Source Job

Global 5w PTO

  • Own and automate our GRC program, including SOC 2 audits, risk assessments, and vendor security reviews.
  • Drive internal security across identity, device management, access reviews, and incident response.
  • Build customer-facing trust resources and coordinate product security audits with engineering.

GRC SOC 2 Incident Response Automation

13 jobs similar to GRC and Security Program Manager

Jobs ranked by similarity.

US 5w PTO

  • Take ownership of building and scaling comprehensive security, privacy, and compliance programs that protect customer data.
  • Lead compliance initiatives such as SOC 2 Type 2 audits and evaluate additional frameworks like ISO 27001 and HIPAA.
  • Build scalable automated security processes by replacing manual tasks with scripts, APIs, and AI-powered solutions.

Our partner is a technology company focused on building secure, scalable systems. They operate with a remote, collaborative culture emphasizing ownership, transparency, and continuous improvement, with around 50–300 employees.

US 4w PTO

  • Own and continuously mature the company risk register, designing AI-assisted workflows for real-time risk posture.
  • Lead external audit management (SOC 2 Type II) and automate evidence collection pipelines in Vanta.
  • Engineer the Trust and Assurance program for scale, including automated vendor risk intake and AI-assisted response generation.

ButterflyMX empowers people to open and manage doors & gates from a smartphone, with products installed in over 20,000 properties worldwide. As a distributed, primarily remote workforce, they seek intelligent, passionate, and collaborative individuals driven by shared commitment to excellence and innovation.

$136,000–$169,000/yr
US

  • Manage security compliance programs against frameworks like PCI-DSS, NIST, and SOC 1/2, leveraging automation tools for continuous assessment.
  • Oversee identity and access management, including automated provisioning audits and anomaly detection.
  • Collaborate with engineering, DevOps, and product teams to integrate compliance into CI/CD and cloud infrastructure.

Prosper is a FinTech company focused on improving financial well-being. It is a growing company with a collaborative culture and offers resources for professional growth and holistic well-being.

$110,100–$143,100/yr
North America

  • Defines program goals, governance frameworks, and measurable objectives for cyber risk and compliance programs.
  • Manages user attestations, third-party risk, cyber contract negotiation, and coordination of IT audits/assessments.
  • Implements GRC tooling and monitors program effectiveness through KPIs, QA reviews, and control testing.

Velera is a credit union service organization providing fintech solutions to over 4,000 financial institutions. The company fosters a remote-first, inclusive culture with a focus on employee wellbeing and belonging.

$132,000–$165,000/yr
US Unlimited PTO

  • Manage and support compliance certifications including SOC 2, HITRUST, and ISO 27001 audits across the audit lifecycle.
  • Serve as the subject matter expert across the company on compliance frameworks and primary point of contact for external auditors.
  • Maintain the risk register, drive risk identification and reporting, and scale GRC function with AI and automation.

Garner transforms the healthcare economy by partnering with employers to redesign healthcare benefits using data-driven insights. It is a fast-growing healthcare technology company with a mission-driven team focused on making healthcare more affordable and high-quality.

$130,000–$145,000/yr
US Unlimited PTO 20w maternity 12w paternity

  • Support and scale the Assurance & Compliance function through an engineering-driven, automation-first approach.
  • Partner with Engineering, Security, Legal, and other teams to support compliance programs and audit readiness.
  • Help transform compliance into a continuous, measurable capability embedded into operations.

Flock builds technology that reduces crime and protects privacy, partnering with cities, businesses, schools, and neighborhoods. With over $1B in funding and an $8.3B valuation, the company is a high-performance team united by urgency, ownership, and a shared commitment to meaningful impact.

US 24w maternity 24w paternity

  • Own the end-to-end GRC strategy and roadmap, driving compliance maturity and reducing audit risk.
  • Design and implement policy-as-code systems, translating compliance frameworks into enforceable code.
  • Lead full audit cycles, manage evidence collection, and architect GRC platform strategy for continuous compliance.

Smartsheet empowers teams to manage work and scale solutions, now uniting human teams with AI agents to automate tasks and uncover insights. With a history of over 20 years, the company fosters a culture of inclusion, creativity, and big thinking, offering professional growth and a supportive environment.

Global

  • Own the strategic direction and roadmap for Confluent's internal access management program, with machine and workload identity as the durable center of gravity.
  • Lead the program to enforce service-to-service authentication and formalize non-human identity from pilot into a funded, governed program.
  • Drive access governance standards, metrics, and executive reporting cadence to maintain a coherent access posture.

Confluent is a data streaming platform that puts information in motion in near real-time, enabling companies to react faster and build smarter. It is an IBM subsidiary with a culture of collaboration, diversity, and curiosity, where no egos or solo acts exist.

GRC Manager

Runway
US

  • Design and implement a comprehensive GRC framework addressing both traditional security controls and novel AI safety considerations.
  • Lead engagements with external auditors to obtain critical security certifications like SOC 2, ISO 27001/27701/42001, and FedRAMP.
  • Partner with AI research teams to develop and implement appropriate safeguards and controls for machine learning systems.

Runway builds AI to simulate the world through merging art and science, focusing on world models for progress in artificial intelligence. Our team consists of creative, open-minded, caring, and ambitious people determined to change the world, striving to continuously build impossible things.

India Unlimited PTO

  • Own delivery for standard-framework GRC engagements including ISO 27001, SOC 2, GDPR, and PCI DSS.
  • Build and maintain reusable IP such as templates, control-mapping libraries, and AI-assisted playbooks.
  • Own commercial outcomes including pricing, utilization, margin, and delivery forecasting for your own engagement book.

Sprinto is an Autonomous Trust Platform that centralizes trust requirements across security frameworks, vendors, and customers. Backed by top-tier investors such as Accel, Elevation, and Blume Ventures, they have raised $31.8M in funding and are trusted by over 3,000 organizations across 75 countries, with a remote culture organized around problems rather than job titles.

$165,000–$210,000/yr
US Unlimited PTO

  • Lead control program maturity by designing an auditable framework fitting ezCater's SaaS, cloud, data, and engineering environment.
  • Build continuous control monitoring and automation by partnering with engineering teams to implement automated testing and evidence collection.
  • Expand data security policy and program quality by defining clear, enforceable policies tied to technical practices and operating cadences.

ezCater is the #1 food tech platform for workplaces in the US, making it easy for organizations to manage food needs and order from over 125,000 restaurants nationwide. The company values work/life harmony and offers a collaborative, innovative environment with passionate colleagues.

$51,840–$64,800/yr
Europe

  • Support the ISO 27001 program by maintaining audit readiness, running evidence collection, and managing access reviews.
  • Perform recurring security operations including vulnerability scanning, risk assessments, and vendor reviews.
  • Collaborate cross-functionally to harden identity and access management, respond to security questionnaires, and support AI governance initiatives.

Didomi is a consent management platform that helps companies manage user consent and data privacy. The company is a growing SaaS organization with a collaborative culture, emphasizing automation and efficiency.

United States Unlimited PTO

  • Partner with the CISO to drive security strategy, roadmap, and execution across application security, GRC, and operations.
  • Support compliance initiatives including PCI, SOC 2, ISO 27001, DORA, and FedRAMP readiness.
  • Serve as a trusted security leader in customer-facing settings, translating technical risks into business language.

Sardine is the leading agentic risk platform for fighting financial crime, integrating data across risk teams to stop fraud and automate AML operations. With over 6 billion profiled devices and 800 million consumers, we maintain a remote-first culture that values performance over hours worked.