Information Security | GRC

Save to Kiter
What Ramp is looking for in applicants

Ramp is building the world's first finance automation platform designed to save businesses time and money. Ramp offers 5-in-1 software that consolidates corporate cards, expense management, bill payments, accounting, and reporting into one simple and free solution. More than 3,000 businesses are using Ramp to process billions in annualized transaction volume. Customers include some of the fastest growing startups and unicorns like Ro, DoNotPay, ClickUp, and Applied Intuition, as well as established businesses across the US such as Bristol Hospice, Walther Farms, Douglas Elliman, and Planned Parenthood.

Founded in 2019, Ramp is NYC's fastest growing startup, having achieved a unicorn valuation of $3.9 billion in just over 2 years. Ramp has raised $620 million in funding from investors including Founders Fund, Stripe, Goldman Sachs, Coatue Management, D1 Capital Partners, Redpoint Ventures and Thrive Capital, as well as over 100 angel investors who were founders or executives of leading companies. Ramp is part of the Forbes Fintech 50 and Fast Company's Best Workplaces for Innovators program.

About the Role

Join our growing security team and build upon our business-enabling GRC program at Ramp. This role will drive an effective ISMS and lead our efforts to obtain an ISO27001 Certification, drive effective risk management processes at the company and enable teams to be effective control owners.

What You’ll Do

  • Lead Ramp to achieve an ISO27001 Certification
  • Own the identification, implementation, and maintenance of administrative controls required by various security and compliance frameworks
  • Test implemented controls and perform risk assessments
  • Drive the closure of security gaps and control improvements with internal teams, and own the supporting documentation and evidence of compliance
  • Review and manage requests for policy exceptions, and manage escalations
  • Ensure that policies, procedures, and practices align with relevant laws, regulatory requirements, and organizational goals
  • Track and address security risks by ensuring they are treated according to the company risk tolerance
  • Build metrics that help educate internal organization leaders on our information security profile
  • Document and communicate our security practices to provide transparency to interested parties

What You Need

  • Minimum 4 years of experience overseeing SOC2, ISO27001, or similar audits
  • Minimum 4 years of experience defining and building business-enabling GRC programs in highly regulated industries (ie. Healthcare, Finance)
  • Excellent understanding of risk and able to prioritize potential gaps and opportunities for improvement based on our business profile
  • ISO 27001 Lead Auditor / Implementer Certification
  • Ability to lead internal risk assessments, and develop and implement remediation and improvement plans.
  • Ability to develop and report on KPIs, and identify opportunities for improvement
  • Experience evaluating the security risks of vendors and business partners
  • Experience performing periodic access reviews to critical systems

Nice to Haves

  • Security Certifications (CISSP, CISA, CCAK, CRISC, etc.)
  • Experience with PCI DSS as a previous ISA or QSA
  • Familiarity with GRC tool automation, monitoring, and maintenance

Ramp Benefits (for U.S. based employees)

  • 100% medical, dental & vision insurance coverage for you
    • Partially covered for your dependents
  • 401k (including employer match)
  • Parental Leave
  • Unlimited PTO
  • WFH stipend to support your home office needs
  • Monthly wellness stipend
  • Annual education reimbursement
  • Relocation support

Want some tips on how to get an interview at Ramp?

What is Ramp looking for?
If this role looks interesting to you, a great first step is to understand what excites you about the team, product or mission. Take your time thinking about this and then tell the team! Get in touch and communicate that passion.
What are interviews for Information Security | GRC like?
Interview processes vary by company, role and team. The best plan is to see what others have experienced and then plan accordingly.
How to land an interview at Information Security | GRC?
A great first step is organizing your path to an offer. Check out Kiter for tools to get started!