Director, IT Risk and Compliance
About The Opportunity
Here at Grubhub we’ve been dedicated to giving diners the most convenient way to order food from their favorite restaurants (whether that’s a late night Chalupa from Taco Bell or a salad for lunch from a local restaurant the day after they enjoyed said late night Chalupa).
While we are food-obsessed, we are also customer-obsessed. We look to constantly innovate our technology so our diners’ food experience is memorable, restaurant owners get more business and individuals across the country looking for part-time work can deliver the food from the restaurant to the diner flawlessly. We take great pride in knowing that we are a part of 21.2 + million diners food ordering experience and we are partnered with 150,000 restaurants in 2,700 US cities across our suite of apps (Grubhub, LevelUp, Seamless, Tapingo, Eat24).
Want to be a part of the biggest movement in the US that is moving eating forward? If so, we want to talk to you - and hear what’s your favorite restaurant for food delivery!
The Area: The Information Security department is responsible for setting enterprise security policies and standards that are designed to protect the confidentiality, integrity, and availability of Grubhub information. The security team offers guidance and technical expertise in areas like application security, policies and procedures, and compliance/regulation. We analyze emerging security threats and conduct risk and vulnerability assessments to ensure that our information remains secure.
The Role: Director, IT Risk and Compliance will assist in supporting Grubhub’s compliance-related responsibilities. This individual will help document security processes and procedures, ensure current and future compliance obligations are met, assist in identifying and following up on information security risks, manage our third-party risk management program, and create metrics for reporting compliance status to senior management.
Some Challenges You’ll Tackle
- Assist in supporting Grubhub’s current and future compliance-related responsibilities (SOX, SOC2, PCI-DSS, customer audits, etc.)
- Monitor and enforce compliance with information security and compliance policies and standards
- Manage 3rd party risk management program
- Document and manage security/compliance exceptions where necessary
- Assist with documenting and regularly reviewing security policies, processes, and procedures
- Respond to customer requests and conduct relevant contract reviews
- Collect and analyze security metrics related to risk and compliance for presentation to senior management
- Assist with creating, publishing, presenting and maintaining security and compliance educational/training material
- Liaise with third party audit personnel as required
You Should Have
- 8+ years’ experience in risk and compliance or I.T. auditor role
- Certification CISA or CISN preferred
- Familiarity with common compliance standards (SOX, SOC2, PCI-DSS, GDPR etc.)
- Experience with IT audits and risk assessments
- Ability to lead and mentor a small team
- Mentorship including development and career planning for your team members
- Familiarity with security frameworks (NIST CSF, preferred) and general security concepts
- Strong organizational skills and the ability to multitask and switch priorities with short notice
- Strong business analysis, research, and analytical skills
- Excellent communication skills
And Of Course, Perks!
- Flexible PTO. It’s true, no strings attached and all the time you need to recharge.
- Better Benefits. Get quality insurance, flex spending accounts, retirement options, and commuter perks.
- Free Food. Kitchens are stocked and free Grubhub each week.
- Stock Up. All of our employees are owners, in fact, they’re granted Restricted Stock Units, which means we’re all in it to win it.
- Casual Culture. Catch rays on the rooftop or get comfy on a couch and get to know your coworkers — because work, should be a place you want to be.
Grubhub is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, and other legally protected characteristics. The EEO is the Law poster is available here: DOL Poster. If you are applying for a job in the U.S. and need a reasonable accommodation for any part of the employment process, please send an e-mail to [email protected] and let us know the nature of your request and contact information. Please note that only those inquiries concerning a request for reasonable accommodation will be responded to from this e-mail address.