Governance, Risk, and Compliance Manager

About The Position

Requirements

• 3-5 years of GRC experience in high-growth SaaS or technology companies, with direct responsibility for compliance programs
• Proven track record successfully contributing to SOC 2, ISO 27001, or similar enterprise compliance certifications
• Experience in data privacy regulations including CCPA, GDPR, and emerging AI governance frameworks
• Strong project management skills with ability to coordinate cross-functional teams under tight deadlines
• Excellent written and verbal communication skills to translate complex security concepts for diverse audiences
• Working knowledge of technical security controls and ability to collaborate effectively with engineering teams

Nice To Haves

• Experience with AI/ML compliance frameworks and understanding of unique risks in conversational AI systems
• Background in healthcare or financial services with knowledge of HIPAA or PCI requirements
• Track record of building GRC programs at companies scaling from startup to enterprise
• Experience with GRC platforms like Vanta, Drata, or SecureFrame to automate compliance workflows
• Understanding of cloud security particularly Google Cloud Platform compliance and security features

Responsibilities

• Drive compliance certifications including SOC 2 Type II, ISO 27001, PCI DSS, HIPAA, and CCPA
• Automate or execute compliance evidence collection, ensuring all controls are properly documented and audit-ready
• Maintain and improve security documentation including policies, procedures, and customer-facing security collateral
• Support customer security assessments by preparing materials for security reviews and helping address technical inquiries from Fortune 500 security teams
• Manage security and compliance topics in RFPs end-to-end, coordinating responses across engineering, product, and legal teams to deliver accurate, timely responses to enterprise customers.
• Coordinate with contractors and vendors to maintain response quality and meet timelines during peak sales periods
• Build and optimize repeatable processes to scale our GRC operations to hundreds of enterprise customers
• Partner with sales engineering to understand customer security requirements and proactively prepare responses for common concerns
• Partner with Sales and Customer Success to accelerate deal velocity by proactively addressing customer security concerns with published content
• Collaborate with Security, Engineering, and Product teams to translate compliance requirements into actionable technical controls and ensure new features meet regulatory standards
• Establish vendor risk management programs to assess and monitor third-party security risks across our supply chain

Benefits

• Medical, dental, and vision benefits
• Take what you need vacation policy
• Daily lunches, dinners and snacks in the office to keep you at your best
• Offers Equity