Senior Manager, Risk and Compliance

Business Innovation & Technology | Long Beach & Remote States, United States


Laserfiche is looking for a dynamic and driven individual to manage the corporate Governance, Risk and Compliance (GRC) function, which is part of the Business Innovation and Technology organization. The Senior Manager of Risk and Compliance will be responsible for IT and business risk management, business continuity management, data privacy and regulatory compliance initiatives, vendor risk assessments, industry security certifications and other areas.

The Senior Manager of Risk and Compliance will have an opportunity to impact the company’s growth and work on fast-paced, high-profile projects. If you have excellent communication skills and the drive to get things done, we want to hear from you!

Eligible States for Remote Work: Arizona, California, Florida, Georgia, Hawaii, Maryland, Massachusetts, Minnesota, Nevada, Ohio, Oregon, Texas, Utah, Virginia, Washington, Washington DC, West Virginia and Wisconsin

What You'll Do:

  • Manage the corporate GRC program that includes the ongoing internal audits, assessments and continuous monitoring of the Laserfiche internal control environment
  • Perform risk assessments—including third party vendor assessments, and manage risk remediation activities
  • Manage the SOC 2, regulatory compliance and certification programs (e.g., ISO 27001, ISO 9001, FedRAMP)
  • Manage the business continuity management (BCM) program, including performing a business impact analysis (BIA), developing and testing business continuity plans (BCP), coordinating with ITS on disaster recovery planning and updating crisis management plans (CMP)
  • Collaborate with cross-functional teams (e.g., Legal, ITS, Development, Laserfiche Consulting, Marketing) to document, implement and manage IT and data privacy controls
  • Coordinate third party audits including written responses to RFPs on IT security, controls, data privacy and compliance
  • Serve as a subject matter expert on internal controls and security, and collaborate with Product Strategy and Development on product enhancements, features and security capabilities
  • Assist with special projects as needed for Business Innovation and Technology organization

What We're Looking For
  • Bachelor’s degree (BA) in management information systems, IT auditing, cybersecurity or related degree program
  • Minimum of 3-5 years of experience in IT auditing or security
  • Experience with third party attestations and IT controls documentation
  • Experience with industry regulations (e.g., HIPAA, PCI, GLBA, GDPR, CCPA) and leading frameworks such as AICPA Trust Services Criteria, COBIT, NIST standards (e.g., SP 800-30, SP 800-37, SP 800-53, SP 800-171) and ISO 27001
  • Certification in one IT audit, IT risk, privacy and/or security (e.g., CISA, CISSP, CRISC, CISM) area is required
  • Ability to organize and prioritize projects in a fast-paced environment with minimal supervision
  • Excellent written and verbal communication skills
  • Prefer working in a collaborative, cross-team capacity, but with the ability to independently analyze information and solve problems

What We Offer:
  • Remote work opportunities + hybrid work arrangement
  • Temporary or permanent workplace relocation in states we have a business presence
  • Paid volunteer days to give back to the community
  • 15 days of paid time off (to start) + 5-day year-end closure + 3 additional 'me' days

  • 9 days of paid public holidays
  • Generous 401 (k) employer match contribution
  • Professional development and career growth opportunities
  • Mentorship program participation to inspire the rising leaders of Laserfiche
  • Employee Resource Groups (ERG) and opportunities to contribute to our DEI initiatives
  • Employee Referral Program to gain extra cash

About Us:
Laserfiche is the leading SaaS provider of intelligent content management and business process automation. Customers in 5+ industries use Laserfiche cloud-first development approach to boost productivity, scale their business and deliver digital-first customer experiences.

Laserfiche employees in offices around the world are committed to the company’s vision of empowering customers and inspiring people to reimagine how technology can transform lives.

Click here to learn more about Life at Laserfiche.

Laserfiche complies with all Equal Opportunity and Affirmative Action regulations. Laserfiche makes all employment decisions – such as recruiting, hiring, training, promotion, compensation, professional development practices, discipline and termination – without regard to race, religion, color, national origin, ancestry, citizenship, sex, pregnancy, age, creed, physical or mental disability, medical condition, genetic characteristic, marital status, veteran status, gender identity/expression, sexual orientation or any other characteristic protected by law, except as may be permitted by law.