Director, Governance, Risk, and Compliance

Job Overview:

We are seeking a highly motivated and experienced Director of Governance, Risk, and Compliance (GRC) to establish and lead our GRC function at Posit. This foundational leadership role requires a strategic and hands-on approach to building the department from the ground up, creating and implementing policies, frameworks, and processes to ensure compliance with regulatory requirements and manage risks across the organization. 

The ideal candidate will be adept at working in fast-paced environments, comfortable with ambiguity, and possess a deep understanding of software and cloud security compliance frameworks. You’ll work closely with senior leadership to ensure that our governance, risk, and compliance practices are aligned with our company’s mission and growth strategy.

You will be responsible for identifying and driving initiatives to ensure compliance with federal, state, and international security and privacy regulations and contractual obligations. Our products are used in a variety of regulated environments, and we must know not only how those regulations apply to us but also be able to confidently and consistently share this information with our customers.

Since its inception, Posit has operated as a 100% distributed company with a SaaS-based infrastructure. This presents unique challenges and requires pragmatism and creativity to be successful. This position requires the ability to be proactive and strategic while being comfortable rolling up one’s sleeves. 

Key Responsibilities:

• Establish and lead the GRC function, developing a comprehensive governance, risk, and compliance strategy tailored to our company’s size, industry, and regulatory environment.
• Develop and maintain a compliance roadmap to ensure alignment with business objectives, regulations, and customer expectations.
• Develop, implement, and maintain corporate governance policies, standards, and frameworks to manage risks and ensure compliance with applicable laws, regulations, and industry best practices.
• Perform risk assessments and build risk management processes to identify, analyze, and mitigate risks related to cybersecurity, data privacy, and operational activities.
• Lead the development and enforcement of compliance programs that address internal and external requirements, ensuring all employees understand and adhere to relevant policies and regulations.
• Collaborate with internal stakeholders (e.g., legal, product, IT, engineering) to ensure compliance requirements are integrated into product development, IT systems, and data management practices.
• Create and manage a regular reporting process to provide executive leadership with insight into the company’s risk posture, compliance status, and audit results.
• Stay current on evolving regulatory environments, security threats, and compliance best practices, ensuring the company adapts its security posture accordingly.
• Work closely with senior leadership to communicate the company's compliance status and risk posture, making recommendations for improvements where necessary.
• Provide training and guidance to employees on security compliance best practices and foster a culture of security awareness throughout the organization.
• Serve as the main point of contact for internal and external audits, managing audit readiness, audit responses, and any remediation activities.

About you:

• Experience in governance, risk, and compliance, with a strong background in cybersecurity, data privacy, and risk management in the software or technology sector.
• Experience working in a software company, particularly in remote, cloud-based environments, is highly preferred.
• Experience managing and responding to audits, regulatory reviews, and compliance reporting.
• Metrics-driven, understands, develops, and delivers meaningful risk-based operational dashboards and reports to a broad audience, demonstrating our current program state and adherence to frameworks and standards. 
• Strong project management and organizational skills, with the ability to manage multiple initiatives and priorities.
• Ability to think strategically while being hands-on with the development and execution of projects and initiatives.
• Excellent communication and interpersonal skills, with the ability to influence and collaborate effectively with cross-functional teams. You can communicate with people on all levels and help make complex issues easier to understand.
• You invest in strong relationships with your colleagues and employ empathy when working through their issues.
• You default to a collaborative and communicative mentality, believing that adversarial relationships harm an organization's long-term success.
• You are highly ethical, possess excellent decision-making capabilities, and execute good time management skills.

Posit offers competitive compensation with extensive human-first, people-focused benefits to prioritize your personal and financial well-being. Individual pay decisions are based on a number of factors, including qualifications for the role, experience level, and skillset. This hiring range reflects base salary and assumes that the job will be performed in the United States.

Working at Posit:

• We welcome all talented colleagues and are committed to a culture that represents diversity in all its forms.
• We prioritize giving ourselves “focus time” to get deep work done. We minimize meetings and attempt to operate asynchronously.
• We are a learning organization and take mentorship and career growth seriously. We hope to learn from you and we anticipate that you will also deepen your skills, influence, and leadership as a result of working at Posit.
• We operate under a unique sustainable business model: We have over 50% of our engineering dedicated to creating free and open source software.  We are profitable and we plan to be around decades from now.
• Posit is a Public Benefit Corporation (PBC) and a Certified B Corporation®, which means our open-source mission is codified into our charter. As a result, our corporate decisions balance the community's interests, customers, employees, and shareholders. Hear more about why we think this matters here.

Notable:

We offer competitive compensation with extensive human-first, people-focused benefits to prioritize your personal and financial well-being.

• 100% of medical, dental, and vision insurance premiums are covered for employees and their families! Fertility and gender-affirming healthcare is included in all of our plans.
• Supplemental mental health and wellness benefits are available via Ginger even if you don’t opt in to our insurance plans, including Ginger for teen family members.
• Posit's gender-neutral paid parental leave policy covers all new parents, including foster and adoptive parents.
• All full-time employees are eligible for 401k enrollment starting on day one.
• After six months of employment, Posit provides a substantial yearly match to employee 401K contributions.
• An annual profit-sharing bonus for employees recognizes our team’s contributions to company performance across the year.
• We are a 100% distributed team. You are also welcome to come into our Boston office. 
• We offer a $400 monthly reimbursement for coworking space rental if you prefer to work away from home. 
• Our Lifestyle Savings Account offers an initial deposit of $1800 and then an additional quarterly stipend of $375 to cover the costs of professional development, wellness, financial health, charitable giving, and remote work support.
• We provide a flexible environment with a generous vacation policy that encourages a minimum of four weeks PTO per year plus 13 paid company holidays.

Are you excited about this role but not sure if your experience aligns with every qualification in the job description? That’s okay. We know multiple perspectives are essential for a thriving organization and we'd still love to hear from you! 

Posit is committed to being a diverse and inclusive workplace. We encourage applicants of different backgrounds, cultures, genders, experiences, abilities, and perspectives to apply. All qualified applicants will receive consideration for employment without regard to race, color, national origin, religion, sexual orientation, gender, gender identity, age, physical disability, or length of time spent unemployed.

Posit Software, PBC participates in the federal E-Verify program, which confirms employment authorization of newly hired U.S. based employees. E-Verify is not used as a tool to pre-screen candidates and is only initiated upon hire.

E-Verify Participation Notice (English/Spanish)

Right to Work Notice (English/Spanish)

#LI-REMOTE