Staff GRC Engineering Specialist

This is a fully remote position, open to applicants in India.

📋 Description

• ChargePoint is seeking a GRC Engineering Specialist to improve ITGCs and automate processes for a more efficient and mature Governance, Risk, and Compliance program, while ensuring compliance with SOX and other standards such as ISO 27001, SOC 2, PCI, and FedRamp.

• The GRC Engineering Specialist will be responsible for the ITGC SOX program as part of the second line of defense, overseeing the enhancement of tools and automations to streamline controls and compliance efforts across various frameworks, and advocating for automation initiatives in security risk management, including risk assessments, remediation, and reporting for leadership, vendor onboarding security assessments, and customer/prospect security reviews.

• This role presents a fantastic opportunity to further develop our GRC program while introducing innovation and optimizing compliance efforts. The successful candidate will have extensive IT and Information Security audit, compliance, and risk management expertise, along with experience utilizing AI and automated tools and techniques in projects and assessments.

• Introduce innovative and distinctive capabilities that enhance our overall GRC program and align risk strategies with business objectives. Promote a common control framework approach.

• Improve internal processes, policies, and programs by integrating AI or other automation solutions to streamline compliance efforts while ensuring adherence to compliance requirements.

• Lead internal functions in the application, maintenance, and enhancement of access management, change management, and operational systems, procedures, and department-specific processes for both current and future IT systems that fall within scope.

• Establish credibility and maintain strong working relationships with key stakeholders across the business, as well as internal and external auditors, to understand their ongoing and planned activities that impact ITGC SOX, ISO 27001, SOC 2, PCI, and FedRamp.

• Collaborate with control owners and operators to validate the completeness and accuracy of ITGC control execution, ensuring that ITGCs are well-designed, ChargePoint documentation is audit-ready, and controls are effectively executed and monitored.

• Oversee IT SOX compliance activities, including annual planning, scoping, and collaboration with auditors for the same, as well as conducting walk-throughs and receiving control evidence.

• Develop reporting mechanisms to track and monitor overall Compliance, Risk Management, and other security project statuses as required for monthly and quarterly updates to senior management.

⛳️ Requirements

• Bachelor’s degree in general business, Information Systems, Engineering, Science, or a related field, along with a minimum of 5 years of relevant experience.

• At least 8 years of audit and project management experience leading ITGC SOX, SOC 1/2/3, or IT Internal Audit activities and programs to support compliance efforts.

• Strong knowledge of Sarbanes-Oxley, COBIT, ISO 27001, SOC 2, NIST 800-53, PCI DSS, and the commonalities among frameworks and standards.

• A solution-oriented mindset and a risk-based approach to identifying, evaluating, and mitigating critical compliance risks, operational technology risks, and associated business and governance processes.

• Experience in collaborating with and managing both internal and external auditors.

• Familiarity with SaaS applications such as NetSuite, Workday, Salesforce, GitHub, and infrastructure providers like AWS and Google Cloud from an IT controls perspective, with the ability to comprehend in-house developed systems and CI/CD development processes.

• Strong written and verbal communication skills, with the ability to influence a broad range of stakeholders (including Engineering, IT, Legal, Auditors, Product, Finance, etc.) and report on policy and compliance results and risks.

• Excellent organizational abilities.

🏝️ Benefits

• Health insurance

• Paid time off

• Professional development opportunities