GRC Manager

Mattermost
$139,254 - $168,318Remote

About The Position

Mattermost is seeking a GRC Manager to lead and modernize its governance, risk, and compliance program for both federal and commercial markets. This role involves a modern, engineering-led approach to compliance, utilizing GRC engineering and AI to reduce manual effort and scale programs. The GRC Manager will be responsible for the end-to-end compliance posture, including federal readiness and commercial certifications, aiming for automated, continuously monitored, and AI-native processes. The position requires hands-on compliance work, coordination with internal stakeholders (engineering, infrastructure, IT), external auditors, and customers. As the program grows, the role will involve building and leading a team.

Requirements

  • Bachelor's degree in computer science, information security, or related field — or significant professional GRC and compliance experience
  • Proven senior-level experience in governance, risk, and compliance, security compliance, or IT audit, including direct ownership of a certification or authorization program
  • Experience with U.S. Federal standards including CMMC and NIST series (800-171 / 800-53)
  • Experience with ISO 27001 and SOC 2 Type II
  • Experience operating a formal risk management program
  • Experience running a third-party and vendor risk management program
  • Experience owning customer-facing security assurance, including security questionnaires and trust center content
  • Working knowledge of security controls for cloud environments (AWS, GCP, and/or Azure)
  • Excellent written and verbal communication skills
  • U.S. citizenship
  • Located in the United States and eligible to obtain and maintain a U.S. government security clearance
  • Meet eligibility requirements for access to export-controlled information as defined by U.S. export control laws, including EAR and ITAR

Nice To Haves

  • Professional GRC certifications such as CISA, CRISC, CISM, CISSP, or CIPP
  • Experience working with AI platforms such as Claude, OpenAI, or Gemini
  • Experience with compliance automation tooling such as Vanta or Drata, and continuous controls monitoring
  • Direct experience applying AI or LLM-based workflows to GRC tasks
  • Proficiency in no-code automation or scripting languages
  • Past success in critical infrastructure industries including defense, cybersecurity, communications, or manufacturing

Responsibilities

  • Own and modernize Mattermost's compliance programs across federal and commercial markets
  • Lead readiness, certification, and surveillance cycles across both programs
  • Operate the risk management program end to end — from identification and assessment through treatment and acceptance
  • Own the third-party and vendor risk management program, including security assessments and supply chain risk
  • Apply GRC engineering and automation to replace manual evidence collection with continuous controls monitoring
  • Build AI-native workflows to accelerate and improve the quality of recurring compliance work
  • Maintain the control library, system security plans, POA&Ms, and policies
  • Coordinate external audits from scoping through remediation
  • Accelerate deal cycles by owning customer security questionnaires, trust center content, and reusable compliance artifacts
  • Grow and lead the GRC team as the program scales

Benefits

  • Mission-driven work
  • Remote-first culture
  • Open source at the core
  • AI-forward environment
  • Unique scope
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service