Founded in 2017, dutchie is an all-in-one technology platform powering dispensary operations, while providing consumers with safe and easy access to cannabis. Dutchie aims to further support the positive societal change the cannabis space brings to the world through health and wellness benefits, social justice, and by empowering local communities through tax revenue. Powering thousands of dispensaries across 35+ markets throughout the United States and Canada, dutchie is the leading technology company in the cannabis space and was named to Fast Company’s 10 most innovative companies in North America and LinkedIn’s Top 50 Startups.
Dutchie has raised $253M in funding to date, backed by Tiger Global, Dragoneer, DFJ Growth, Thrive Capital, Howard Schultz, Snoop Dogg’s Casa Verde Capital, Gron Ventures, members of the founding team at DoorDash, Kevin Durant’s Thirty Five Ventures, and other notable angel investors.
About the Role
Dutchie is seeking a Senior Manager of Governance, Risk, and Compliance (GRC). This role will lead efforts for SOC2, HIPAA, PCI, and future compliance frameworks; they'll also establish a 3rd party risk assessment framework, and ongoing risk assessment program. This is highly visible role that will work cross-functionally with legal, engineering, product, operations, HR, and other departments to translate controls and policies into scalable frameworks and outcomes.
What You’ll Do…
- Own and lead dutchie’s GRC program and team
- Establish and maintain processes and procedures that support audit and compliance management which integrate without disrupting a fast moving environment
- Build and maintain a GRC roadmap that takes into account future business plans and regulatory requirements
- Build and maintain a 3rd party risk-assessment program and audits
- Evangelize GRC programs and processes across dutchie
What You Bring…
- Bachelor’s degree in Information Systems, Cybersecurity, or a related field or equivalent experience
- Experience documenting and implementing security policies, standards, and/or controls.
- Prior experience owning a GRC program.
- Experience with PCI, SOC2, HIPAA, ISO 27001, SOX and GDPR
- Familiar with 3rd Party risk assessment and related tools
- Comfortable with interfacing with other internal or external organizations regarding security policy and standards violations, security controls failure, and incident situations.
- Strong experience developing methods and procedures for risk analysis and mitigation to include Vulnerability Management (VM).
- IT Audit, internal Audit and/or risk advisory experience is a plus.
- Comfortable working with ambiguity is a must.
- Competitive Salary
- Full Benefits - Medical, Dental, and Vision Insurance
- Flexible vacation and sick days
- Technology (hardware, software, reading materials, etc..) allowance
At dutchie, we’re committed to providing an environment of mutual respect where equal employment opportunities are available to all applicants and teammates without regard to race, color, religion, sex, sexual orientation, gender identity or expression, pregnancy, age, national origin, disability status, genetic information, protected veteran status, or any other characteristic protected by law. Dutchie believes that diversity and inclusion among our teammates is critical to our success, and we seek to recruit, develop and retain the most talented people from a diverse candidate pool.