Job description

What your impact will look like: - Manage the CJIS program, including CJIS policies, procedures, and audits. - Serve as the CJIS expert, providing guidance for planned product or roadmap changes that may impact the CJIS environment or program - Perform regular internal CJIS compliance audits and manage the external CJIS audits, including to support customer CJIS programs or FBI audits - Manage overall compliance and audit program, including TxRAMP, StateRAMP, ISO 27001, SOC 2, PCI, HIPAA, FISMA, and Cyber Essentials - Lead and manage the security program initiatives, ensuring alignment with Granicus’ security objectives - Maintain and develop additional audit runbooks, documenting control implementation, evidence requirements, and internal references - Manage internal and external audits, including scheduling the audits, preparing internal teams for audit discussions, managing evidence requests, and tracking findings or continuous improvement recommendations - Drive compliance control management program improvements, including common control mapping and template creation - Collaborate with cross-functional teams for PCI program efficiencies across multiple products - Lead continuous improvement reviews for response and recovery, including incident response, backups, failover / switchover, disaster recovery, and business continuity - Manage the Third Party Risk Management program and partner with the Procurement working group - Manage review and update of CJIS policies and procedures documents - Support review and update cycles of other information security policies and trainings, along with other security stakeholders - Manage internal and external customer requests - Manage and grow the security answer library, customer resources, and internal FAQ - Maintain and create additional customer security collateral to enable pre and post sales customer resources - Other duties as assigned You'll love this job if you have: - 7+ years in information security, with at least 3 years managing an information security team - 5+ years managing CJIS compliance programs and audits - Demonstrated expert level knowledge and experience with CJIS policies, procedures, and compliance requirements - Experience managing multiple compliance frameworks, such as FedRAMP, other *RAMP programs, FISMA, CJIS, SOC 2 Type II, HIPAA, PCI, ISO 27001, CyberEssentials - Experience working in a highly regulated environment is a plus (e.g., CJIS, HIPAA, FISMA, government, finance/banking, healthcare, or FedRAMP / DoD IL) - Proven track record of managing large-scale security programs and initiatives, working with cross-functional teams - Experience managing third party audits, such as FedRAMP, ISO 27001, and SOC 2 in order to manage audit planning, audit activities, and projects to build out audit runbooks - Experience working with a robust product set of software and cloud services, including SaaS offerings hosted in AWS, Azure and/or GCP - Strong understanding of cloud security controls, including network security and data protection controls - Familiarity with common security technologies, including SIEM, firewalls, IDS/IPS, encryption tools, and endpoint protection - Excellent leadership and interpersonal skills; strong communication skills, written and verbal - Experience working with software development and cloud operations teams at a SaaS and software company - Ability to communicate complex requirements and security concepts to technical and non-technical teams - Detail-oriented and able to manage multiple projects effectively - Relevant degrees or security certifications are a plus, such as CISSP, SEC+, CISM, CISA, CDPSE, or equivalent

Requirements