Governance, Risk and Compliance Manager

Business Innovation & Technology | Long Beach, California


Laserfiche is looking for a dynamic and driven individual to manage the corporate Governance, Risk and Compliance (GRC) function, which is part of the Business Innovation and Technology organization. The GRC Manager will have an opportunity to impact the company’s growth and work on fast-paced, high-profile projects. 

Laserfiche is the leading global provider of intelligent content management and business process automation. The Laserfiche® platform enables organizations in more than 80 countries to transform into digital businesses. Customers in every industry—including government, education, financial services and manufacturing—use Laserfiche® to boost productivity, scale their business and deliver digital-first customer experiences.

Responsibilities Include:

  • Manage the corporate GRC program that includes the ongoing assessment and continuous monitoring of the Laserfiche internal control environment
  • Perform risk assessments—including third party vendor assessments, and manage risk remediation activities
  • Manage the SOC 2, regulatory compliance and certification programs (e.g., ISO 27001, ISO 9001, FedRAMP)
  • Manage the business continuity management (BCM) program, including performing a business impact analysis (BIA), developing and testing business continuity plans (BCP), coordinating with ITS on disaster recovery planning and updating crisis management plans (CMP)
  • Collaborate with cross-functional teams (e.g., Legal, ITS, Development, Laserfiche Consulting, Marketing) to document, implement and manage IT and data privacy controls
  • Coordinate third party audits including written responses to RFPs on IT security, controls, data privacy and compliance
  • Serve as a subject matter expert on internal controls and security, and collaborate with Product Strategy and Development on product enhancements, features and security capabilities
  • Assist with special projects as needed for Business Innovation and Technology organization

What You'll Need:
  • Bachelor’s degree (BA) in management information systems, IT auditing, cybersecurity or related degree program
  • Minimum of 3-5 years of experience in IT auditing or security
  • Experience with third party attestations and IT controls documentation
  • Experience with industry regulations (e.g., HIPAA, PCI, GLBA) and leading frameworks such as AICPA Trust Services Criteria, COBIT, NIST standards (e.g., SP 800-30, SP 800-37, SP 800-53, SP 800-171) and ISO 27001
  • Certification in IT auditing, IT risk and/or security (e.g., CISA, CISSP, CRISC, CISM) is required
  • Ability to organize and prioritize projects in a fast-paced environment with minimal supervision
  • Excellent written and verbal communication skills
  • Prefer working in a collaborative, cross-team capacity, but with the ability to independently analyze information and solve problems

Click here to learn more about Life at Laserfiche

Laserfiche complies with all Equal Opportunity and Affirmative Action regulations. Laserfiche makes all employment decisions – such as recruiting, hiring, training, promotion, compensation, professional development practices, discipline and termination – without regard to race, religion, color, national origin, ancestry, citizenship, sex, pregnancy, age, creed, physical or mental disability, medical condition, genetic characteristic, marital status, veteran status, gender identity/expression, sexual orientation or any other characteristic protected by law, except as may be permitted by law.