Cybersecurity GRC Manager

Founded in 2014, ButterflyMX is on a mission to empower people to open and manage doors & gates from a smartphone. Our products are installed in more than 10,000+ multifamily, commercial, gated communities, and student-housing properties worldwide, including properties developed, owned, and managed by the most trusted names in real estate.

Our features are designed for developers, owners, property managers, and tenants. And our products lower operating costs and improve tenant satisfaction. Developers and owners no longer need to run building wiring or install in-unit hardware. Property managers can grant building access, revoke permissions, and review entry logs from an online dashboard. Residents can open doors from their smartphones, issue visitor access, and see who is trying to enter the building.

Fantastic people are the key to our success. As a distributed, primarily remote workforce, we’re looking for more intelligent, passionate, collaborative, and down-to-earth individuals to join our growing team. Our culture is transparent and flexible; our benefits range from a 401(k) match to quarterly stipends for self-care. While we work incredibly hard to improve the experience of everyone who lives, works, and visits our communities, we always have time for a good laugh. 

At ButterflyMX, we are committed to maintaining the highest standards of governance, risk management, and compliance as we drive innovation in Property Tech. We are seeking an experienced and proactive GRC Manager to ensure that our organization and its operations align with industry best practices and regulatory requirements.

The Compliance Manager will facilitate the development, implementation, and management of our Governance, Risk, and Compliance (GRC) programs. Responsibilities will include ensuring adherence to SOC 2, ISO 27001, GDPR, and CCPA standards by managing daily compliance operations, conducting comprehensive analyses, assessments, and audits. This role will work closely with various departments to identify, evaluate, and mitigate risks, ensuring that our company’s policies and procedures align with regulatory requirements and support our overall business objectives. The Compliance Managerwill be tasked with developing and managing an internal audit program, overseeing daily risk management activities, and ensuring the security of vendors and third-party partners. 

Responsibilities:

• Compliance Management: Oversee compliance programs to ensure adherence to relevant laws, regulations, and industry standards. Manage internal and external audits, and ensure findings are addressed.
• Risk Management: Identify, assess, and prioritize risks to the organization, and implement risk mitigation strategies across all business units. Key responsibility will be proactively managing the ButterflyMX Risk Register.
• Governance: Develop and maintain governance frameworks that support business objectives while ensuring compliance with internal policies and external regulations.
• Policy Development: Create, update, and enforce policies and procedures related to governance, risk, and compliance to maintain a robust control environment.
• Training and Awareness: Develop and deliver training programs to educate employees on GRC principles, policies, and best practices.
• Incident Management: Lead the response to compliance-related incidents, including investigations, remediation, and reporting.
• Reporting: Prepare regular reports for senior management and the board on the status of GRC initiatives, risk assessments, and compliance audits.
• Collaboration: Work closely with legal, finance, IT, and other departments to integrate GRC practices into all aspects of the business.
• Continuous Improvement: Continuously monitor and improve the GRC framework to adapt to changes in the business environment, regulations, and emerging risks.
• Customer & Prospect Questionnaires: Respond to security questionnaires from existing customers and prospects.

• 5+ years of experience in governance, risk management, and compliance roles in a startup company using Cloud Technologies
• Must have successful completion of a SOC2 Type 2 audit for a startup company providing SaaS on AWS, Mobile &/or IoT solutions
• Strong knowledge of regulatory requirements and industry standards (e.g., SOC2, ISO 27001, SOX, GDPR).
• Experienced managing GRC with a modern tech stack including AWS, Google Workspace, Github, JIRA, Windows, Linux, Kubernetes, Terraform..
• Proven experience in developing and implementing GRC frameworks and programs.
• Analytical mindset with the ability to assess and prioritize risks.
• Excellent communication skills, with the ability to influence and educate stakeholders at all levels of the organization.
• Proactive and strategic thinker with strong problem-solving skills.
• Certifications: Relevant certifications such as CISSP, CISA, CISM
• Experience with GRC tools and platforms such as Drata, Vanta or something similar
• Experience Managing Third Party Risk
• Nice to have: Implementation of Cyber Risk Quantification Program

• Comprehensive Medical (ButterflyMX covers 90% of the cost) starting day 1
• Dental and Vision plans (ButterflyMX covers 100% of the cost) starting day 1
• 401(k) plan with a match
• 13 paid holidays and 25 days of PTO
• Paid Family Leave
• Employee Assistance Program
• Quarterly self-care stipends
• HealthAdvocacy Program
• Access to optional benefits, including pre-tax flexible healthcare spending accounts (FSA and HSA), Dependent Care FSA, and Commuter Benefits, as well as optional Supplemental Life, AD&D, Hospital Indemnity, Disability, Legal, Accident, Critical Illness, Pet, and Personal Liability Insurance
• Collaborative, dynamic work environment filled with kind, intelligent people who are working hard on an industry-defining product

EEO STATEMENT

ButterflyMX is an equal-opportunity employer, and we value diversity at our company. We strive to create an accessible and inclusive experience for all candidates and employees. We do not discriminate based on race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. You must have the authorization to work in the US to become an employee. Please let our recruiting team know if you need reasonable accommodation during the application or the recruiting process.