Director of GRC Engineering

📋 Description

• • Flock Safety is seeking a visionary and results-oriented Director of GRC Engineering to lead and elevate our Governance, Risk, and Compliance (GRC) program. As a critical member of our cybersecurity leadership team, you will be instrumental in maintaining and enhancing the trust our customers place in us, ensuring our technology and operations meet the highest standards of security and compliance. This role is pivotal in safeguarding our reputation, enabling business growth, and fostering a culture of proactive security and compliance across the organization.
• • In this leadership position, you will own, manage, and be accountable for the GRC Engineering function. A significant aspect of your role will involve supporting our revenue team by addressing customer security reviews for both net new deals and renewals. This includes responding to RFIs (Requests for Information) and ensuring that our security posture meets the stringent requirements of our diverse customer base, which spans cities, law enforcement agencies, businesses, schools, and neighborhoods.
• • A core focus will be on driving innovation and efficiency within the GRC program through automation. You will be tasked with deploying GRC-as-Code and Policy-as-Code principles to streamline compliance processes, enhance auditability, and reduce manual effort. Furthermore, you will explore and implement AI-driven solutions where appropriate to optimize GRC workflows, improve risk detection, and provide deeper insights into our security landscape.
• • You will lead and develop a high-performing GRC team, fostering an environment of continuous learning, collaboration, and technical excellence. Your leadership will be crucial in mentoring team members, supporting their professional growth, and empowering them to achieve the strategic vision you set for GRC at Flock. This includes nurturing both GRC expertise and technical engineering skills within the team.
• • A key responsibility is the management of our public Trust Center, serving as the central hub for all security and compliance information shared with our customers and stakeholders. You will ensure this center is up-to-date, comprehensive, and effectively communicates our commitment to security and privacy.
• • You will maintain an exceptionally high level of customer service for both internal and external stakeholders, acting as a trusted advisor and champion for cyber compliance throughout the business. This involves building and nurturing strong cross-functional relationships with Engineering, IT, Product, Legal, Revenue, People, and the broader cybersecurity team.
• • Leading our annual external audits is a critical function. You will be responsible for managing and executing audits such as SOC 2, ISO 27001, ISO 27701, CJIS, and FedRAMP, serving as the primary point of contact for external auditors. This requires meticulous planning, coordination, and execution to ensure successful and timely completion with minimal disruption to business operations.
• • In addition to external audits, you will lead our internal audit processes, ensuring that our controls and procedures are effective and aligned with regulatory requirements and best practices.
• • Vendor risk management is paramount. You will lead and manage comprehensive security reviews for our entire supply chain, assessing the security posture of third-party vendors and ensuring they meet Flock's security standards.
• • You will oversee the company's cyber risk management program, maintaining and evolving the cybersecurity risk register. This involves identifying, assessing, and prioritizing risks, and working with relevant teams to develop and implement mitigation strategies.
• • You will be responsible for drafting, managing, and maintaining all cybersecurity-related policies, procedures, and standards, ensuring they are current, relevant, and effectively communicated across the organization.
• • Collaboration with Product Security & Privacy, Engineering, and Product teams will be essential for conducting privacy threat modeling, identifying potential privacy risks early in the development lifecycle, and ensuring compliance with data privacy regulations.
• • You will define and track key performance indicators (KPIs) and key risk indicators (KRIs) derived from engineering and cloud telemetry data. These metrics will provide measurable, risk-based insights to leadership, enabling data-driven decision-making and continuous improvement of our security posture.
• • A crucial aspect of this role involves leading and maintaining compliance with National Crime Information Center (NCIC) requirements. This includes ensuring proper access controls, robust auditability, comprehensive training, and operational alignment with applicable criminal justice information standards, particularly vital given Flock's role in public safety.
• • You will also partner closely with our Chief Compliance & Data Privacy Officer, reporting directly to the CISO, ensuring a cohesive and effective approach to governance, risk, and compliance across the organization.
• • The ideal candidate will possess a strong engineering background, enabling them to understand the technical intricacies of our platform and effectively integrate GRC principles into the development lifecycle. This includes familiarity with product development, SDLC, CI/CD pipelines, and deep knowledge of AWS infrastructure, as well as experience with infrastructure-as-code tools like Terraform or CloudFormation.
• • You will be expected to strike a balance between customer requirements and organizational risk when reviewing contracts and possess strong negotiation skills for managing vendor and supply chain risks. Experience in building business-centric Third Party Risk programs is highly valued.
• • A deep understanding of regulatory frameworks such as CJIS Security Policy, NIST 800-53, HIPAA, GDPR, CCPA, and LINDDUN is essential for success in this role.
• • Your ability to build consensus among dispersed teams with competing priorities through strong communication and diplomatic skills will be key to driving the GRC agenda forward.
• • This role offers a unique opportunity to shape the future of GRC at a rapidly growing, mission-driven company that is making a tangible impact on public safety. You will have the autonomy to innovate, lead a talented team, and directly contribute to maintaining the trust and security that are foundational to Flock Safety's success.