Cybersecurity GRC Manager

ButterflyMX is your leading property technology company that aims to simplify property access for owners, staff, residents, and visitors. Our innovative access control solutions are relied upon by more than 10,000 multifamily, commercial, student housing, and gated communities worldwide, including the most trusted names in the real estate industry.

ButterflyMX is growing exponentially, and we want you to grow with us!  We’re looking for top-tier talent who want to supercharge their careers in a high-growth, innovative, and industry-changing company. 

At ButterflyMX, we value exceptional people who are intelligent, passionate, collaborative, and balanced. As a distributed workforce, we offer a transparent and flexible culture, along with benefits like a 401(k) match and quarterly stipends for self-care. We work hard to continually improve the experience of everyone in our communities while also finding time to enjoy our personal passions.

At ButterflyMX, we are committed to maintaining the highest standards of governance, risk management, and compliance as we drive innovation in Property Tech. We are seeking an experienced and proactive GRC Manager to ensure that our organization and its operations align with industry best practices and regulatory requirements.

The Compliance Manager will facilitate the development, implementation, and management of our Governance, Risk, and Compliance (GRC) programs. Responsibilities will include ensuring adherence to SOC 2, ISO 27001, GDPR, and CCPA standards by managing daily compliance operations, conducting comprehensive analyses, assessments, and audits. This role will work closely with various departments to identify, evaluate, and mitigate risks, ensuring that our company’s policies and procedures align with regulatory requirements and support our overall business objectives. The Compliance Managerwill be tasked with developing and managing an internal audit program, overseeing daily risk management activities, and ensuring the security of vendors and third-party partners. 

Responsibilities:

• Compliance Management: Oversee compliance programs to ensure adherence to relevant laws, regulations, and industry standards. Manage internal and external audits, and ensure findings are addressed.
• Risk Management: Identify, assess, and prioritize risks to the organization, and implement risk mitigation strategies across all business units. Key responsibility will be proactively managing the ButterflyMX Risk Register.
• Governance: Develop and maintain governance frameworks that support business objectives while ensuring compliance with internal policies and external regulations.
• Policy Development: Create, update, and enforce policies and procedures related to governance, risk, and compliance to maintain a robust control environment.
• Training and Awareness: Develop and deliver training programs to educate employees on GRC principles, policies, and best practices.
• Incident Management: Lead the response to compliance-related incidents, including investigations, remediation, and reporting.
• Reporting: Prepare regular reports for senior management and the board on the status of GRC initiatives, risk assessments, and compliance audits.
• Collaboration: Work closely with legal, finance, IT, and other departments to integrate GRC practices into all aspects of the business.
• Continuous Improvement: Continuously monitor and improve the GRC framework to adapt to changes in the business environment, regulations, and emerging risks.
• Customer & Prospect Questionnaires: Respond to security questionnaires from existing customers and prospects.

Requirements

• 5+ years of experience in governance, risk management, and compliance roles in a startup company using Cloud Technologies
• Must have successful completion of a SOC2 Type 2 audit for a startup company providing SaaS on AWS, Mobile &/or IoT solutions
• Strong knowledge of regulatory requirements and industry standards (e.g., SOC2, ISO 27001, SOX, GDPR).
• Experienced managing GRC with a modern tech stack including AWS, Google Workspace, Github, JIRA, Windows, Linux, Kubernetes, Terraform..
• Proven experience in developing and implementing GRC frameworks and programs.
• Analytical mindset with the ability to assess and prioritize risks.
• Excellent communication skills, with the ability to influence and educate stakeholders at all levels of the organization.
• Proactive and strategic thinker with strong problem-solving skills.
• Certifications: Relevant certifications such as CISSP, CISA, CISM
• Experience with GRC tools and platforms such as Drata, Vanta or something similar
• Experience Managing Third Party Risk
• Nice to have: Implementation of Cyber Risk Quantification Program

Benefits

• Comprehensive Medical (ButterflyMX covers 90% of the cost) starting day 1
• Dental and Vision plans (ButterflyMX covers 100% of the cost) starting day 1
• 401(k) plan with a match
• 13 paid holidays and 25 days of PTO
• Paid Family Leave
• Employee Assistance Program
• Quarterly self-care stipends
• HealthAdvocacy Program
• Access to optional benefits, including pre-tax flexible healthcare spending accounts (FSA and HSA), Dependent Care FSA, and Commuter Benefits, as well as optional Supplemental Life, AD&D, Hospital Indemnity, Disability, Legal, Accident, Critical Illness, Pet, and Personal Liability Insurance
• Collaborative, dynamic work environment filled with kind, intelligent people who are working hard on an industry-defining product

EEO STATEMENT

ButterflyMX is an equal-opportunity employer, and we value diversity at our company. We strive to create an accessible and inclusive experience for all candidates and employees. We do not discriminate based on race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. You must have the authorization to work in the US to become an employee. Please let our recruiting team know if you need reasonable accommodation during the application or the recruiting process.