GRC Lead
ThoughtSpot
Job Description
As a GRC Lead, you will play a critical role in safeguarding our organization's operations by
ensuring adherence to regulatory requirements, industry standards, and internal policies. You
will be responsible for identifying, assessing, and mitigating risks across various business
functions.
Key Responsibilities:
● Risk Management:
○ Conduct comprehensive risk assessments, including identifying, analyzing, and
prioritizing potential risks.
○ Develop and implement risk mitigation strategies and action plans.
○ Monitor and report on key risk indicators (KRIs) and risk appetite.
● Compliance:
○ Ensure compliance with relevant laws, regulations, and industry standards.
○ Conduct regular compliance audits and reviews.
○ Develop and maintain compliance policies, procedures, and standards.
○ Respond to regulatory inquiries and audits.
○ Ensure compliance with control frameworks (e.g. SOC1, SOC2, and ISO27001)
through control gap assessments
○ Manage control compliance activities and periodically report on compliance with IT
general controls to sustain compliance with defined control objectives.
● Governance:
○ Support the development and implementation of governance frameworks and
policies.
○ Participate in the governance committees and ensure effective decision-making.
○ Monitor and report on key performance indicators (KPIs) related to governance.
● Internal Controls:
○ Design, implement, and maintain effective internal controls.
○ Conduct internal control reviews and assessments.
○ Identify control gaps and recommend corrective actions.
● Reporting and Analysis:
○ Prepare regular reports on GRC activities, including risk assessments, compliance
audits, and internal control reviews.
○ Analyze data to identify trends and emerging risks.
○ Provide insights and recommendations to senior management.
Qualifications:
● Bachelor's degree in a relevant field (e.g., finance, accounting, risk management, or
information technology).
● Advanced certifications such as CISSP, CRISC, CISA, or ISO27001 Lead Auditor
● Minimum of 8 years of experience in GRC, risk management, or ITGC compliance.
● Strong understanding of IT general controls for regulatory compliance
● Experienced in independently coordinating and managing external audits for ISO27001,
SOC1, and SOC2.
● Experienced in managing IT compliance control activities and periodically reporting on
compliance with IT general controls.
● Strong understanding of regulatory frameworks (e.g., SOX, GDPR, CCPA).
● Intermediate knowledge and understanding of the Security of Networks, Data, and Public
Cloud e.g. AWS, GCP, and Azure
● Proficiency in risk assessment methodologies and tools.
● Excellent analytical and problem-solving skills.
● Basic project management skills.
● Ability to work independently and as part of a team.
● Ability to mentor junior team members.
● Ability to collaborate with various departments and teams across the globe
What makes ThoughtSpot a great place to work?
ThoughtSpot is the experience layer of the modern data stack, leading the industry with our AI-powered analytics and natural language search. We hire people with unique identities, backgrounds, and perspectives—this balance-for-the-better philosophy is key to our success. When paired with our culture of Selfless Excellence and our drive for continuous improvement (2% done), ThoughtSpot cultivates a respectful culture that pushes norms to create world-class products. If you’re excited by the opportunity to work with some of the brightest minds in the business and make your mark on a truly innovative company, we invite you to read more about our mission, and apply to the role that’s right for you.
ThoughtSpot for All
Building a diverse and inclusive team isn't just the right thing to do for our people, it's the right thing to do for our business. We know we can’t solve complex data problems with a single perspective. It takes many voices, experiences, and areas of expertise to deliver the innovative solutions our customers need. At ThoughtSpot, we continually celebrate the diverse communities that individuals cultivate to empower every Spotter to bring their whole authentic self to work. We’re committed to being real and continuously learning when it comes to equality, equity, and creating space for underrepresented groups to thrive. Research shows that in order to apply for a job, women feel they need to meet 100% of the criteria while men usually apply after meeting 60%. Regardless of how you identify, if you believe you can do the job and are a good match, we encourage you to apply.