Director, Information Security Governance, Risk

Teamwork makes the stream work.Roku is changing how the world watches TV

Roku is the #1 TV streaming platform in the U.S., Canada, and Mexico, and we've set our sights on powering every television in the world. Roku pioneered streaming to the TV. Our mission is to be the TV streaming platform that connects the entire TV ecosystem. We connect consumers to the content they love, enable content publishers to build and monetize large audiences, and provide advertisers unique capabilities to engage consumers.

From your first day at Roku, you'll make a valuable - and valued - contribution. We're a fast-growing public company where no one is a bystander. We offer you the opportunity to delight millions of TV streamers around the world while gaining meaningful experience across a variety of disciplines.

About the Team

The Trust Engineering Team builds platforms used by all cloud engineers at Roku. Together, these components are designed to be a cost-effective and secure platform of services Roku engineers use globally. The Trust GRC team owns the following segments:

• Privacy
• Customer Trust
• Cyber Security Training
• Policy
• Vendor Management
• Compliance with PCI, SOX, and GDPR
• Risk Registry

Our team members are smart, collegial, collaborative, and focused on building the best-in-class platform. We foster a culture of experimentation, looking for the best idea to take the day. As a leader on this team, our Director, Development Operations, models this behaviour: If we're not trying new things, we're not growing. And, we need to grow and adapt so that Roku stays on top.

About The Role

The goal of GRC is to align IT, Development, and Operations with business goals while managing risks and meeting regulations. Assisting the organizations in avoiding poor and delayed decision making about cyber security risks.

What You Will Be Doing

As Director, GRC, you will lead Trust's  GRC organization. This role involves responsibilities in the following key areas:

• Develop and implement security policies, standards, and guidelines
• Manage a team of GRC leaders
• Communicate security concerns and exposures
• Work with business and IT to deliver security solutions
• Identify and prioritize business risks
• Collaborate with stakeholders to implement security controls
• Maintain a risk repository

• Monitor compliance with laws and regulations

• SOX

• PCI

• GDPR / Privacy

• Develop strategies to improve governance practices

• Manage vendor security and risk assessments
• Manage corporate cybersecurity training
• Conduct annual tabletop exercises

We're Excited If You Have

Leadership Skills

• Expertise within a strategic engineering leadership role, setting vision and leading teams of 15+ people with excellent experience in leading and evolving managers.
• You enjoy building a world-class team, attracting, inspiring, and retaining top talent.  You will continue our build-out of a world class team of GRC analysist and engineers by attracting and hiring high quality talent across US, UK and India. We are expanding in India, so part of your time in this role will involve working closely with rest of engineering in supporting a development centre in India, and attracting the best talent there

You have excellent soft skills and can effectively communicate and drive alignment with a diverse set of people, ranging from developers to Roku executives

• Demonstrated ability to engage senior leadership and drive strategic outcomes
• Demonstrated ability to work with internal users as customers
• You enjoy the challenge of building internal platforms, cross-team collaboration, influencing the direction of the work, and substantively contributing to system architecture
• Work with senior management and align roadmaps, communication strategy and evolution of platform based on their feedback and users of our platform
• You are self-driven and enjoy taking complete ownership of initiatives

Business Skills

• Strong business acumen to quickly learn new business processes and understand how application performance requirements support the business in achieving revenue and profit goals
• Excellent collaboration skills – must be eager to work as part of a cohesive team and work as a partner to other teams within Roku, locally and globally
• Exceptional communication skills, including the ability to gather relevant data and information, actively listen, dialogue freely, verbalize ideas effectively, negotiate tense situations successfully, and manage and resolve conflict
• Proven presentation and facilitation skills
• Must excel working in team-oriented roles that rely on ability to collaborate with others

Technical Skills

• Experience  within Cloud providers, like AWS, GCP and data canters
• Strong architectural abilities towards building a holistic experience
• Experience with Vendor Risk tools like SecurityScorecard, UpGuard, CyberGRX, or OneTrust
• Experience with AI to automate security processes
• Expertise leading cyber security or technology teams.
• Expertise of documenting and implementing security policies, standards, and/or controls.
• Prior experience leading GRC efforts / program.
• Expert understanding of security best practices including NIST CSF, NIST 800-53, ISO27001 and PCI DSS. Previous experience working with one of these frameworks.
• Knowledge of global regulatory standards and experience conducting assessments on SOX, PCI, GDPR
• Knowledge pertaining to global geographic data residency regimes
• Expert level of Information Security policy development and process creation
• Demonstrated ability to apply organizational information security policies
• Comfortable with interfacing with other internal or external organizations regarding security policy and standards violations, security controls failure, and incident response situations.
• Strong experience developing methods and procedures for risk analysis and mitigation to include Vulnerability Management (VM)
• IT Audit, internal Audit and/or risk advisory experience is a plus
• Experience in managing cyber security training programs
• Experience in developing and conducting tabletop exercises
• Bachelor's in Computer Science, or equivalent work experience
• Ability to demonstrate security experience via certifications or significant career accomplishments.

Benefits

Roku is committed to offering a diverse range of benefits as part of our compensation package to support our employees and their families. Our comprehensive benefits include global access to mental health and financial wellness support and resources. Local benefits include statutory and voluntary benefits which may include healthcare (medical, dental, and vision), life, accident, disability, commuter, and retirement options (401(k)/pension). Our employees can take time off work for vacation and other personal reasons to balance their evolving work and life needs. It's important to note that not every benefit is available in all locations or for every role. For details specific to your location, please consult with your recruiter.

The Roku Culture

Roku is a great place for people who want to work in a fast-paced environment where everyone is focused on the company's success rather than their own. We try to surround ourselves with people who are great at their jobs, who are easy to work with, and who keep their egos in check. We appreciate a sense of humor. We believe a fewer number of very talented folks can do more for less cost than a larger number of less talented teams. We're independent thinkers with big ideas who act boldly, move fast and accomplish extraordinary things through collaboration and trust. In short, at Roku you'll be part of a company that's changing how the world watches TV.

We have a unique culture that we are proud of. We think of ourselves primarily as problem-solvers, which itself is a two-part idea. We come up with the solution, but the solution isn't real until it is built and delivered to the customer. That penchant for action gives us a pragmatic approach to innovation, one that has served us well since 2002.

To learn more about Roku, our global footprint, and how we've grown, visit

By providing your information, you acknowledge that you want Roku to contact you about job roles, that you have read Roku's Applicant Privacy Notice, and understand that Roku will use your information as described in that notice. If you do not wish to receive any communications from Roku regarding this role or similar roles in the future, you may unsubscribe here at any time.