We're looking for a Senior Governance, Risk, and Compliance (GRC) Specialist to join our global GRC team. In this critical role, you will help secure the platform that powers the software supply chain for thousands of the world's top organizations.
Reporting to the GRC Manager, you will work alongside a talented team to enhance our security posture, establish GRC best practices, and embed security governance into our fast-paced, DevOps-driven culture. You will be a key advisor, helping to translate complex risks and compliance requirements into actionable controls that support missin.
As a Senior GRC specialist you will...
Drive Security Framework Adoption (New Markets): Lead the strategic adoption of net-new security frameworks to unlock business markets.
Oversee the Security Certification Program: Oversee the end-to-end execution of our security assurance portfolio (ISO 27001, SOC 2).
Lead Security Audits: Serve as a primary GRC contact for internal and external audits. You'll coordinate evidence gathering, craft management responses, and drive the remediation of findings.
Lead Governance Initiatives: Develop, maintain, and enhance the enterprise-wide security GRC framework, policies, standards, and procedures, ensuring they align with our cloud-native and SaaS environment.
Risk Management & TPRM: Evolve our Third-Party (TPRM) and Internal Security Risk programs, including executing and documenting comprehensive risk assessments, ensuring that findings are remediated and clearly aligned with risk appetite.
Collaborate Cross-Functionally: Partner with engineering, product, IT, and legal teams to embed security controls into daily business operations, ideally automated.
Mentor & Advise: Act as a subject matter expert on governance and risk for the wider organization and provide mentorship to junior GRC team members.
Requirements: 5+ years of direct experience in Information Security GRC, Risk Management, or Audit, preferably acquired within a high-growth SaaS or cloud-native environment.
A proactive, self-starting mentality with strong analytical, project management, and problem-solving skills, with proven ability to validate your own work and drive tasks to completion independently.
Demonstrable expertise in managing core compliance programs (SOC 2, ISO 27001)
Experience pursuing net-new compliance certifications and initiatives (e.g., R, C5, TISAX, IRAP).
Experience developing, drafting, and implementing security policies and standards from the ground up in a tech-focused environment, harmonizing controls across frameworks to create agile standards.
Experience leading complex security audits, serving as a primary liaison and "in-the-room" lead during internal and external audits.
Strong understanding of information security principles, risk management, and control frameworks in a cloud-first environment (AWS, GCP, Azure).
Exceptional communication and interpersonal skills, with a proven ability to build relationships and influence change across engineering, product, and business teams, and the ability to write concise, "Executive Ready" policies and risk reports.
Hands-on experience with GRC platforms and a drive to automate manual GRC workflows.
Bachelors degree in Cybersecurity, Information Technology, Law, or a related field, or equivalent practical experience.
This position is open to all candidates.