Program Manager - Governance, Risk, and Compliance

Full Time
Barcelona, Spain
5 months ago

The worldwide data management software market is massive (According to IDC, the worldwide database software market, which it refers to as the database management systems software market, was forecasted to be approximately $82 billion in 2023 growing to approximately $137 billion in 2027. This represents a 14% compound annual growth rate). At MongoDB we are transforming industries and empowering developers to build amazing apps that people use every day. We are the leading developer data platform and the first database provider to IPO in over 20 years. Join our team and be at the forefront of innovation and creativity.

The MongoDB security team is looking for a Program Manager, Governance Risk and Compliance. This role will be responsible for analyzing, documenting and monitoring risk and compliance posture across our existing program.

This role can be fully remote in Spain, or based out of our Barcelona or Madrid offices with flexible in-office options.

MongoDB aligns its practices to multiple compliance frameworks in order to support our customer’s needs. The Program Manager, Governance Risk and Compliance role will provide support for MongoDB’s information security compliance team by leading third party audits, creating and maintaining comprehensive compliance documentation, arranging meetings, liaising with internal stakeholders to communicate compliance requirements and gather feedback, preparing data for further analysis and reporting, tracking meeting minutes and actions and providing general administrative support to enable continuous growth of the Governance, Risk and Compliance Program.

The ideal Program Manager, Governance Risk and Compliance candidate should have a good grasp on information security concepts that are relevant to cloud environments, demonstrated experience with documents and data handling, proven general administration, be familiar with change management enabling organizations to improve and/or establish efficient and effective processes and drive forward change. Familiarity with compliance programs or technical audits in  Information Security related frameworks (i.e. ISO 27001, PCI DSS, etc.) is a mandatory. 

This role will support building out an internal compliance program and help scale MongoDB Inc. to support our customer’s needs. MongoDB is a breakthrough company that is disrupting a $40B market. We’re looking for someone who is excited to take initiative and eager to learn. 

We are looking to speak to candidates who are based in Barcelona for our hybrid working model.

Responsibilities
  • Support the adoption of a central control framework that translates to our environment 
  • Support the centralization of compliance data (evidence, processes, policies, etc.) to help compliance teams improve their audit response time and create consistent responses across the team
  • Execute processes that manage high volumes of control performance data and report on them in an effective and accurate manner
  • Collaborate with compliance team leads on executing roadmaps for future GRC programs
  • Complete the initial gap assessment for compliance scope additions to understand overlap with existing framework and communicate requirements and estimated workloads to compliance leads
  • Support operational activities such as control performance assessment via NIST CSF Maturity assessment and monitoring of effectiveness of the GRC Programs
  • Support the GRC functions to help drive through ad-hoc deliverables as required 
  • Develop, review, and update documentation for MongoDB’s cloud customers
  • Assist in building dashboards and presentations for various audiences (executive, business unit, ops, etc.)
  • Support assessment activities as required to maintain compliance or evaluate the system by third party auditors
  • Work within ticketing flows to ensure various projects remain on target
  • Interface with and lead projects involving external auditors related to scheduling, drafting relevant communications and communicating metrics
  • Help schedule and track gaps and remediations related to periodic internal audits
  • Track internal Governance, Risk and Compliance actions, as well as present team roadmaps and timelines
  • Help track schedules and identify any obstacles that may impact milestones and key delivery dates  
  • Arrange meetings 
  • Draft meeting agendas based on meeting's goals
  • Draft presentations and communications around compliance program metrics
  • Take meeting minutes and actions and follow up on their completion 
Qualifications
  • Bachelor's degree or equivalent practical experience
  • Working knowledge of cloud controls and environments
  • Experience with cloud security and major compliance standards such as ISO 27001, SOC 2, PCI, NIST CSF
  • Experience with internal governance, risk, and compliance functions
  • Experience with policies, procedures, and governance frameworks in a highly regulated industry
  • Practical experience performing gap analysis, maturity assessments, and risk assessments
  • Experience managing projects or workstreams at the enterprise level
  • Experience implementing compliance technology and associated tools
  • Ability to engage organizational levels simultaneously, leading to solutions/sustainable programs
  • Knowledge of compliance and regulatory processes, including aligning policies to regulatory and business requirements
  • Excellent attention to detail and organizational skills 
  • Practical understanding of cloud security compliance, risk management and information security principles
  • Strong presentation building and communication skills
  • Strong analytical, diagnostic, and critical thinking skills
  • Excellent verbal, written and interpersonal communication skills with both technical and non-technical audiences
Preferred Qualifications
  • Experience with obtaining the Esquema Nacional de Seguridad (ENS) certification, ISO 20000, or ISO 22301
  • Experience working with Jira
  • Project management experience including:  
    • process, metrics and dashboard reporting
    • drafting communications
    • drafting meeting minutes
    • rollout of information security training and awareness program
    • project management support and reporting
  • A good understanding of audit process, methodology, standards and terminology -- CISSP, CISA, CISM, CRISC, ISO 27001 Lead Auditor or Implementor certifications welcome but not required
  • The ability to work in a fast-paced tech environment, managing multiple large scale projects simultaneously
  • A good understanding of Cloud Environments, Linux and Windows systems

To drive the personal growth and business impact of our employees, we’re committed to developing a supportive and enriching culture for everyone. From employee affinity groups, to fertility assistance and a generous parental leave policy, we value our employees’ wellbeing and want to support them along every step of their professional and personal journeys. Learn more about what it’s like to work at MongoDB, and help us make an impact on the world!

MongoDB is committed to providing any necessary accommodations for individuals with disabilities within our application and interview process. To request an accommodation due to a disability, please inform your recruiter.

MongoDB is an equal opportunities employer.