Security GRC Program Manager
About The Position
We’re a startup with big ambitions: to make estate planning modern, visual, and intelligent. Vanilla is the first AI-powered estate advisory platform, built by advisors, planners, and attorneys to transform how wealth is transferred across generations. Our technology unifies scenario modeling, client visualization, and document creation into one seamless, digital experience. Our team brings together diverse subject matter expertise across estate planning, wealth management, and scaling SaaS startups. We’re distributed across the U.S., with a mix of fully remote and hybrid roles, and we embrace flexibility while staying closely connected. At Vanilla, you’ll join curious builders and problem-solvers who thrive on speed, autonomy, and impact. Here, you won’t just join a company, you’ll help create it. If you’re excited to tackle hard problems, move quickly, and see your work shape both an industry and a growing startup, we’d love to meet you. We're looking for a Security GRC Program Manager to own our customer trust, security compliance, and assurance programs. As our first hire in this role, you'll build the operational backbone that lets us ship reliably while maintaining the trust of customers who depend on us with their most sensitive financial and estate planning data. You’ll own our customer trust program, assist with coordination of our SOC 2 program and audits, coordinate customer security diligence responses, and enable our enterprise sales motion through customer-facing security conversations and documentation. You’ll run point on customer DDQ and RFP responses, establishing scalable processes that enable fast, accurate, and consistent turnarounds. This means spending your time running SOC 2 audit cycles, building and scaling trust and compliance processes, responding to customer security questionnaires, and translating between engineering teams, auditors, customers, and leadership. You’ll work closely with the CTO, Chief Legal Officer, Security Engineer, and Revenue teams to make compliance and customer trust strategic advantages rather than overhead. This role is ideal for someone who thrives at the intersection of technical program management and security compliance, enjoys building foundational programs, and wants high-impact visibility at a Series B company where customer trust is a competitive differentiator.
Requirements
- Minimum of 5 years in a technical and/or security role with customer facing experience
- Minimum of 3 years experience in program management, customer trust, or DDQ/RFP management within the tech industry with highly regulated customers
- Proven track record in driving security processes and operational plans
- Requires strong attention to detail, organizational skills, good judgement, and the ability to prioritize tasks, manage timelines, and meet tight deadlines
- Strong contract review and negotiation skills related to security and compliance
- Knowledge of security risks, vulnerabilities, and threat management
- Background in supporting customer audits and engagements
Nice To Haves
- Experience in fintech, healthtech, or regulated industries
- Prior experience at Series B-D companies scaling security compliance programs
- Demonstrable experience implementing tools to drive and streamline DDQ processes
Responsibilities
- Lead customer due diligence questionnaire (DDQ) and RFP response process and third-party risk management process; track and manage high volume of DDQ and RFP requests. Coordinate and collaborate with internal teams to meet tight deadlines. Handle a high volume of requests and interactions in a fast-paced environment
- Support enterprise sales with technical customer security discussions
- Lead SOC 2 Type II audit preparation, evidence collection, and remediation
- Conduct third party vendor security assessments, collaborate on third party risk management processes
- Implement and manage third party tool and new processes to create efficiencies
- Develop the security narrative and conduct security reviews for new product functionality to enable GTM
- Review and negotiate security and compliance language in customer contracts in collaboration with Legal team
- Build and manage Trust Center integrations and public-facing security documentation in collaboration with Legal team
- Build customer-facing compliance artifacts (security whitepapers, certifications)
Benefits
- Flexible paid time off policy and 10 company-wide paid holidays
- Parental leave, 4 weeks for all full-time employees and up to 12 weeks for birthing parents
- Medical, dental, and vision benefits coverage for employees and their families
- 401K eligibility after one month of employment
- Free estate planning documents
- Budget for learning & development and home office setup
- Paid parking or transit for hybrid and in office employees
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Education Level
No Education Listed
Number of Employees
101-250 employees
