Associate Manager, Security Compliance (GRC)

The Associate Manager of Security Compliance (GRC) is responsible for developing, implementing, and maintaining comprehensive GRC frameworks that align with industry standards and organizational objectives. Key responsibilities include contributing to strategy, roadmap, and lifecycle management of GRC tooling, partnering with teams to embed GRC controls early in the software development lifecycle, and identifying opportunities for automating and integrating risk and compliance activities within engineering and business workflows. This role involves setting clear performance expectations and cultivating a culture of innovation. The role also includes delivering projects such as maintaining continuous monitoring activities, reviewing control language and policy updates, implementing key controls, developing and tracking remediation of items on the risk register, and coordinating external audits for SOC2, ISO27001, ISO27701, and other frameworks. The role also includes manage vendor security evaluations.