Squarespace is a SaaS-based Content Management System offering a website builder, blogging platform and hosting service.

Companies like Squarespace
are looking for tech talent like you.

On Hired, employers apply to you with up-front salaries.
Sign up to start matching for free.

About Squarespace

Job Description

Our GRC team is seeking creative, diligent, technical, and talented IT compliance and security risk professionals with a background in SOX IT controls implementation, regulatory controls requirements, process improvement, and security risk analysis.


* Evaluate and maintain ITGC policies, procedures, and controls for Squarespace systems (internally developed and third party).
* Actively work with stakeholders across the business (Finance, Accounting, Internal Controls, Engineering, etc.) to track remediation of ITGC and security control gaps.
* Conduct self-assessments/audits to confirm Squarespace's adherence to internal policies, compliance objectives, and industry best practices.
* Help support external audits of our SOX and PCI control environments
* Perform detailed ITGC testing for in scope SOX systems. Clearly document and communicate findings to the GRC team and, where necessary, process owners.
* Assist with security and enterprise risk assessments across the organization.
* Partner with Security Engineering to formally document security policies (outside the scope of ITGC policies) and procedures.
* Conduct vendor security risk assessments for any third party SaaS software solutions being considered for use by the company. Provide feedback to the key stakeholders based on the assessment and a recommendation to move forward or disengage.
* Grow and establish the GRC function at Squarespace through strong collaboration with Engineering teams and cross functional partnerships with Finance, Accounting, Legal, CustOps, Product, and Strategy.
* Actively track project status and proactively communicate road blocks with proposed solutions.


* 2+ years relevant experience in an IT audit/compliance/risk management role
* Experience with IT controls implementation in the context of SOX and SOC 2/3
* Experience working in a full Linux environment, Git, and CI/CD
* Self-motivated and eager to learn from more seasoned GRC and Security Engineering professionals
* PCI controls implementation & SAQ experience is a plus
* Experience identifying, tracking, reporting and remediating IT procedural and technical risk
* Working knowledge of web based technologies and cloud environments is a plus
* Big-4 is preferred
* CISA certification (or at a minimum, successful completion of the CISA examination) is strongly preferred

About Squarespace

Squarespace is a SaaS-based Content Management System offering a website builder, blogging platform and hosting service.

1217 employees

225 Varick St 12TH FLOOR

Let your dream job find you.

Sign up to start matching with top companies. It’s fast and free.