Senior GRC Specialist

Ping Identity

Ping Identity

Operations
Burlington, MA, USA
Posted on Dec 15, 2021

At Ping Identity, we're changing the way people think about enterprise security technology. With our innovative Identity Defined Security platform, we're helping to build a borderless world where people have total freedom to work wherever and however they want. Without friction. Without fear.

We call this digital freedom. And it's not just something we provide our customers. It's something that drives our company. People don't come here to join a culture that's built on digital freedom. They come to cultivate it.

We're headquartered in Denver, Colorado, and we have offices and employees around the globe. And we serve the largest, most demanding enterprises worldwide, including over half of the Fortune 100. Because even in the most complex enterprise environments, security shouldn't be a source of anxiety. It should be one of your greatest competitive advantages.

As a specialist working in Ping's Denver office, you will develop an overall understanding and solid foundation in Information Security Governance, Risk and Compliance. You will work with essential players, performing and improving the current control environment, promoting security awareness and monitoring metrics to measure control effectiveness and other projects based on specialized plans. You will resolve security and process control problems along with analyzing several applications and networking software. You will also support answering any control environment or regulatory questions for Ping. You will help maintain standards and documentation. You will report to Ping's Manager of Security Governance, Risk, and Compliance.

This position is open to all experience levels from Associate through Senior Level.

You will:

  • Provide subject matter technical expertise on areas of security, privacy and regulatory compliance to support Ping Identity's interactions with customers while promoting assurance of Ping Identity's security and privacy program.
  • Promote awareness of security and control issues among management and ensure sound principles are reflected in our vision and goals.
  • Provide input to the company risk management process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and training materials).
  • Complete security due diligence questionnaires for customers and prospects.
  • Create external and customer-facing technical security and privacy compliance materials.
  • Work with important players to determine compliance with regulatory and compliance requirements.
  • Manage our audit of services and solutions and maintain adherence to compliance and regulatory frameworks, such as ISO 27001, SOC2, GDPR and CCPA.