Manager Information Security (GRC and Data Protection)

vFairs is an all-in-one event management software that helps organizations of all sizes host memorable virtual, hybrid, and in-person events. We’re on a mission to help organizations influence, inspire & delight audiences they care about without limits of space & time. Rated #1 by our customers on review sites such as G2, Capterra, and SourceForge, we empower companies to host engaging & high-impact events using our best-in-class tech, combined with unbeatable customer support.

About The Role

We are seeking an experienced Manager, Information Security GRC and Data Protection to lead our efforts in ensuring that our products, processes, and organization adhere to legal, regulatory, and ethical standards.

In this role, you will oversee compliance across security, privacy, legal, and data protection, while fostering a culture of transparency and accountability. This position is ideal for someone passionate about information security and data protection compliance in a tech-centric, SaaS environment.

Responsibilities

• Support and oversee the Information Security Governance, Risk, Compliance, and Privacy operations at vFairs LLC, ensuring alignment with the organization’s strategic objectives and regulatory requirements.
• Contribute to the establishment and management of a formal Information Security GRC and Privacy Program, and support the creation of a roadmap that aligns with industry standards and compliance needs.
• Assist in maintaining and executing the organization’s data privacy initiatives, ensuring compliance with relevant regulations (e.g., GDPR, CCPA) across operations.
• Work with process and control owners to design and implement information security controls, including the development of policies, procedures, and related documentation.
• Assist in strengthening the organization’s risk management processes by working closely with stakeholders, clients, partners, service providers, and vendors to ensure compliance and security posture.
• Partner with Legal, HR, and other departments to support an effective privacy program, helping to sustain organizational compliance and ethical standards.
• Oversee the Third-Party Risk Management program to ensure external partners and vendors meet vFairs’ security and compliance requirements.
• Lead risk assessments and support efforts to achieve key certifications and attestations, such as ISO 27001, AICPA SOC 2 Type 2, and others.
• Assist in managing a security awareness training program, contributing to building a strong security culture within the organization.
• Collaborate with sales and customer success teams to address security, compliance, and legal concerns, ensuring client satisfaction while maintaining compliance.
• Provide support in RFP processes related to security and IT aspects, ensuring vFairs can win key contracts by demonstrating its strong compliance and security posture.
• Ensure that all vFairs customers sign Data Processing Agreements (DPAs) as required, proactively managing these agreements and keeping clients informed of any security updates and SLA compliance.
  
  

Requirements

• Minimum 5 years of proven experience in areas of Information Security Governance, Risk Management, Compliance and Privacy.
• In-depth knowledge of the tech industry’s standards and regulations (experience with SaaS products is a big plus)
• Experience in the implementation of regulatory and compliance frameworks (SOC2, ISO2700x, ITIL, COBIT)
• Familiarity with Cloud Infrastructure technologies.
• Understanding of global data protection laws, standards, and associated frameworks (e.g., GDPR, CCPA)
• Excellent knowledge of reporting procedures and record keeping
• A business acumen partnered with a dedication to legality
• An analytical mind able to “see” the complexities of procedures and regulations
• BSc/BA in information technology, cybersecurity, project management or related field.
• Certifications such as CISSP, CISM, Security+, CIPM, CIPP/E, PMP are desirable.