GRC Strategy Manager

New York City, Remote North America

The database market is massive (the IDC estimates it to be $119B+ by 2025!) and MongoDB is at the head of its disruption. The MongoDB community is transforming industries and empowering developers to build amazing apps that people use every day. We are the leading modern data platform and the first database provider to IPO in over 20 years. Join our team and be at the forefront of innovation and creativity.

MongoDB is seeking an experienced GRC Strategy Manager to lead and build out MongoDB’s governance, risk and compliance program.

MongoDB aligns its practices to multiple compliance frameworks in order to support our customer’s needs. As we continue to grow and service customers globally in heavily regulated markets, MongoDB is expanding to support more compliance frameworks. The GRC Strategy Manager will support compliance efforts by identifying, analysing and measuring existing and future customer demand as it relates to compliance frameworks. The GRC Strategy Manager will also perform gap analysis activities, work with internal stakeholders to determine potential impact of new compliance requirements and maintain accurate and complete customer facing documentation with regard to the compliance features of the MongoDB products.

The GRC Strategy Manager should be experienced in performing audits in several Security Related frameworks (i.e. SOC2, PCI DSS, NIST SP 800-53) and has a clear understanding of both technical and non-technical security Controls.

This is a critically important role and a great opportunity to build out an internal governance, risk and compliance program and help scale MongoDB Inc. to support our customer’s needs. MongoDB is a breakthrough company that is disrupting a $68B market. This position has significant growth potential and we’re looking for someone who is excited to take initiative and help lead. This position is based out of our New York City or London offices (with the option for remote work also being available).

Candidate Profile

The right candidate for this role will have:

  • Technical security documentation (i.e. white papers, controls mapping, blog posts, evidence and due diligence packs, workflows & diagrams) development, editing and maintenance experience
  • Ability to conduct market research and comparative studies
  • Ability to communicate clearly to various levels of management (including executive management), across various business functions (including engineering, product and sales)
  • Solid understanding of Security Controls; experience with audit, advisory, consulting is beneficial
  • Previous experience and/or familiarity with related compliance frameworks (i.e. ISO27001, SOC2, HITRUST, PCI, FedRAMP) is beneficial
  • The ability to work in a fast-paced tech environment, managing multiple large scale projects simultaneously
  • Minimum 3 years experience of supporting or leading technical assessment to support compliance efforts
  • Bachelor’s degree in Computer Science, Cyber Security, Information Security, Information Systems Management, Information Technology Auditing or related relevant field
  • A strong understanding of Cloud Environments, Linux and Windows systems
  • CISM, CRISC, CISA, CISSP, CCSP certifications welcome but not required
  • An entrepreneurial spirit -- you enjoy challenges across broad range of disciplines
  • Experience interfacing with technical and non-technical persons on Compliance and Security Topics

Position Expectations 

  • Develop and deliver Technical Compliance collateral and training
  • Interface with and Lead projects involving customers and MongoDB Sales
  • Interface with MongoDB product managers to drive customer compliance requirements
  • Support periodic external and internal audits, assessments and reviews, as needed
  • Support and respond to customer compliance and security information requests
  • Develop metrics to measure the GRC programs
  • Define roadmaps and necessary capabilities for future compliance needs
  • Be the subject matter expert on Customer Compliance documentation for MongoDB Inc.
  • Assist in adjusting existing relevant policies to align company objectives with compliance needs

Success Measures

The GRC Strategy Manager will be successful in this role when they can execute the following strategic tasks: 

  • People: Collaborate with leads to understand our customer's compliance requests and necessary gaps to address
  • Organization: Ability to manage multiple parallel efforts and prioritize resources based upon understanding and interpreting business needs.
  • Communication:  Successfully communicate your recommendations and rationale to both technical and non-technical management
  • Research: Gather and analyze feedback from external and internal stakeholders and develop succinct and engaging collateral with respect to MongoDB GRC and Security initiatives
  • Customer Service: Ensure MongoDB’s GRC Program operates efficiently with minimal interruption to MongoDB teams. Provide great customer service when interfacing with Customers and other MongoDB Teams

To drive the personal growth and business impact of our employees, we’re committed to developing a supportive and enriching culture for everyone. From employee affinity groups, to fertility assistance and a generous parental leave policy, we value our employees’ wellbeing and want to support them along every step of their professional and personal journeys. Learn more about what it’s like to work at MongoDB, and help us make an impact on the world!

MongoDB is committed to providing any necessary accommodations for individuals with disabilities within our application and interview process. To request an accommodation due to a disability, please inform your recruiter.

MongoDB, Inc. provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type and makes all hiring decisions without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.

To applicants in the European Union and California: Please find our European Union and California Recruitment Privacy Notice.

To all recruitment agencies: MongoDB does not accept unsolicited agency resumes. Please do not forward resumes to our jobs alias or MongoDB employees. MongoDB is not responsible for any fees related to unsolicited resumes.