Job Description

Position Overview

Platform Science is seeking an experienced lead for its Governance, Risk, and Compliance (GRC) efforts across its SaaS business. The ideal candidate will be a subject matter expert (SME) in SOC2 & ISO27001 Compliance, and privacy regulations. This role is crucial for maintaining the company's leadership in cybersecurity within the telematics industry and supporting newly acquired teams and technologies.

Who We Are

At Platform Science, we are building an open IoT platform that connects everything that moves. Founded in 2015, we partner with innovative fleets, application developers, vehicle manufacturers, and equipment providers in the transportation industry to deliver revolutionary solutions to supply chain professionals globally.

Our team is an engaging, diverse group of people who believe in the power of great ideas. We foster a company culture that fuels growth through innovation by hiring individuals with varied experiences and perspectives. We value thoughtful actions and empathy, approaching challenges with resiliency and creativity, and encouraging transparency as one team.

Essential Responsibilities

• Acquisition GRC Workstream:
  • Provide subject matter expertise in merging acquisition employees into our SOC2 and ISO27001 certifications.
• SOC2 and ISO Compliance Management:
  • Oversee and manage SOC2 and ISO compliance processes throughout the year (weekly, monthly cadence).
  • Ensure continuous readiness and maintain certification status.
  • Participate in committees including, but not limited to:
    • 3rd Party Compliance Manager
    • Data Protection Committee lead
    • AI/ML Committee member
  • Audit Supervision
• Policy Review and Updates:
  • Regularly review, update, and improve security and privacy policies to align with the latest industry standards and regulatory requirements, including GDPR and US privacy laws.
• Evidence Collection Automation:
  • Act as the SME in automating and streamlining evidence collection for audits and compliance processes.
  • Familiarity with writing scripts in Python is required.
• Acquisition Integration:
  • Lead the onboarding of newly acquired businesses into our SOC2 and ISO compliance framework, ensuring a smooth transition and full integration into existing processes.
• GDPR and Privacy Compliance:
  • Ensure business compliance with evolving GDPR and US privacy regulations.
  • Advise internal stakeholders on necessary changes or improvements.
• Continuous Improvement of Cybersecurity and Privacy Posture:
  • Collaborate with cross-functional teams to identify opportunities for improving cybersecurity posture, response, and compliance, including tooling, automation, workflows, and testing.

Education and Experience

• Proven experience in mergers and acquisitions, specifically managing the first-year audit for SOC2 and ISO27001 post-acquisition.
• Proven experience managing SOC2 and ISO 27001 compliance in a SaaS or technology company.
• Strong knowledge of GDPR, US privacy laws, and evolving global privacy requirements.
• Expertise in audit management, including serving as a primary point of contact for external auditors.
• Experience with evidence collection automation and managing compliance cadence activities.
• Ability to integrate newly acquired teams and systems into existing security and compliance processes.
• Experience working with Windows environments and mobile device management for PCs.
• Strong communication and leadership skills, with the ability to work across departments and with external stakeholders.

Platform Science Benefits Highlights

Platform Science offers various benefits to regular, full-time employees, including:

• Medical, dental, and vision insurance
• Short-term and long-term disability insurances
• AD&D and life insurance
• 401k plan
• Paid vacation, sick leave, and holidays
• Six weeks of paid parental leave

For more information, please refer to the Benefits Highlights brochure for regular, full-time employees.

• Salary: [Not Specified]
• Location Type: [Not Specified]
• Employment Type: [Not Specified]