Source Job

$150,000–$170,000/yr
US Unlimited PTO

  • Lead the governance, risk, and compliance function across security policies, standards, risk management, audits, and third-party risk.
  • Own audit readiness and ongoing compliance programs across frameworks such as SOC 2, ISO 27001, GovRAMP, PCI DSS, HIPAA, NIST CSF, and more.
  • Manage third-party and supply chain risk management, including vendor security reviews, due diligence, and remediation tracking.

Risk Management Compliance Audit

20 jobs similar to Manager, Governance, Risk & Compliance

Jobs ranked by similarity.

$198,238–$233,221/yr
US

  • Own and manage the compliance program including SOC 2 and ISO 27001 readiness and audits.
  • Lead risk assessments, control testing, and enterprise risk management processes.
  • Partner with Engineering, Security, Product, Legal, HR, and Operations to embed compliance into business processes.

Calendly is a scheduling platform used by millions to automate meetings and streamline time management. They are a rapidly growing SaaS company fostering a culture of learning and high performance.

Canada Europe Unlimited PTO

  • Support active and upcoming audits including ISO 27001, SOC 2, PCI DSS, and HIPAA by coordinating evidence and working with control owners.
  • Conduct risk assessments, update risk registers, track remediation, and perform third-party risk management reviews.
  • Respond to customer and prospect security/compliance questions and improve repeatable processes and evidence quality.

Upsun is the cloud application platform for hybrid teams, enabling developers to build, ship, and scale confidently without managing backend infrastructure. The company has a remote, global workforce and fosters a multicultural, open, and inclusive culture with a focus on open source and innovation.

US 5w PTO

  • Take ownership of building and scaling comprehensive security, privacy, and compliance programs that protect customer data.
  • Lead compliance initiatives such as SOC 2 Type 2 audits and evaluate additional frameworks like ISO 27001 and HIPAA.
  • Build scalable automated security processes by replacing manual tasks with scripts, APIs, and AI-powered solutions.

Our partner is a technology company focused on building secure, scalable systems. They operate with a remote, collaborative culture emphasizing ownership, transparency, and continuous improvement, with around 50–300 employees.

$147,800–$164,000/yr
Global 18w maternity 16w paternity

  • Serve as a primary compliance resource embedded in the Alma-to-Spring Health integration, mapping control environments and building a unified compliance organization.
  • Own and lead enterprise-level compliance programs including SOC 2 Type II, HITRUST, HIPAA, GDPR, ISO 27001, ISO 42001, and ITGC-SOX.
  • Develop and operationalize Spring Health's AI governance program, including policies, risk frameworks, and AI-specific compliance documentation.

Spring Health is a global mental health company on a mission to eliminate every barrier to mental health. With outcomes independently validated by JAMA Network Open, Spring Health reaches more than 170 million people worldwide through leading employers, health plans, and partners.

$110,100–$143,100/yr
North America

  • Defines program goals, governance frameworks, and measurable objectives for cyber risk and compliance programs.
  • Manages user attestations, third-party risk, cyber contract negotiation, and coordination of IT audits/assessments.
  • Implements GRC tooling and monitors program effectiveness through KPIs, QA reviews, and control testing.

Velera is a credit union service organization providing fintech solutions to over 4,000 financial institutions. The company fosters a remote-first, inclusive culture with a focus on employee wellbeing and belonging.

US

  • Develop and maintain the enterprise IT GRC strategy, framework, and roadmap, presenting updates to executive leadership.
  • Lead enterprise IT risk assessments, maintain risk registers, and oversee remediation efforts.
  • Ensure compliance with regulations like NIST, ISO 27001, SOC, PCI-DSS, HIPAA, GDPR, and SOX.

Mission Critical Group is an end-to-end power solutions and services provider that accelerates time-to-power for mission critical environments. With over 1.5 million square feet of U.S. manufacturing capacity, the company supports data centers, healthcare, and industrial facilities where uptime is non-negotiable.

India

  • Manage internal audits and support external compliance assessments across business functions.
  • Perform gap analyses and track remediation actions for compliance frameworks.
  • Maintain and improve compliance documentation, policies, and risk registers.

Our partner is a growing SaaS organization serving global industries. It fosters a collaborative and inclusive culture with a focus on employee development and well-being.

$120,000–$140,000/yr
US

  • Conduct IT and cybersecurity risk assessments across systems, applications, and business processes.
  • Lead audit readiness activities for frameworks like SOC 2, HIPAA, and NYDFS.
  • Manage security policies, third-party vendor assessments, and develop risk dashboards.

Jobgether uses an AI-powered matching process to connect candidates with hiring companies. They focus on efficient, objective application review and are a remote-first organization.

$132,000–$165,000/yr
US Unlimited PTO

  • Manage and support compliance certifications including SOC 2, HITRUST, and ISO 27001 audits across the audit lifecycle.
  • Serve as the subject matter expert across the company on compliance frameworks and primary point of contact for external auditors.
  • Maintain the risk register, drive risk identification and reporting, and scale GRC function with AI and automation.

Garner transforms the healthcare economy by partnering with employers to redesign healthcare benefits using data-driven insights. It is a fast-growing healthcare technology company with a mission-driven team focused on making healthcare more affordable and high-quality.

Global

  • Own RMF authorizations across Department of War components and FedRAMP High, alongside CMMC 2.0 and SOC 2 compliance for corporate systems.
  • Maintain authorization and audit evidence, including SSPs, SARs, POA&Ms, STIGs, and control mappings.
  • Partner with Engineering, Product, and Security to embed compliance requirements into system design and CI/CD workflows.

Onebrief builds collaboration and AI-powered workflow software for military planning and operational coordination. Founded in 2019, valued at over $2 billion, they are a distributed team of builders from military, operational, and technology backgrounds.

India

  • Manage and conduct internal and external compliance audits for frameworks like ISO, SOC, and NIST.
  • Work with global teams to implement and update compliance controls, policies, and training.
  • Stay updated on regulatory changes and perform gap analysis to maintain certifications.

QAD is building a world-class SaaS company that solves real-world problems in manufacturing and supply chain. They are a growing, virtual-first company with a collaborative culture that values idea-sharing and growth.

Global

  • Manage the Compliance and Security workstream within a telecom transformation program, coordinating SOC 2, ISO/IEC 27001, and GDPR readiness activities.
  • Build and maintain the workstream plan with milestones, deliverables, and RAID logs, while driving evidence collection and control-owner alignment.
  • Facilitate workshops, track remediation across multiple domains, and ensure alignment with adjacent program streams and governance forums.

Miratech helps visionaries change the world as a global IT services and consulting company supporting digital transformation for large enterprises. With nearly 1000 professionals operating across 25+ countries and a 99% project success rate, their culture emphasizes relentless performance and growth.

$112,700–$180,300/yr
US

  • Lead end-to-end third-party audits, evidence collection, and compliance onboarding for new products and features.
  • Partner with cross-functional teams to design and validate internal controls across SOX, SOC, HIPAA, and PCI frameworks.
  • Drive continuous improvement by standardizing processes, reducing manual effort, and collaborating on automated compliance monitoring.

Jobgether uses AI-powered matching to streamline job applications. They are a company focused on connecting candidates with hiring employers through automated shortlisting, with a transparent and flexible work culture.

$130,000–$145,000/yr
US Unlimited PTO 20w maternity 12w paternity

  • Support and scale the Assurance & Compliance function through an engineering-driven, automation-first approach.
  • Partner with Engineering, Security, Legal, and other teams to support compliance programs and audit readiness.
  • Help transform compliance into a continuous, measurable capability embedded into operations.

Flock builds technology that reduces crime and protects privacy, partnering with cities, businesses, schools, and neighborhoods. With over $1B in funding and an $8.3B valuation, the company is a high-performance team united by urgency, ownership, and a shared commitment to meaningful impact.

GRC Manager

Runway
US

  • Design and implement a comprehensive GRC framework addressing both traditional security controls and novel AI safety considerations.
  • Lead engagements with external auditors to obtain critical security certifications like SOC 2, ISO 27001/27701/42001, and FedRAMP.
  • Partner with AI research teams to develop and implement appropriate safeguards and controls for machine learning systems.

Runway builds AI to simulate the world through merging art and science, focusing on world models for progress in artificial intelligence. Our team consists of creative, open-minded, caring, and ambitious people determined to change the world, striving to continuously build impossible things.

$190,000–$210,000/yr
Global

  • Own Filevine's FedRAMP 20x strategy and execution, including evidence automation, continuous monitoring, and certification readiness.
  • Drive the security compliance and trust program across FedRAMP, SOC 2, ISO, HIPAA, and PCI-DSS, converting obligations into engineering work.
  • Lead cross-functional alignment and executive reporting to ensure compliance, privacy, and security priorities are shipped on time.

Filevine is a Legal AI company delivering Legal Operating Intelligence for the future of legal work. Fueled by a team of exceptional collaborators and innovators, Filevine’s rapid growth has earned AI awards and recognition from Deloitte and Inc. as one of the most innovative and fastest-growing technology companies in the country.

US

  • Monitor security alerts, vulnerabilities, and incidents across enterprise systems and assist in incident response.
  • Maintain compliance with standards such as NIST CSF, ISO 27001, and SOC 2 through audits and policy development.
  • Conduct security risk assessments, evaluate controls, and track remediation plans.

Mission Critical Group is an end-to-end power solutions and services provider that accelerates time-to-power for mission critical environments. With over 1.5 million square feet of U.S. manufacturing capacity, they support data centers, healthcare, and industrial facilities.

US 24w maternity 24w paternity

  • Own the end-to-end GRC strategy and roadmap, driving compliance maturity and reducing audit risk.
  • Design and implement policy-as-code systems, translating compliance frameworks into enforceable code.
  • Lead full audit cycles, manage evidence collection, and architect GRC platform strategy for continuous compliance.

Smartsheet empowers teams to manage work and scale solutions, now uniting human teams with AI agents to automate tasks and uncover insights. With a history of over 20 years, the company fosters a culture of inclusion, creativity, and big thinking, offering professional growth and a supportive environment.

United States Unlimited PTO

  • Partner with the CISO to drive security strategy, roadmap, and execution across application security, GRC, and operations.
  • Support compliance initiatives including PCI, SOC 2, ISO 27001, DORA, and FedRAMP readiness.
  • Serve as a trusted security leader in customer-facing settings, translating technical risks into business language.

Sardine is the leading agentic risk platform for fighting financial crime, integrating data across risk teams to stop fraud and automate AML operations. With over 6 billion profiled devices and 800 million consumers, we maintain a remote-first culture that values performance over hours worked.

US Unlimited PTO 16w maternity 16w paternity

  • Drive the continuous maturation of the TPRM program, transforming it into a proactive security partnership.
  • Architect and govern the security strategy for the BPO and contingent worker ecosystem.
  • Design and build process automations to optimize and scale the TPRM program for fast-moving priorities.

DoorDash is a technology and logistics company that empowers local economies by enabling door-to-door delivery of goods. They are building a team of great minds to secure a 24x7 global infrastructure and are committed to diversity and inclusion.