Easter Seals Jobs

JOB DESCRIPTION

This role is part of Vertafore’s Information Risk Management program and will be responsible for assessing, managing, and mitigating risks related to V4’s information assets and business processes. This role involves conducting risk assessments, developing risk management strategies, and ensuring compliance with regulatory requirements, industry standards, and client-related obligations. This individual will play a pivotal role in ensuring that Vertafore’s operations, products, and services are compliant with industry standards while helping to mitigate risks and support governance initiatives.

Core Requirements and Responsibilities:

Essential job functions included but are not limited to the following:

· Perform risk assessments and conduct security audits across departments to ensure compliance with regulatory and industry standards.

· Maintain and enhance cybersecurity metrics to ensure that KPIs and KRIs are used to make informed risk decisions.

· Collaborate with internal teams (product, legal, IT, and development) to develop, implement, and maintain Formstack’s security policies, controls, and procedures. - Assist in the preparation and facilitation of external audits and certifications (e.g., SOC 2 audits, ISO 27001 certification processes).

· Assist in the maintenance and enhancement of Vertafore’s risk management framework, including the identification, assessment, and mitigation of operational, legal, and regulatory risks.

· Provide guidance on governance initiatives and best practices to help improve organizational alignment with compliance and risk management standards. Assist with Information Risk Management projects to help improve organizational alignment with compliance and risk management standards.

Knowledge, Skills, and Abilities:

· Hungry to learn and grow in a fast-growing technology company

· Clear communication skills, with the ability to tailor messaging to the intended audience

· Can carry out specific tasks and execute plans while providing constructive feedback

· Ability to maintain a positive attitude in a dynamically changing environment

· Requires minimal management attention—self managed and can work in a fluid environment

· Must be inquisitive and quick learner with attention to detail

Qualifications:

· 5+ years of experience in Governance, Risk, and Compliance (GRC) or a related field, ideally within a SaaS, technology, or healthcare-related environment. Strong knowledge of industry standards and frameworks, including NIST 800:53, SOC 2, or ISO 27001.

· Demonstrated experience conducting risk assessments, security audits, and managing compliance projects.

· Hands-on experience with cloud security and compliance in environments like AWS. Strong understanding of all aspects of cybersecurity including, but not limited to, application security, endpoint security, network security, identity and access management, and zero trust.

· Bachelor’s degree in a relevant field (e.g., Information Security, IT, Business, Law, Engineering) (Preferred)

· Certifications such as CISA, CRISC, CGRC, CRMA, CISM, or CISSP (Preferred)