GRC Manager

CloudZero•Boston, MA

1d•Hybrid

About The Position

CloudZero is growing rapidly, and the GRC Manager will be responsible for owning and scaling the company's governance, risk, and compliance programs. This role reports to the Sr. Director of IT & Security within the Office of the CTO and will collaborate with various departments including Legal, Engineering, Product, Sales, and G&A. The position is hybrid, requiring 2-3 days per week in the office. The GRC Manager will be instrumental in protecting CloudZero's interests, building customer trust, and enabling the business to move quickly by providing necessary compliance documentation and risk assessments.

Requirements

5+ years of experience in governance, risk, and/or compliance roles, ideally within a SaaS or cloud technology company.
Proven experience building or significantly maturing a GRC program, with direct, hands-on involvement in SOC 2 or similar certification audits.
Working knowledge of established risk management frameworks such as COSO, ISO 31000, or NIST RMF.
Solid understanding of GDPR, CCPA, and how data privacy obligations translate into practical controls and policies.
Strong communicator who can make risk and compliance topics accessible and actionable for technical teams, business partners, and senior leadership.
Ability to drive initiatives from scoping through completion while keeping multiple workstreams moving in a fast-paced environment.
A business-enabling mindset — treating compliance as a competitive advantage.
Proven ability to partner cross-functionally across departments to drive compliance goals and outcomes.

Nice To Haves

Prior experience at a SaaS technology startup.
Hands-on technical experience with GCP, AWS, or Azure from a security and compliance lens.
Experience working with Vanta or Drata for continuous compliance monitoring and automation.
Experience with security questionnaire automation tools such as Loopio, Iris, or similar solutions.
Professional certifications such as CRISC, CISA, CISM, CISSP, or CIPP.
Familiarity with security frameworks including NIST CSF, CIS Controls, or OWASP.
Curiosity and enthusiasm for leveraging AI tools (such as Claude, Claude Code, or similar) to work smarter, automate repetitive tasks, and continuously find new ways to drive efficiency across the GRC function.

Responsibilities

Design and operate a comprehensive GRC framework spanning governance structures, enterprise risk management, and compliance programs.
Own audit and certification programs including SOC 2 and other relevant standards, coordinating across internal teams and third-party auditors.
Develop, maintain, and improve security and privacy policies and procedures.
Lead regular enterprise risk assessments and maintain a living risk register.
Serve as a key stakeholder in building CloudZero’s AI Governance & Strategic Risk strategy.
Take full ownership of business continuity and disaster recovery programs, including design, documentation, testing, and exercises.
Build and manage third-party risk management processes, including vendor due diligence, contract reviews, and ongoing monitoring.
Track regulatory developments alongside the Legal team to ensure compliance with GDPR, CCPA, and other applicable requirements.
Manage the company’s security awareness training program and run internal audits.
Own the security questionnaire and assessment process, focusing on building and scaling tooling and automation for efficient responses.
Review and redline security and data privacy language in customer and prospect contracts.
Build and maintain a library of pre-approved security responses, compliance artifacts, and contract language.
Actively identify and implement tooling to automate questionnaire responses and security review workflows.
Maintain and continuously improve CloudZero’s trust center.
Partner with Sales Engineering and Solutions teams to address security and compliance requirements early in the sales cycle.

Benefits

Cloud cost management is one of the biggest challenges organizations face today.
As cloud adoption continues to accelerate, so do the complexities and costs associated with it, and macroeconomic conditions only increase pressure to prove cloud efficiency.
CloudZero is a SaaS platform at the intersection of next-generation cloud cost management and FinOps.
We ingest billing and usage data from all cloud, SaaS, and PaaS providers, organize it in real time according to our customers’ business structures, and empower organizations to make more informed business decisions.
Since our founding in 2016, our mission has been to make efficient innovation a reality for every cloud-driven organization.
We believe every engineering decision is a buying decision, and we’re applying proven reliability engineering principles to financial efficiency.
We believe the best AI empowers users with clear insights and confident decisions, transforming complex cloud cost data into actionable intelligence that drives meaningful business outcomes.
To date, we’ve raised over $56 million from leading venture capital firms.
We’re solving problems of massive scale, business importance, and complexity in a space that needs it more than ever.
CloudZero is an equal opportunity employer and values diversity.
We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status or disability status.
All job offers are contingent upon the candidate passing background and reference checks.
CloudZero is unable to sponsor employment visas. Candidates must have permanent authorization to work in the United States without the need for current or future sponsorship.