Manager, IT Security GRC

Company Description

Overview

SPANX isn’t your average company. We revolutionized an industry by challenging the status quo and putting the customer first. While we live in the fashion and retail world, we don’t obsess trends, rules or conventional ways of running a business. Rather – we set the trends, create solutions, and we obsess product with out-of-the-box-thinking and patented technology. Spanx is beloved around the world by customers and celebrities alike for our comfort-first approach to must-haves like shapewear, apparel, jeans, active, leggings, bras and beyond! We elevate women through product and empower them to look and feel their best. And we think we’ve only scratched the surface. We are a high-growth, innovative and ambitious company and we are embarking on an exciting trajectory of both digital and international expansion. 

About the role

We are seeking a dedicated and experienced IT Governance, Risk, and Compliance Manager to join our growing team. In this role, you will be instrumental in ensuring our organization's information security policies, procedures, and standards align with regulatory requirements and industry best practices. You will work closely with various departments to implement governance frameworks, conduct risk assessments, and ensure the effective management of information security risks. 

The IT Security GRC Manager at Spanx supports in creating robust governance frameworks and compliance controls, with a focus on, mitigating risks and aligning security initiatives with business objectives. As a member of the information security team you will play an integral role in further achieving, maintaining, and surpassing the hyper-growth journey that is Spanx.

This role is based in our Atlanta headquarters, requires weekly in office work Tuesday-Thursday, and reports to the Sr. Director of IT Operations 

Job Description

You’ll love it because you will…

• Governance Framework Implementation: Develop and implement information security governance frameworks that align with organizational objectives and compliance requirements. 
• Policy and Procedure Management: Draft, review, and update information security policies, procedures, and guidelines to ensure they remain relevant and effective. 
• Risk Management: Conduct regular information security risk assessments, identify vulnerabilities, and work with relevant stakeholders to implement mitigation strategies. 
• Compliance and Auditing: Ensure the organization's compliance with legal, regulatory, and contractual information security requirements. Prepare for and support internal and external audits. 
• Training and Awareness: Develop and deliver information security awareness training programs to employees and stakeholders to foster a security-conscious culture. 
• Incident Management: Assist in the development and maintenance of the information security incident response plan. Participate in incident response activities and post-incident analyses. 
• Stakeholder Engagement: Collaborate with IT, legal, and business units to ensure information security governance initiatives are understood and supported across the organization. 
• Continuous Improvement: Monitor emerging security threats, technologies, and governance practices for continuous improvement of the information security governance framework. 
• Work directly “with/on” 
• Act as a thought partner and independently identify opportunities for process improvement and effectively managing change
• Simplify complex ideas
• Coach for growth and learning
• Solicit feedback and buy-in from internal and external partners

Qualifications

We Require...

• 5+ years of relevant with a strong focus on governance, risk management, and compliance (GRC). 
• Bachelor's degree in Information Technology, Cybersecurity, Computer Science, or a related field. 
• Strong knowledge of information security frameworks and standards such as ISO 27001/27002, NIST, and GDPR. 
• Robust knowledge of risk assessment methodologies, information security audits, and compliance assessments. 
• Proven success in implementing an information security program. 
• A highly detail-oriented individual
• Leveraging expertise to develop holistic business solutions
• The means to Identify and handle ambiguity in complex situations
• Independent prioritization and self-management responsibilities
• Prior experience working cross-functionally
• Ability to simplify complex ideas 
• Receptivity to feedback and buy in from internal and external partners
• A thought partner who can pinpoint opportunity for process improvement effectively managing change
• A progressive thinker who offers experimental thought leadership

Additional Information

Spanx is proud of our continued Progressive People Practices…

• Company Healthcare Plan: $0.00 out of pocket (Employee only benefit)
  Fertility testing and treatment are included in Spanx’s medical plans, even without the diagnosis of infertility. 
• Parental Leave Policy: Primary caregiver receives 16 weeks AND will have the option to work a half-time schedule (20 hours per week) for up to four additional weeks with full-time (40 hours per week) pay.
• Mental Health Days: 10 days
• 401K: Matched up to 4% with immediate vesting.
• PTO & Company Holidays: PLUS two full weeks of companywide closures (one in the Spring; one between Christmas and NYE)
• Flex Friday: Year-round half day Fridays!

All your information will be kept confidential according to EEO guidelines.