Watershed is a software platform for running a world-class climate program. We measure our success in the carbon reduction achievements of our customers. We are looking for team members who love product-building, want to work hard at a mission-oriented startup, and will collaborate with us in shaping the culture of a growing team.
We have offices in San Francisco, New York and London and remote team members across the US and Europe. We hope that you'll be interested in joining us!
You will join our Security and Infrastructure team to lead Governance, Risk, and Compliance for Watershed. Our platform enables the climate programs for some of the largest companies in the world with the most ambitious client programs, and customer trust is one of our greatest assets.
In this role, you will represent our customers’ governance and compliance needs, represent our practices and policies to customers and auditors, and work with our engineering teams to drive product and platform improvements.
In your first 12 months, you will:
- Work with Legal and Sales to close deals by clearly representing our security practices
- Curate a list of the most important customers requests regarding security and infrastructure
- Lead our quarterly Risk Register review
- Drive the next evolution of our data governance program and approach
- Own compliance automation and tracking, including asset inventories and required trainings
- Lead the review and update cycle for our policies
- Collaborate with the Head of Security on our annual SOC 2 audit
Over the next 24 months, you will:
- Become our internal expert on customer GRC needs
- Oversee all aspects of our risk program
- Fully own our external audit process, including audit framework selection
- Determine how to best scale our internal processes
To be successful in this role you will:
- Use your strong interpersonal skills to collaborate cross-functionally w/ stakeholders across the organization
- Have experience with strategy and moving from strategy to execution, and use it to define and drive outcomes
- Demonstrate the project management skills needed to keep GRC projects planned and organized in order to pre-empting risks/blockers, etc.
- Provide technical and organizational expertise to maintain a strong audit management program
- Have experience in security awareness, vulnerability and risk management (including risk assessments) to proactively and effectively address upcoming needs
Considered a "nice to have" if you:
- Have experience across multiple compliance frameworks (NIST, ISO27001, etc.)
- Have experience interacting with engineers to determine appropriate security control implementation language
- Have demonstrated success assessing third-party risk, understanding data governance, and implementing control implementation
This role will be located in San Francisco or New York.
What’s your approach to remote work?
Watershed is hiring team members on all US and EU time zones, and we’re committed to growing a long-term distributed team. We have hub offices in San Francisco, New York and London, and remote team members from Oregon to New Jersey to Ireland. There may be certain jobs that need to be in San Francisco / New York / London or certain locations, and will be specifically noted in the job description or in conversations.
What’s the interview process like?
It starts the same for every candidate: getting to know the team members through 1 to 2 conversations about Watershed, your experience, and your interests. Next steps can vary by role, but usual next steps are a skill or experience screen (e.g. a coding interview for an engineer, a portfolio review for a designer, deeper experience call for other roles) which leads to a virtual or in person interview panel after that if the screens go well. We prioritize transparency and lack of surprise throughout the process.