Manager Information Security (GRC and Data Protection)

About Us

Come Learn & Grow With us

Unicorn Technology

We’re top-rated on G2 and Capterra with over 1000+ reviews by our amazing customers. We're pioneers of innovation and transparency and that shows with the type of technology we offer.

A Diverse Team

vFairs' diverse workforce brings contributors from all over the world, each person having their own skills and unique experiences.

Serving Our Communities

We go by the principle “No enterprise can be more successful than goodness”, and hence all employees are entitled to 2 days of paid leave a year to serve a social service to their local or global community through volunteerism.

Green And Global - We Walk the Walk

In 2022, we launched our Green and Global campaign where we make it a priority to lower both our and our customer’s carbon footprint. All of our policies follow the guidelines of our G&G initiative and we partner with OneTreePlanted to ensure that we return to the Earth what we may take.

What does being part of the vForce team look like?

An environment of inclusivity, innovation, accountability, and transparency with absolutely no ceiling on how high you fly with us!

Learn and Grow

At vFairs, we understand the value of achieving your next career goal and while we fully anticipate that you will never want to leave, we also want to be your #1 fan and ambassador when it comes to your dreams; we will act as your career coach as well to set you on the right path.

About The Role

We are seeking an experienced Manager, Information Security GRC and Data Protection to lead our efforts in ensuring that our products, processes, and organization adhere to legal, regulatory, and ethical standards.

In this role, you will oversee compliance across security, privacy, legal, and data protection, while fostering a culture of transparency and accountability. This position is ideal for someone passionate about information security and data protection compliance in a tech-centric, SaaS environment.

Responsibilities

• Support and oversee the Information Security Governance, Risk, Compliance, and Privacy operations at vFairs LLC, ensuring alignment with the organization’s strategic objectives and regulatory requirements.
• Contribute to the establishment and management of a formal Information Security GRC and Privacy Program, and support the creation of a roadmap that aligns with industry standards and compliance needs.
• Assist in maintaining and executing the organization’s data privacy initiatives, ensuring compliance with relevant regulations (e.g., GDPR, CCPA) across operations.
• Work with process and control owners to design and implement information security controls, including the development of policies, procedures, and related documentation.
• Assist in strengthening the organization’s risk management processes by working closely with stakeholders, clients, partners, service providers, and vendors to ensure compliance and security posture.
• Partner with Legal, HR, and other departments to support an effective privacy program, helping to sustain organizational compliance and ethical standards.
• Oversee the Third-Party Risk Management program to ensure external partners and vendors meet vFairs’ security and compliance requirements.
• Lead risk assessments and support efforts to achieve key certifications and attestations, such as ISO 27001, AICPA SOC 2 Type 2, and others.
• Assist in managing a security awareness training program, contributing to building a strong security culture within the organization.
• Collaborate with sales and customer success teams to address security, compliance, and legal concerns, ensuring client satisfaction while maintaining compliance.
• Provide support in RFP processes related to security and IT aspects, ensuring vFairs can win key contracts by demonstrating its strong compliance and security posture.
• Ensure that all vFairs customers sign Data Processing Agreements (DPAs) as required, proactively managing these agreements and keeping clients informed of any security updates and SLA compliance.
  
  

Requirements

• Minimum 5 years of proven experience in areas of Information Security Governance, Risk Management, Compliance and Privacy.
• In-depth knowledge of the tech industry’s standards and regulations (experience with SaaS products is a big plus)
• Experience in the implementation of regulatory and compliance frameworks (SOC2, ISO2700x, ITIL, COBIT)
• Familiarity with Cloud Infrastructure technologies.
• Understanding of global data protection laws, standards, and associated frameworks (e.g., GDPR, CCPA)
• Excellent knowledge of reporting procedures and record keeping
• A business acumen partnered with a dedication to legality
• An analytical mind able to “see” the complexities of procedures and regulations
• BSc/BA in information technology, cybersecurity, project management or related fields.
• Certifications such as CISSP, CISM, Security+, CIPM, CIPP/E, PMP are desirable.