Benevity is the global leader in online workplace giving, matching, volunteering and community investment software. Many of the world’s most iconic brands rely on Spark, Benevity’s award-winning cloud solution, to power corporate “Goodness Programs” that attract, retain and engage today’s diverse workforce by connecting people to the social causes that matter to them.
Benevity is seeking an experienced Advisor to join our Governance & Controls team. The team provides guidance to groups throughout Benevity as well as our community of clients and charities in the areas of risk management, internal controls, and regulatory compliance. Your pragmatic approach to risk and compliance provides valuable real world guidance to internal and external stakeholders. Your exceptional attention to detail and communication skills ensure that Benevity’s current and prospective clients understand our commitment to security and compliance. You will become an integral part of our amazing team, liaising with Product & Insights, Sales/Marketing and Web Operations.
What you will do:
- Participate in privacy, compliance and risk management initiatives including risk assessments, audits and any special projects as agreed upon with senior management.
- Create and maintain compliance documentation (e.g. policies, procedures, risk and controls matrix).
- Provide periodic reporting on the state of the control environment to internal and external stakeholders, including SSAE18 reporting, ISO 27001, PCI-DSS certification, business continuity and privacy.
- Analyze information systems and related controls to identify risk areas to be considered for internal audits or projects, increasing effectiveness and efficiency of operations.
- Review the compliance posture of potential and existing third party suppliers.
- Assist new clients through the RFP process of security due diligence and security assessments.
What you bring:
- BA/BSc, and 3+ years experience in information technology, information technology audit, public accounting, compliance or other relevant experience.
- Current, industry-recognized certifications (e.g. CISA, CISSP, CISM, GIAC, etc.).
- Familiarity with applicable frameworks, standards, and regulations.
- Facilitation skills with team members from various functional areas (e.g. risk assessment workshops).
- Excellent research skills relevant to current and emerging standards and regulations.