Director, GRC & IT

About Aurora Solar

Aurora is on a mission to create a future of solar for all. Our award-winning software puts the power of data and technology into the hands of every solar professional to make solar adoption simple and predictable. Our software has designed millions of solar projects so far, empowering solar companies to sell, design, and install residential and commercial solar arrays accurately, seamlessly, and at scale. 

We are a remote-first collaborative team of sustainable energy enthusiasts who love what we do. We’ve been named one of "The Best Mid-Sized Remote Companies To Work for in 2024" by BuiltIn.com and have been recognized for the second time as a Certified Green Business (CGB) with the city of San Francisco. We’re in this together to support the world’s transition to solar.

About the Team

Security at Aurora is a shared responsibility. Everyone at our company is expected to act as stewards of our company information, data, and assets. This role will work directly with our cross-functional security group which includes team members from Engineering Operations, IT, Corporate Operations, and Legal and works closely with our security partner and leaders across the company at Aurora Solar to continuously strengthen, improve, and verify our security posture. This role will oversee our IT team, which is a four-person team led by our senior IT manager and is responsible for managing/expanding our IT systems that power all Aurorans in their day-to-day tasks.  

About the Role

We’re searching for a senior leader to lead our Security and Compliance programs, and oversee our IT team. Reporting to the Senior Director of Engineering, the Director GRC & IT  will have an immediate impact on the company by advancing our existing security and compliance programs and guiding our IT team. The ideal candidate will have demonstrable experience in IT, security and compliance in a growth stage B2B SaaS environment.

Your Impact

The Director GRC & IT  will be  responsible for leading Aurora’s global information security, data protection, and compliance programs. This role involves ensuring compliance with GDPR, SOC 2, and other relevant regulations and standards. The individual will manage risk, oversee security operations, develop and implement security policies, and ensure that all business processes meet industry standard security,  legal and regulatory requirements.

• Develop and implement a comprehensive security and compliance strategy that aligns with Aurora’s business goals. Stay current with industry trends, threats, and technology solutions to proactively manage security risks.

• Drive all compliance initiatives including GDPR, CCPA, SOC2, ISO27001 etc. in close partnership with all departments through all phases of development, planning, execution, and maintenance

• Be the public face of Aurora’s posture on security and compliance to our customers and prospects. Take ownership of driving confidence in our security posture through conversations and security questionnaire responses to unblock revenue opportunities across a global customer base

• Develop and maintain an incident response plan. Lead the response to security incidents, ensuring timely resolution and communication. Conduct post-incident reviews and root cause analyses to prevent recurrence

• Be the thought leader and driver for Aurora Solar’s long-term security and compliance strategy and posture – corporate, cloud, and application

  • Foster a culture of “security in everything we do” across all levels of the organization
  • Establish annual and long-range security and compliance goals, define security strategies, metrics, reporting mechanisms and program services; and create maturity models and a roadmap for program improvements
  • Develop and deliver security and compliance training programs for employees at all levels
  • Lead the development and implementation of effective policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation
  • Develop and implement policies and frameworks governing the use of AI within the organization. Monitor and assess AI-related risks and ensure appropriate controls are in place
  • Lead efforts to internally assess, evaluate and make recommendations to management regarding the adequacy of the security controls for our applications, infrastructure and products
  • Work closely with business and technical leaders on a wide variety of security issues that require an in-depth understanding of infrastructure, cloud based applications and architecture
  • Examine impacts of new technologies on the organization's overall information security

• Work with Aurora’s legal department to ensure that corporate governance practices meet regulatory and legal requirements

• Oversee our IT team and initiatives

What You Bring

• 7+ years of experience leading IT, security, and compliance operations at a growth stage SaaS company
• Strong interpersonal and communication skills with the ability to influence at all levels of the organization
• A successful track record of leading the planning, execution and maintenance phases of complex security and compliance programs such as SOC2. Expertise in designing and implementing corporate and customer security policies
• Exercising sound judgment and common sense when it comes to security and compliance posture to strike the right balance between the spirit and the letter of the compliance framework/law
• Up-to-date knowledge of relevant regulatory frameworks, applicable laws and regulations
• Strong incident response skills, with the ability to lead investigations, coordinate with stakeholders, and implement corrective actions
• Strong project management skills with the ability to handle multiple projects simultaneously and meet deadlines
• Proven experience in managing security operations across multiple regions or countries, understanding global security landscapes and compliance requirements

Nice to Haves

• CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), CISA (Certified Information Systems Auditor), or equivalent security certifications are not necessary but highly desirable.
• Experience with Vanta or other GRC tooling
• Understanding of Agile development methodologies
• Experience in a fast growth startup environment

What We Offer

• 🏖️Flexible PTO - Take the time when you need it
• 🍼Parental Leave - 16 weeks with 100% base salary + gradual return to work
• 💰WFH Stipend - An initial $675 CAD(Non-engineers) or $1000 CAD (Engineering roles)
• 🏢 Coworking Stipend - $400 CAD / month if you prefer to be at a coworking facility near you
• ☀️Energize Fridays - Company-wide days to log off and recharge
• 📶Connectivity Stipend - Up to $100 CAD / month towards internet or phone
• 🩺Medical, Dental, and Vision - Aurora will cover 100% of premiums for employee-only and dependent coverage of our supplemental medical, dental, and vision plans
• Please take a look at our 2024 Canadian Benefits Booklet for a deeper dive into our offerings

Where Aurorans are: Aurora currently has teams within the US, Canada, Mexico, and Germany with additional locations on the horizon. We’re united in our work to support the world’s transition to solar!

Aurora is dedicated to building a diverse and inclusive workforce of people who believe in and are passionate about creating a future of solar energy for all. We are an equal opportunity employer, we welcome and consider qualified applicants regardless of gender identity, sexual orientation, race, religion, age, national origin, citizenship, pregnancy status, veteran status, or any other differences. We encourage you to apply even if you believe that you do not meet all of the above criteria!

Aurora is committed to creating an inclusive and accessible experience for all candidates. If you require a reasonable accommodation that would better enable your success during the application or interview process, please complete this form.

For San Francisco applicants: Pursuant to the San Francisco Fair Chance Ordinance, we will consider qualified applicants with arrest and conviction records for employment.