One stop solution to your remote job hunt!

"

We are a purpose-driven team making it easier for people to help one another. We measure success in terms of volunteer hours and donation dollars contributed by our customers - and by the tangible outcome of those efforts. If this intersection of technology and impact interests you, please reach out - we’d love to chat about working together!

Deed is a place where you can maximize your social impact while simultaneously growing as a valuable team member. We work with exciting and innovative companies like Airbnb, Discord, and Lululemon, and are backed by visionary partners including Y-Combinator and Earlybird Ventures (UiPath, N26).

Making social impact accessible to both people and companies is an urgent challenge with many ways to contribute, and we’re excited to help folks get started, regardless of whether they choose Deed. Our team is a mix of impact experts and newcomers, so feel free to reach out with any questions and we’ll try to help.

Co-reporting to the Chief Administrative Officer and the Chief Technology Officer, the Governance, Risk, and Compliance (GRC) Manager will play an instrumental role in guiding the company's GRC processes. As the primary inidual focused on GRC initiatives at Deed, the GRC manager will lead work to ensure the company's risk management approach reflects both important business objectives and regulatory requirements. A vital addition to Deed’s existing Trust team, the GRC Manager will significantly contribute to the company's overall privacy and security strategy and goals by establishing robust compliance mechanisms and effective risk mitigation measures. This role will work closely with both the Legal and Security teams.

The successful GRC candidate will possess a balanced combination of technical knowledge (in order to understand potential risks associated with Deed’s services and products) and an established background in GRC (to be able to contribute to designing a compliance approach that mitigates risk and ensuring that the approach is reflected in the day-to-day work of all Deed employees). This role demands comprehensive knowledge and understanding of corporate governance/ policy, risk management, regulatory compliance, and the creation and enforcement of enterprise-wide GRC policies. The GRC Manager should be equipped to identify and address potential vulnerabilities, while proactively enhancing the company's overall GRC posture.

You’ll be responsible for:

*

**Strategy Development**: Help define, develop, and oversee the implementation of Deed’s GRC strategy, ensuring alignment with the company's business goals and legal requirements.
\

*

**Policy & Procedure Management:** Have primary responsibility for developing, maintaining, and overseeing implementation (including training and other oversight-related activities) of GRC and ISMS policies and procedures with goals of ensuring they are in accordance with applicable laws, regulations, and industry standards, including but not limited to GDPR, CCPA, SOC 2, and ISO 27001, and adequately address the company’s operations.
\

*

**Risk Management:** Assist leadership in identifying, evaluating, monitoring and implementing remediation efforts to address enterprise risks, including strategic, operational, financial, privacy, and cybersecurity risks. As part of the efforts to implement risk mitigation strategies and mechanisms to address identified risks and potential non-compliance, supply support to company leaders and colleagues.
\

*

**Data Privacy:** In collaboration with the Legal team, ensure compliance with global data privacy and protection regulations, including GDPR in Europe and CCPA in California, as well as Deed’s obligations to customers, through the creation and maintenance of robust data-handling and privacy policies. As part of these efforts, maintain an awareness of pending legislation that might impact Deed’s operations.
\

*

**Regulatory Compliance:** Maintain a current understanding of relevant laws and regulations to ensure the organization achieves and sustains compliance. In coordination with the Legal team, proactively monitor and respond to regulatory changes and updates.
\

*

**GRC Reporting:** In consultation with the Legal team, create comprehensive GRC reports for the executive leadership and Board of Directors that provide clear insights into the company's risk profile, compliance status, and governance effectiveness.
\

*

**Training & Awareness:** Oversee the creation and implementation of a GRC awareness and training program to ensure that employees are aware of the role they play in maintaining good governance and compliance and managers are informed of their special responsibilities.
\

*

**Third-party Management:** Manage and monitor the GRC aspects of third-party relationships to ensure that vendors and partners are adhering to the company's GRC policies and relevant regulations.
\

*

**Audit Management:** Coordinate with internal staff and external auditors to facilitate audits (including SOC 2 and ISO 27001 audits), with the goal of assuring compliance and addressing potential issues proactively.
\

*

**Incident Response:** Develop and implement an incident response plan to handle GRC-related incidents effectively, including data breaches or non-compliance events., and artifacts to support incident responses (such a playbooks and related templates)
\

*

**Continuous Improvement**: Regularly review and refine the company's GRC practices, leveraging technology and industry best practices to drive efficiency and effectiveness.  
\  
\**You have:**
\
\*   Relevant academic credentials (degree in information technology, computer science, cybersecurity, business, or legal studies, and/or GRC-related certifications), or equivalent years of experience
\*   5 or more years of experience in Information Security, or a related field, including experience working with GRC tools and methodology
\*   In-depth knowledge of relevant laws and regulations: This includes an understanding of data protection laws such as GDPR and CCPA, as well as other regulatory frameworks relevant to the specific industry and location of the business.
\*   Risk management skills, including the ability to identify, analyze, and effectively mitigate or manage enterprise risks. Familiarity with risk management frameworks and methodologies is essential.
\*   Strategic thinking and thought leadership. Including a strong ability to lead and manage the GRC function, develop and execute strategic plans, and guide the organization towards its GRC objectives.
\*   Communication and Presentation Skills: Excellent written and verbal communication skills, with the ability to present complex GRC issues and strategies clearly to various stakeholders, including the leadership team and Board of Directors.
\*   Analytical Skills: Strong ability to analyze complex information, interpret compliance requirements, and develop effective solutions.
\*   Project Management Skills: Proficiency in planning, executing, and monitoring multiple projects simultaneously to ensure they are completed on time and within budget.
\*   Negotiation and Influencing Skills: Ability to negotiate with, influence, and secure buy-in from various stakeholders, both internal and external, to achieve GRC objectives.
\*   IT Proficiency: Familiarity with the use of GRC technology solutions, as well as a broad understanding of information security principles and best practices.
\*   Continuous Learning: A commitment to keeping up to date with the latest developments in the GRC field, including evolving laws and regulations, emerging risks, and best practices in GRC management.
\
\
\**Supervisor names:** Kristin Janssen and Aske Ertmann  
\**Supervisor roles:** CAO and CTO
\
**Location:** Can be in US, Canada or Remote but preferably in NYC
\
\_\_
\
_\---_
\
\_Deed is proud to be an Equal Opportunity Employer building and celebrating a erse and inclusive workforce across the globe. We recognize that ersity of thought and background builds stronger teams. We approach ersity and inclusion seriously and thoughtfully. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.
\

",