GRC Manager

Uplight is creating a new category of energy. We make software that manages energy resources in homes and businesses—including things like smart thermostats, electric vehicles, solar panels, storage batteries, heat pumps, and even people’s behavior—to generate, shift, or save energy to balance the grid, making it more efficient and reliable. This creates clean energy capacity that can be used by the power grid instead of burning more fossil fuels. Our solutions accelerate the transition to clean energy and save money for energy customers. We are looking for a GRC Manager to drive our company forward, and help us lead the clean energy revolution! How you will make an impact: The GRC Manager translates strategic direction into actionable workflows, coordinates cross-functional teams, supports evidence lifecycle management, maps frameworks to controls to implementation, leads readiness activities, and ensures all GRC processes operate smoothly and efficiently. This role requires strong coordination, documentation, audit, and control-testing capabilities, paired with working technical fluency to understand control implications without performing system administration. Leadership: Leads the GRC program and a team of security professionals. Governance: Develop, document, and implement internal policies and procedures to ensure compliance with industry standards and legal requirements. Map requirements to controls and manage the company’s execution of the controls. Risk Management: Conduct regular enterprise-wide risk assessments, maintain a risk register, and develop mitigation strategies for identified threats. Co-lead Risk Management committees. Compliance: Lead audits and manage compliance efforts for frameworks such as SOC 2, ISO 27001, PCI-DSS, NERC-CIP, and privacy principles. Manage CAPAs for non-compliance. Third-Party Risk: Manage vendor risk management processes, including vendor assessments and contract reviews. Sales-cycle Support: Manage security and privacy responses to client questions and questionnaires, including RFPs, RFIs, annual risk reviews, and ad-hoc communication requests. Business Continuity: Manage and update business continuity and disaster recovery documentation, including BIAs, plan revisions, team rosters, and dependencies. Plan, coordinate, and document annual exercises, such as tests, tabletops, and other exercises. Awareness & Training: Oversee rollout of cybersecurity and privacy awareness campaigns and required annual training and policy attestations. Monitor participation, ensure compliance, and support content preparation aligned with company and regulatory requirements. Metrics: Build and manage security and privacy metrics program Technology & Reporting: Select and manage GRC software tools to automate processes, monitor controls, and provide reports to executives. Collaboration: Collaborate with IT, Security, Legal, and People teams to drive risk-informed decision-making and build a culture of compliance. We hire on value alignment first. The ideal candidate is someone who has a demonstrated passion for security and for leaving the world better than they found it. If you feel you’d be a good fit with us, consider applying.