like Hello Fresh, Slack, LaunchDarkly, and Vanguard and more across a range of industries. This is an exciting time in our trajectory, we’ve closed Series C funding, scaled past 100-person mark, and named to Forbes’ America’s Best Startups of 2022! As our Security & Compliance Analyst, you’ll help us build internal compliance & security programs that balance enabling our customers to meet their compliance requirements, managing risks to the company, helping customers get the best experience from our product & services, and helping our Honeycomb team do our jobs safely, efficiently, and securely.

Who We Are
We come for the impact, and stay for the culture! We’re a talented, opinionated, passionate, fiercely inclusive, and responsible group of bees. We have conviction and we strive to live our values every day. We want our people to do what they truly love amongst a team of highly talented (but humble) peers.

How We Work
We are a remote-first company, which means we believe it is not where you sit, but how you deliver that matters most. We invest in our people and care about how you orient to our culture and processes. At the same time we imbue a lot of trust, autonomy, and accountability from Day 1.

What You’ll Do In Role:

  • Work cross-functionally to define and run our major compliance programs, coordinating with stakeholders around the company to implement and manage needed controls.
  • Take point on internal and external audits, including our annual SOC 2 type II audit, interfacing with the external audit team and guiding other team members in audit-related work.
  • Coordinate and perform regular controls tests and recurring reviews, documenting and sharing the results with stakeholders.
  • Evaluate and advise on compliance risks, helping us shape our compliance, security, and engineering strategies and plan future work, including when to adopt new frameworks.
  • Build a framework, shape our future: This is our first specialist GRC hire, and the candidate that joins us will have the opportunity to build out our risk and compliance framework. If you enjoy building something that will last, in collaboration with others, this could be the role for you!

What You’ll Bring:

  • Enjoy a growing startup environment. We’re a smaller company (~125 employees), but we’re growing fast, and we’re constantly weighing what’s good enough for now against where it’s probably time to invest in maturing our processes. A strong candidate would enjoy finding the right trade-offs for our size & stage rather than feeling stressed that we can’t minimize every risk that a larger company might be able to address.
  • Be a strong written and oral communicator. This role will collaborate with many other roles around the company, with varying degrees of compliance, security, and privacy expertise. A great candidate would be able to communicate clearly and easily with team members from a variety of backgrounds and enjoy helping them understand the ins & outs of our compliance programs & goals.
  • Have solid project management skills and experience creating & socializing new processes. A major aspect of this role will be implementing and supervising compliance and security processes and programs, like our SOC 2 program or aspects of our GDPR compliance. Strong project management skills and experience successfully crafting, socializing, and reporting out on new processes will be important to succeeding in the role.
  • Have expertise in common industry-standard frameworks like SOC 2 or ISO 27001. Since you’ll be working with our team to help supervise our SOC 2 program and audit, It’ll be helpful to have an understanding of the SOC 2 trust services criteria or the requirements of similar standards like ISO 27001, as well as the ability to research standards you’re less familiar with.
  • Experience implementing Risk Management Frameworks such as NIST SP 800-37.
  • Stay up to date on compliance practices for major privacy regulations like GDPR, CPPA, and HIPAA. You’ll work with our G&A team, engineering team, marketing team, and other stakeholders to help us keep our practices in compliance with privacy regulations and meet our customers’ privacy needs, so it will help to have some background on these laws and an interest in keeping your knowledge up to date.
  • Have some knowledge of information security & software engineering practices. You’ll work closely with our information security team, engineering teams, G&A team, and IT support vendors. Having an understanding of IT best practices, physical & information security, automation, compliance processes, web application security, and infrastructure security will help you work with our team to best design controls & processes.
  • (Bonus) Enjoy being a bit of a generalist. Our team is small, and sometimes we help each other out with work not explicitly in our core job domain. If the idea of occasionally helping out with our bug bounty program or coding some automation for a compliance task sounds like an interesting side quest rather than an unwanted distraction, this role might be a good fit for you.
  • Have at least two years of professional experience in a similar or related role. We can hire at a range of levels for this position, but it wouldn’t be a good fit for a new graduate or someone taking on their first GRC, compliance, or security job.

What You Get When You Join The Hive!

  • Base pay (range) of $140,000- 185,000
  • A stake in our success – generous equity with employee-friendly stock program
  • It’s not about how strong of a negotiator you are – our pay is based on transparent levels relative to experience
  • Compensation benchmarked to San Francisco market – no matter of where you live (or move)!
  • A remote-first mindset and culture (really!)
  • 100% employee coverage for Health, Dental, Vision, Life and Disability insurance
  • Time To Recharge – Unlimited PTO, paid sabbatical, 14 US company holidays in 2022, and one 3-day weekend per month
  • Pick Your Perk – $600 a year to spend on the perks that you care about most
  • Work Life Balance and Flexible Schedule options
  • The tech you need AND a $500 Home Setup Stipend
  • $200 Reimbursement for Cell/Wifi/CoWorking
  • $1500+ Annual Professional Development Allowance
  • Up to 16 weeks of paid parental leave, regardless of path to parenthood
  • Maven Inclusive Family-Building benefit including unlimited virtual appointments, coaches & counselors, and $10K ‘wallet’ to support adoption, surrogacy, IVF, and egg/sperm freezing
  • Semi-annual performance conversations (we call them Review & Rewards conversations) – so you know where you stand, and how you’ll be rewarded for your impact
  • Annual compensation review, benchmarking to industry and inflation changes

Diversity & Accommodations:
We’re building a diverse and inclusive workplace where we learn from each other, and welcome nontraditional candidates, and people of all backgrounds, experiences, abilities and perspectives. You don’t need to be a millennial to join us, all gens are welcome! Further, we (of course) follow federal and state disability laws and are happy to provide reasonable accommodations during the application phase, interview process, and employment. Please email Talent@honeycomb.ioto discuss accessible formats or accommodations. As an equal opportunity employer our hiring process is designed to put you at ease and help you show your best work; if we can do better – we want to know!

To apply for this job please visit jobs.lever.co.