Governance, Risk & Compliance (GRC) Manager

We are looking for an experienced and hands-on GRC Manager to lead our talented team of analysts and own the execution of our complex global compliance portfolio. This is a critical leadership role for a \"player-coach\" who thrives on managing multiple high-stakes projects, mentoring skilled professionals, and driving process maturity.

You'll be responsible for ensuring our organization successfully navigates a diverse set of audits and certifications, including SOC 2 (Type I and II), HIPAA, PCI DSS 4.0.1, GDPR, CPRA, India's DPDP Act, and a full suite of ISO standards (27001, 27017, 27018, 27701, 42001). If you are passionate about building efficient GRC programs and leading teams to success, this is the role for you.

What You Will Do (Key Responsibilities) Directly manage, mentor, and develop a team of senior analysts, fostering their expertise in domains like IT controls, TPRM, and security privacy. You'll act as their primary point of escalation and support. Oversee the enterprise-wide risk management program, including the maintenance of the risk register and facilitation of risk assessments. Ensure that risks arising from complex regulations, including GDPR and CCPA/CPRA, are properly identified, assessed, and mitigated in partnership with the Legal Privacy and Security Privacy teams. Act as the primary problem-solver for the GRC function. You're expected to identify potential roadblocks, compliance gaps, or process inefficiencies, diagnose the root cause, develop pragmatic solutions, and drive them to resolution with autonomy. Own the GRC audit calendar and project plans. You'll be responsible for managing the end-to-end lifecycle for all audits and certifications. Manage the GRC budget, including all costs associated with external auditor charges and GRC tooling. You'll also oversee the relationship with key partners like external audit firms. Partner with the CISO to translate the high-level GRC strategy into actionable quarterly goals and deliverables for the team. Serve as the primary GRC liaison to other departments, ensuring smooth collaboration with Legal Privacy, Engineering, and Sales to support programs like Customer Assurance and TPRM. Partner with Product & Engineering teams to define requirements for second-line-of-defense tooling within a unified GRC framework Develop and deliver clear, concise reports on the GRC program's status, key risks, and audit outcomes to executive leadership. Drive cross-org execution by collaborating with Product and Engineering functions to deliver results that maximize impact beyond simple compliance checkboxes.

Required Qualifications A minimum of 10 years of progressive experience in GRC, IT Audit, or a related risk management field. A minimum of 5 years of experience in a direct people management role, with proven success in hiring, developing, and leading high-performing teams. Core Framework Expertise: Deep, authoritative expertise in SOC 2 (Type I and II) and ISO 27001. Expert knowledge of NIST 800-53, CIS Controls, risk management methodologies, and data protection best practices. Significant hands-on experience managing audits for at least one of the following highly-regulated frameworks: HIPAA (Health Insurance Portability and Accountability Act) PCI DSS (Payment Card Industry Data Security Standard) Proven ability to manage a portfolio of complex, long-term projects simultaneously, including resource planning, risk management, and successful delivery. Deep expertise in security with the ability to holistically understand relevant products and go deep on technical details when diagnosing risks

Preferred Qualifications Expert knowledge of global privacy regulations, particularly GDPR and CCPA/CPRA, and an understanding of how they translate into operational and technical risk. Substantial experience with a wider range of standards and regulations, including: Cloud Security (ISO 27017/27018) Global Privacy Regulations (GDPR, India DPDP Act, etc.) Emerging Tech Governance (ISO 42001 for AI) Experience presenting to and communicating with executive leadership (VP and C-level). Active senior-level certifications are strongly preferred. Examples include, CISM, CRISC, CGEIT . Experience developing and managing departmental budgets. A track record of successfully implementing and scaling GRC automation and customer assurance platforms. Recognized as a thought leader in risk management, with experience influencing external stakeholders and policies. Proven ability to operate hands-on across organizations and functions in a fast-paced tech environment.