GRC Lead

Upwind SecuritySan Francisco, CA
132d
Match Resume

About The Position

Upwind is a next-generation Cloud Security Platform that leverages runtime context to identify and prioritize critical risks, providing precise insights and efficient cloud security management. Unlike traditional tools, Upwind uses runtime data proactively for risk prioritization and posture insights, ensuring teams focus on what truly matters. With industry-leading efficiency and eBPF-powered sensors, Upwind delivers comprehensive capabilities, including agentless cloud posture discovery, real-time threat protection, and integrated API security. From misconfigurations to malware defense, Upwind ensures end-to-end, cost-effective cloud infrastructure protection. At Upwind, you’ll have the opportunity to think creatively, explore new ideas, and use your skills to make a meaningful impact on our growth. Upwind Security is seeking a motivated and customer-focused GRC Lead to support our rapidly growing team. As the first point of contact for GRC-related issues, you will play a critical role in ensuring smooth operations across the organization. This role requires strong technical skills, a service-oriented attitude, and the ability to support a global team. As the GRC Lead, you will drive our security governance initiatives, lead compliance efforts, manage risk, and ensure we meet the expectations of customers, auditors, and regulators.

Requirements

  • 8+ years of experience in GRC, InfoSec, or risk & compliance functions
  • Strong understanding of industry standards and frameworks (e.g., SOC 2, ISO 27001, PCI, NIST, GDPR, CIS)
  • Experience leading compliance projects and audits end-to-end
  • Hands-on experience with GRC tooling and risk management workflows
  • Ability to write and communicate security policies, reports, and training in clear, accessible language
  • Strong project management skills and stakeholder engagement ability
  • Prior experience in a fast-paced startup or SaaS environment - a plus
  • Relevant certifications: CISA, CISM, CRISC, or ISO 27001 Lead Implementer/Auditor - a plus

Nice To Haves

  • Prior experience in a fast-paced startup or SaaS environment
  • Relevant certifications: CISA, CISM, CRISC, or ISO 27001 Lead Implementer/Auditor

Responsibilities

  • Develop, maintain, and socialize security policies, standards, and procedures aligned with ISO 27001, SOC 2, GDPR, FedRamp and other frameworks.
  • Lead the enterprise, product, and vendor risk management programs—including risk assessments, mitigation plans, and risk registers.
  • Own and drive security compliance initiatives such as SOC 2 Type II, ISO 27001, and customer audits.
  • Build and operate a third-party security review program; work with Procurement and Legal on vendor onboarding and offboarding.
  • Prepare evidence, manage internal and external audits, and continuously improve audit readiness posture.
  • Run the company-wide security awareness and training programs.
  • Develop KPIs and reporting dashboards to track control effectiveness and risk posture for leadership and board-level communication.
  • Partner with Legal, Engineering, Product, and IT to ensure compliance is embedded across business processes.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume

What This Job Offers

Number of Employees

101-250 employees

Job Search Resources

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service