GRC Manager

About The Position

Requirements

• 5–8+ years in GRC, security compliance, or risk management, ideally in SaaS.
• Hands-on experience with ISO, SOC 2, GDPR, and audit processes.
• Familiarity with GRC platforms (e.g., Vanta, Drata, Hyperproof).
• Experience in managing small teams for at least one to three years.
• Strong understanding of security controls, risk methodologies, and compliance operations.
• Excellent communication and cross-functional leadership skills.
• Ability to work strategically and hands-on in a fast-paced environment.
• Experience with vendor security reviews and vulnerability/risk management programs.
• Experience briefing the executive board on the risk management program and goals

Responsibilities

• Lead Zenity’s end-to-end GRC program, from strategy to day-to-day operations.
• Manage continuous compliance for ISO 27001/27701, SOC 2, GDPR, ensuring strong controls and audit readiness.
• Build and automate GRC workflows using tools like Vanta, Drata, Hyperproof, etc.
• Create dashboards, alerts, and reporting for real-time visibility into compliance and risk posture.
• Own and maintain corporate security policies and the full policy lifecycle.
• Oversee enterprise risk management: risk register, scoring, review cadence, and mitigation.
• Lead IT GRC and vulnerability management meetings with clear follow-through and accountability.
• Support vendor security reviews and procurement due diligence.
• Manage GRC intake workflows (risk requests, vendor reviews, compliance tickets).
• Partner with auditors and internal stakeholders to ensure smooth, successful audits.
• Identify control/process gaps and drive remediation with an automation-first mindset.