Global Director IT Governance & Compliance

About us

Luminar Technologies, Inc. (Nasdaq: LAZR) is transforming automotive safety and autonomy by delivering the only lidar and associated software that meets the industry’s stringent performance, safety, and economic requirements. Luminar has rapidly gained over 50 industry partners, including a majority of the top global automotive OEMs. In 2020, Luminar signed the industry’s first production deal for autonomous consumer vehicles with Volvo Cars, which now expects to make Luminar’s technology part of the standard safety package on their next generation electric SUV. Additional customer wins include Mercedes, SAIC, Daimler Truck AG, Intel’s Mobileye, Pony.ai and Airbus UpNext. Founded in 2012, Luminar employs approximately 400 with offices in Palo Alto, Orlando, Colorado Springs, Detroit, Bangalore and Munich.

For more information, please visit www.luminartech.com

About the role

Luminar Technologies is seeking a technically hands-on Global Director IT Governance & Compliance Leader. This role is an experienced execution-focused technology leader reporting to the Head of Cybersecurity, who can build, monitor, and enforce the Company’s IT governance and compliance strategy, standards and processes for the organization. Initially a tactical focus on preparing and delivering successful customer & regulator audit performance, this role will quickly mature into a proactive IT governance function for Luminar. The ideal candidate should have extensive experience in designing governance, compliance, and audit support programs which protect our systems, infrastructure, and data, ensuring business continuity and regulatory compliance by collaboratively working across the different functions in the organization. 

This is a first set of lead hires for this function, as we look to augment this function at Luminar, Bangalore. You will be part of a high cross-functional team and responsible for rapid prototyping and product development at Luminar.

Responsibilities 

• Lead and manage the Company’s IT Audit, and Change Management programs
• Lead Data Protection & Privacy certification efforts for the IT organization in coordination with the Company enterprise risk team (ISO 2700X, SOC2, GDPR, CCPA, TISAX, etc)
• Manage responses to associated regulator, customer, and vendor inquiries in partnership with Legal, IT, Cybersecurity, Internal Audit, and business teams
• Build, deploy, and lead a comprehensive governance and risk management program
• Ensure security processes and procedures are effective and prepare reports of findings for review by management including recommended remediation, as necessary
• Conduct periodic reviews of information security policies, procedures, and compliance and prepare reports of findings for review by management
• Ensure US Sarbanes-Oxley (SOX) and other key audits and reviews of various controls, applications, systems (ITGC) are conducted according to standards
• Manage and maintain strict & comprehensive documentation processes in alignment with global industry & regulatory best practices
• Develops metrics and reporting frameworks to measure the efficiency and effectiveness of the GRC program(s) - facilitate appropriate resource allocation, increase the maturity of the IT, Facility, Product, and OT security, and review it with stakeholders at the executive level
• Ensure that Luminar’s systems, processes, people, and facilities meet or exceed relevant customer, industry, and regulatory security standards and requirements
• Provides regular reporting on the current status of all programs and activities within their portfolio to support business outcomes
• Assist with maintenance of the Security Risk Assessment Model and supporting threat vulnerability risk assessments as required
• Work closely with Engineering, IT, physical security, Finance, Internal Audit, Legal, Human Resources teams and external partners to ensure alignment and effective end-to-end protective posture for Luminar

Required Skills and Qualifications

• Bachelor’s Degree in Information Systems, Management Information Systems, Governance & Risk Management, IT Compliance & Audit, Computer Science or a related field
• 7-10+ years of relevant work experience 
• Demonstrated expert-level knowledge of ISO 2700X, SOC, Trust domains, Webtrust, and other  frameworks, to include detailed expertise in SOC1 & SOC2 (Type 2) reviews
• Deep domain expertise in Information Technology governance & management and change management frameworks to include, but not limited to:  ITIL, COBIT,  Val IT, Weill Ross, etc
• Expert-level experience with Security Governance Standards, business continuity planning, enterprise risk management (ERM), computer security incident response (CSIR), and security compliance audits
• Deep domain expertise in highly regulated industries (Automotive, Transportation, Finance, critical infrastructure, etc)
• Documented success leading IT compliance and/or GRC at a large international company
• Experience successfully building & leading programs that effectively navigate global regulatory frameworks including in the US & Canada, European Union, India, and Asia Pacific region
• Experience with common GRC & Change Management tools - eg: AuditBoard, Zendesk, Archer, ServiceNow, etc
• Extensive experience documenting SOX controls and testing requirements
• Ability to consistently execute against tight deadlines with incomplete or ambiguous information in rapidly changing environments as evidenced through documented international experience
• Excellent verbal and written communication skills
• Highly self-motivated and directed with attention to detail
• Experience working in a team-oriented, collaborative environment
• Strong written and oral communication and time management skills
• Native-level professional English fluency required, additional language ability a plus
• Valid passport with no restrictions on business travel to Luminar’s areas of operation
• Travel up to 10% (according to relevant national and international COVID-19 safety guidelines)

Preferred Skills and Qualifications

• CISSP, CISA, GSEC, CIPP/US, CIPP/EU or similar industry certifications
• IT Audit management gained from employment with Big 4 Audit & Consulting firms
• Experience supporting fast moving or startup business organizations
• Experience in Automotive, Finance, or High-Tech Industry a plus
• Experience with autonomous vehicles or connected car a plu