“It all starts with people.”

Inside every company, behind every brand­—while business success is often measured in profit, it has always been powered by people.

At ChannelAdvisor we firmly believe people are the heart of any organization—including our own. That’s why a career at ChannelAdvisor provides much more than simply pay and perks. We’re dedicated to empowering people, solving tough problems, and helping careers flourish inside & out.

ChannelAdvisor is looking for a Security GRC Specialist to provide the highest quality of information security solutions to our SaaS customers and our corporate systems.

Reporting to the Director of Information Security, the Security GRC Specialist's primary role will be to ensure our Information Security program is aligned in a way that supports the organization's business goals, that risks are identified and addressed, and that our activities meet the laws and regulations to which we are subject.

Governance:

• Create a security governance framework that includes creation and regular update of internal security policies, standards and controls, and applicable regulatory guidelines.
• Identify and implement continuous improvement activities for Information Security  Governance, Risk Management and Compliance
• Establish and maintain key stakeholders relationships across the company (Engineering, MIS, Internal Audit, Legal, Operations)
• Work closely with the Information Security Director to grow our internal Security capabilities
• Company’s Information Security Master Plan development and update
• Cybersecurity awareness and training
• Regular information Security reporting
• Third-party assurance process management
• Coordinate internal and external audit activities 
• Propose additional policies, or changes to existing policies, based on identified gaps

Risk:

• The Security GRC Specialist will lead the company’s Information Security Risk Management process (risk assessment, evaluation, mitigation, and monitoring):
• The Security GRC Specialist is a support position for the global CISO to assist with risk assessments, risk mitigations, exceptions, and escalations within the the company’s Security Risk Management program
• Assist in defining the organization's technology risk appetite and create a strategy to deliver a robust Information Security Risk Framework that enables business while mitigating information security risks
• Will focus on the reporting of Security Risks, preparing Information Security Risk reports and registers, and tracking actions to reduce identified risks
• Identify existing security measures, assess gaps and residual risks
• Lead the Vendor Security Risk Management program  

Compliance:

• Lead the department-wide compliance program, ensuring activities, processes, and procedures meet defined requirements, policies, and regulations.
• Execute strategy for dealing with increasing number of audits, compliance checks and external assessment processes from customers and external auditors relating to effective security practices, SOC 2, Data Privacy, SOX, ISO 27001/2, etc.
• Coordinate with other leaders on our privacy program, and relationship with the legal department in regards to privacy practices
• Help to track and comply with all the cybersecurity local regulatory requirements for ChannelAdvisor’s global clients (including US, EU, AU)
• Perform other compliance related tasks as assigned by management
• In collaboration with the legal teams, identify the laws and regulations applicable to ChannelAdvisor
• Manage, monitor and report on the implementation of regulatory controls
• Manage the remediation activities from assessments, audit findings and compliance related issues
• Follow up activities required for compliance in all areas of the company and assist in the completion of these activities
• Build and maintain a plan for continuous data privacy protection compliance

• Bachelor’s Degree in Computer Science, Information Security Management or related field (or equivalent experience)
• 6+ years of experience in security governance, risk, and compliance, or related fields required
• Proven understanding of best practices regarding security risk and assurance with the application of cybersecurity/IT control frameworks and standards, including but not limited: SOC 2, ISO27001, NIST CSF, Cloud Security Alliance and GDPR/CCPA
• In-Depth knowledge of internal control concepts (COSO or COBIT frameworks), principles, and techniques 
• Experience in conducting security audits, reviews and security risk assessments, and making recommendations for controls implementation to achieve compliance with applicable regulations
• Preferred: Proven track record working in a Big 4 with experience in GRC projects for complex and international companies.
• One or more of the following Information Security certifications: ISC2 (CISSP), ISACA (CISM/CISA), or CompTIA (Security+)
• Preferred: Privacy certifications: IAPP (CIPP/CIPM), or ISACA(CDPSE)
• Excellent verbal and written English communication skills, including report writing and technical documentation
• Must be able to work in a fast-paced environment and manage multiple projects concurrently
• Experience in project and team management

The ChannelAdvisor Experience

Together We Win

We take a whole-person approach to engage and support our ChannelAdvisor team. We believe the diversity of our global team is an advantage. If you’re curious, innovative, determined, and customer-focused, then you’ll love the challenge and rewards of collaborating as a team to help our customers win. We offer competitive salaries, commission, and short-term incentive programs that recognize your hard work and results. Because when our customers win, we win. And when we win, you win.

Work Where It Works

You’ll have the flexibility to have a working arrangement that works best for you, and serves the needs of our customers and our business. With your manager, you’ll decide on a schedule and work location that sets you up for success. You can choose to work in the office of your assigned location, your home office or both. And if things change, no problem. Just work it out with your manager.

Take Time to Recharge

The ChannelAdvisor team has a passion for going above and beyond. Taking time away to recharge is important so you can bring your best. We offer programs that provide you flexibility and time away. We offer competitive health care and wellness programs, generous paid time off and programs for new parents that help you make work fit into your life — and not the other way around.

Give Back To Our Communities

We care about our communities. Our Day to Give Back provides you one day each year to volunteer in your community for an organization or cause that is important to you, and therefore, important to us too.

We’re Growing, Come Grow With Us

We’re growing. So that means there are opportunities for you to grow too. We work to create an environment where everyone who is committed, works hard, and delivers results can thrive and grow. You can connect with one of our employee resource groups and support our diversity, equity and inclusion task force, network with like-minded ChannelAdvisor team members, and showcase your leadership skills. Our focus on internal career growth is intentional. Our professional development stipend and learning and development offerings help you build the skills and connections you need to move forward in your career. Plus, our Leadership Academy offers in-house management development classes to grow our leaders from within.