Through meaningful experiences and innovative technology solutions, SevenRooms is on a mission to transform the hospitality industry. We built a platform that delivers the ingredients for hospitality owners to be able to provide guests with extraordinary moments.
Our mission matters now, more than ever. Our guest experience and retention platform empowers restaurant and hospitality operators around the world to take back control of their business, deliver on world-class guest experiences, and revitalize their business to grow even stronger from where they were before the pandemic. We believe our technology delivers solutions that operators need to restore and enhance their businesses, while also rebuilding the communities where people live and work.
We invite you to take a seat at the table, share your voice and perspective, and contribute as an owner to help us grow further than we have ever imagined. We are currently accepting candidate applications to work from anywhere in the world where we have business operations.
About the Role
The SevenRooms Security and Compliance team is expanding and building a leading technology risk management practice to mature our IT compliance posture and information security capabilities. We’re seeking a highly-motivated and experienced Senior Technology GRC Analyst to help drive the transformation of the company’s IT compliance program by supporting the execution of internal and external assessments, compliance with existing and emerging regulations and standards including PCI, SOC2, GDPR, CCPA and other technology risk management activities.
The person in this key role will work closely with individuals across the organization to understand existing IT policies, procedures, processes and provide recommendations related to applicable risk areas, mitigations, process improvements, and lead themselves and others in project completion.
What You'll Do
The below represents the primary duties of the position, others may be assigned as needed. The requirements listed below are representative of the knowledge, skill and/or ability required.
Technology GRC Operations
- Review, audit, monitor, and analyze security risks, and vulnerabilities against policies and standards, and frameworks such as ISO, SOC2, PCI, and etc.
- Develop and maintain ITGC process flows, procedural documentation and effective compliance strategies for key applications in a complex SaaS environment.
- Create and maintain internal control narratives, flowcharts and risk matrices
- Coordinate and manage cross-functionally to assist business units in the development and implementation of remediation plans related to IT controls.
- Develop, document, and implement business processes, and or procedures.
- Support the management in identifying key technology risks, forward thinking mitigation strategies and improvements to the business process.
- Review, implement and maintain a GRC tool to drive a risk aware and compliant-centric organization.
- Work together with the Sales team to provide responses for customer proposals and security addendums in contracts.
- Perform and manage security risk assessments on third party vendors
- Provide security compliance requirements into cloud solution design and architecture to ensure it is incorporated early in the process.
- Execute our Technology GRC plan to ensure an effective internal control environment for PCI, SOC 2, ISO2700x and other regulatory requirements (e.g., GDPR, CCPA).
- Lead self and others in executing discrete tasks and developing compliance strategies to drive effective results.
- Manage projects to completion, while collaborating with a diverse group of professionals from both technical and non-technical backgrounds.
- Educate the organization on governance, risk and controls, and compliance concepts
- Serve as a subject matter expert who will actively guide engineering, product and other teams on all security and compliance related risks and issues.
- Communicate effectively with the business, and have the ability to break down technical aspects of compliance into basic concepts.
- Coordinate with third parties/auditors for all matters related to PCI audits, SOC 2 audits, Vendor Security Reviews, and financial audits.
Who You Are
You’re an enthusiastic individual who tackles all challenges head first, with passion for technology compliance and willingness to go above and beyond. You enjoy learning new things, and gain satisfaction and accomplishment from solving complex problems. You embrace ownership and seek to make an impact.
- Bachelor’s degree in Information Security, Computer Science, Information Systems, or Accounting is preferred.
- Progressive experience ideally with a Public Accounting firm (Big 4 preferred) or Software-as-a-Service (SaaS) company in one or more of the following areas: IT Compliance, IT Security, IT Audit/Assurance, IT Governance, Risk Management and/or Cyber Advisory role.
- CISA, CISSP, CISM, CRISC or equivalent Information Technology audit or security certifications are preferred
- Designed, implemented and managed a compliance program based on common frameworks like PCI, SOC 2, GDPR, ISO27001, ISO27017 etc.
- Working knowledge of information security and computer networks, servers, database and SaaS technologies
- General Knowledge of IT audit and risk management/assessment process
- Experience working implementing and monitoring data privacy controls across the organization based on leading regulations e.g., GDPR, CCPA
- Experience developing and maintaining information security policies and procedures.
- Experience with cloud concepts, continuous integration/development methods.
- Working knowledge of GRC/Vendor Management tools e.g., Onetrust.
What We Offer
- A fresh start with a flexible and independent working schedule: SevenRooms provides all employees with their first two (2) weeks of employment as paid time off to relax and recharge before starting their journey with us. You’ll also have access to unlimited paid time off, including tenure-based PTO minimums, paid parental leave, and the option to work anywhere at any time.
- Fair and equitable compensation: Our compensation packages are competitive based on external market data. At SevenRooms, you can expect fair pay for your hard work and dedication to helping us transform the hospitality industry. In addition, we also offer equity in our growing organization.
- Comprehensive benefits package: We offer a full slate of benefits for our employees and their families: comprehensive medical, dental, and vision benefits, commuter benefits, gym reimbursement, 401K plan, and unique wellness offerings that include One Medical, Spring Health, Carrot, and Headspace.
- Employee programs and recognition: Through our Roomie’s Choice program, all employees at SevenRooms receive a monthly stipend to spend however they see fit. You’ll receive an additional monthly dining credit to use towards SevenRooms clients and a unique milestone reward for every year you’re a part of our team.
- Opportunities for training and professional development: Your manager will partner with you on establishing quarterly objectives that not only benefit the company but aid in your overall career development and advancement. SevenRooms also provides financial support for continuing education, certifications, or participation in external training programs.
SevenRooms is a guest experience and retention platform that helps hospitality operators unlock the full revenue potential of their data. From neighborhood restaurants and bars to international, multi-concept hospitality groups, the end-to-end platform enables operators to build direct guest relationships, deliver exceptional experiences and bring more guests back, more often. The full suite of products includes reservation, waitlist and table management, online ordering, mobile order & pay, review aggregation, and marketing automation. SevenRooms empowers operators to own, analyze and optimize every step of the guest journey, enabling a more data-driven approach to hospitality.
Founded in 2011 and venture-backed by Amazon, Comcast Ventures, PSG and Highgate, SevenRooms has dining, hotel F&B, nightlife, sporting and entertainment clients in more than 250 cities worldwide, including: Bloomin’ Brands, MGM Resorts International, Mandarin Oriental Hotel Group, Jumeirah Group, Hilton Hotels, The Cosmopolitan of Las Vegas, Harrods, Wolfgang Puck, Michael Mina, sbe, LDV Hospitality, Bagatelle, Altamarea Group, AELTC (Wimbledon), Giordano’s, D&D London, The Wolseley Hospitality Group, Zuma, Live Nation and Topgolf.
SevenRooms has been recognized as a top employer for its people-first approach by publications including:
- Inc. Best Workplaces (2022, 2020)
- Ragan’s Platinum HR Awards Finalist (2022)
- Built in Best Places to Work NYC (2022, 2021, 2020)
- Built in Best Place to Work NYC – Midsize Companies (2022)
- VentureFizz Unique PTO (2022)
- Forbes Best Startup Employers (2022)
SevenRooms is an equal opportunity workplace and an affirmative action employer. We welcome all qualified applicants regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, marital status, disability, gender identity, or veteran status. We understand the importance of creating a more diverse and inclusive workplace and celebrate our employees for their differences.
View our Prospective Employee Privacy Notice by visiting https://bit.ly/3iUUpYK