Info Security GRC Manager, Risk & Compliance

Company: Bill.com
Location: San Jose
Posted on: March 19, 2023

Job Description:

Being a Champion for SMBs is good for business. And a career defining opportunity for you

BILL is a leader in financial automation software for small and midsize businesses (SMBs). As a champion of SMBs, we are dedicated to automating the future of finance so businesses can thrive. Hundreds of thousands of businesses trust BILL solutions to manage financial workflows, including payables, receivables, and spend and expense management. With BILL, businesses are connected to a network of millions of members, so they can pay or get paid faster. Through our automated solutions, we help SMBs simplify and control their finances, so they can confidently manage their businesses, and succeed on their terms.

BILL is a trusted partner of leading U.S. financial institutions, accounting firms, and accounting software providers. We have operations in San Jose, CA, Draper, UT, Houston, TX and Sydney, AUS and are continuing to expand into other geographic locations. If you're looking for a place that helps you do the best work of your career, look no further than BILL.

The Infosec GRC Manager will lead Infosec compliance initiatives to ensure alignment to PCI, HIPAA, NIST, and data protection and other applicable standards/regulations. The Manager will also lead the company through the design and management of programs that focus on the protection, use, and control monitoring of PCI data, including any necessary certifications or audits.

Make your impact within a rapidly growing Fintech Company

* Assist in the build out of our common control framework (incl. SOC, ISO 27001, PCI-DSS, and HIPAA) and drive adoption of the framework within the organization
* Provide PCI guidance to BILL and manage the full PCI program and assessments
* Contribute to planning, scope development, and project execution for technology compliance related self-assessments, including design and operating effectiveness testing reviews and ensure results are appropriately documented and communicated.
* Collaborate with control owners to validate effectiveness of security controls and ensure control testability.
* Collaborate with the IT/cybersecurity team members, application owners, control owners, and stakeholders to achieve buy-in and successful results.
* Provide guidance for various technology projects, including the evaluation and recommendation of technical controls
* Support updates to and maintain currency of our control database, inventorying control ownership, control objectives, and testing objectives.
* Proactively identify opportunities for control automation
* Work with the team in the update of IS GRC compliance program documentation including: flowcharts, narratives, risk and controls matrices and evaluate scoping of controls as new systems are developed and/or process changes.
* Partner with Legal to support GDPR, CPRA, HIPAA and other global privacy related compliance initiatives
* Establish key IS metrics using KPIs

We'd love to talk to you if you have

* Combined 8+ years of experience in Technology risk and compliance roles). Preferably at a technology or SaaS / Cloud and / or as an auditor at Big 4 firm
* Deep understanding of and experience achieving/maintaining compliance with risk management methodologies, frameworks, and principles (e.g. SOX, COBIT, NIST, CSA, ITIL, PCI, GDPR, PCI-DSS, ISO 27001, NIST CSF, NIST 800-53), etc.).
* Possess strong oral and written communication skills along with refined presentation skills and the ability to work with other departments and varying levels of management, including senior leadership.
* Action-oriented with the ability to multi-task and work in agile, changing and fast growing environments
* Master's Degree in Business, Security, Computer Science, Data, or Risk
* CISSP, CRISC, CISA, CIPP, CRMA, PMP or similar license/certification
* Experience implementing Payment Card Industry (PCI) compliance frameworks and control sets.

Let's talk about benefits

* 100% paid health, dental, and vision plans (choose HMO, PPO, or HDHP)
* HSA & FSA accounts
* Life Insurance, Long & Short-term disability coverage
* Employee Assistance Program (EAP)
* 11+ Observed holidays and wellness days and flexible time off
* Employee Stock Purchase Program with employee discounts
* Wellness & Fitness initiatives
* Employee recognition and referral programs
* And much more

This role is based in California.

The estimated base salary range for this role is noted below for our office location in San Jose, CA. Additionally, this role is eligible to participate in BILL's bonus and equity plan. Our ranges for each role and job level are based on a variety of factors including candidate experience, expertise, and geographic location and may vary from the amounts listed above. The role is also eligible for a competitive benefits package that includes: medical, dental, vision, life and disability insurance, 401(k) retirement plan, flexible spending & health savings account, paid holidays, paid time off, and other company benefits.

San Jose pay range

$145,600-$174,700 USD

We live our culture and values every day

At BILL, we're different by design-it's our culture. Our CEO is a trusted entrepreneur who lives our cultural values: Humble, Authentic, Passionate, Accountable, and Fun. People here love being their authentic selves, contributing unique experiences, sharing ideas, perspectives, and intellectual curiosity. We celebrate our diversity as the heart and soul of how we work, grow, and succeed together. Inspiring people with meaningful career experiences they love really does make the dream work and our successes just keep getting better. There's no limit to what we can build and where we can go from here. We'd love you to join us.

BILL is proudly an Equal Opportunity Employer where everyone is welcome. Our innovation and technology are inspired by an inclusive culture unlike any other. Everyone brings a different personal story and perspective and this diverse mix of minds, backgrounds, and experiences is where our greatest ideas come from. We welcome people of all races, ethnicities, ages, religions, abilities, genders, and sexual orientations to make us an even more vibrant company. We want everyone to bring their authentic selves here, to share our values, shape our vision, drive innovation, and become part of a culture we celebrate every day.

BILL Culture:

* Humble - We check our egos at the door. We are curious. We listen, accept feedback.
* Authentic - We earn and show trust by being real-embracing our authentic selves.
* Passionate - We care deeply about each other and our customers.
* Accountable - We are duty-bound to each other, our customers, and society.
* Fun - We wrap it all together by building connections and enjoying time spent together.

Our Applicant Privacy Notice describes how BILL treats the personal information it receives from applicants

Keywords: Bill.com, San Jose , Info Security GRC Manager, Risk & Compliance, Executive , San Jose, California