Director, GRC & IT

at  Aurora Solar

ABOUT AURORA SOLAR

Aurora is on a mission to create a future of solar for all. Our award-winning software puts the power of data and technology into the hands of every solar professional to make solar adoption simple and predictable. Our software has designed millions of solar projects so far, empowering solar companies to sell, design, and install residential and commercial solar arrays accurately, seamlessly, and at scale.
We are a remote-first collaborative team of sustainable energy enthusiasts who love what we do. We’ve been named one of “The Best Mid-Sized Remote Companies To Work for in 2024” by BuiltIn.com and have been recognized for the second time as a Certified Green Business (CGB) with the city of San Francisco. We’re in this together to support the world’s transition to solar.

ABOUT THE ROLE

We’re searching for a senior leader to lead our Security and Compliance programs, and oversee our IT team. Reporting to the Senior Director of Engineering, the Director GRC & IT will have an immediate impact on the company by advancing our existing security and compliance programs and guiding our IT team. The ideal candidate will have demonstrable experience in IT, security and compliance in a growth stage B2B SaaS environment.

The Director GRC & IT will be responsible for leading Aurora’s global information security, data protection, and compliance programs. This role involves ensuring compliance with GDPR, SOC 2, and other relevant regulations and standards. The individual will manage risk, oversee security operations, develop and implement security policies, and ensure that all business processes meet industry standard security, legal and regulatory requirements.

• Develop and implement a comprehensive security and compliance strategy that aligns with Aurora’s business goals. Stay current with industry trends, threats, and technology solutions to proactively manage security risks.
• Drive all compliance initiatives including GDPR, CCPA, SOC2, ISO27001 etc. in close partnership with all departments through all phases of development, planning, execution, and maintenance
• Be the public face of Aurora’s posture on security and compliance to our customers and prospects. Take ownership of driving confidence in our security posture through conversations and security questionnaire responses to unblock revenue opportunities across a global customer base
• Develop and maintain an incident response plan. Lead the response to security incidents, ensuring timely resolution and communication. Conduct post-incident reviews and root cause analyses to prevent recurrence
• Be the thought leader and driver for Aurora Solar’s long-term security and compliance strategy and posture – corporate, cloud, and application
• Foster a culture of “security in everything we do” across all levels of the organization
• Establish annual and long-range security and compliance goals, define security strategies, metrics, reporting mechanisms and program services; and create maturity models and a roadmap for program improvements
• Develop and deliver security and compliance training programs for employees at all levels
• Lead the development and implementation of effective policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation
• Develop and implement policies and frameworks governing the use of AI within the organization. Monitor and assess AI-related risks and ensure appropriate controls are in place
• Lead efforts to internally assess, evaluate and make recommendations to management regarding the adequacy of the security controls for our applications, infrastructure and products
• Work closely with business and technical leaders on a wide variety of security issues that require an in-depth understanding of infrastructure, cloud based applications and architecture
• Examine impacts of new technologies on the organization’s overall information security
• Work with Aurora’s legal department to ensure that corporate governance practices meet regulatory and legal requirements
• Oversee our IT team and initiative