CrawlJobs Logo

GRC Lead

United States, Foster City 208000.00 - 300000.00 USD / Year · Job Posted February 18, 2026
Apply Position
Job Link Share

Job Description

We are looking for a GRC Lead to serve as the Technical Lead for our compliance and risk management ecosystem. You will architect the systems and processes that automate trust, guiding a team of GRC specialists while partnering deeply across the organization.

Job Responsibility

  • Team Leadership: Act as the technical anchor for the GRC team
  • Program Architecture: Own the technical vision for Replit’s GRC program
  • Thought Leadership: Champion a culture of security and privacy across the company
  • Engineering & Architecture: Partner with Architects and Engineering Leads to 'bake in' compliance requirements
  • Legal & Privacy: Work closely with Legal Counsel to interpret and implement requirements for Privacy and AI regulations
  • Sales & GTM: Enable the Sales team by managing the Customer Trust Center and handling complex security questionnaires
  • Auditor Relationships: Own and cultivate the primary relationship with external auditors
  • Risk Register Owner: Own the Cybersecurity Risk Register
  • Framework Evolution: Manage and evolve our compliance posture across SOC 2, ISO 27001, and prepare for future certifications
  • Pragmatic Governance: Apply judgment to operate in 'gray areas' when appropriate
  • Control Automation: Drive the shift from manual evidence collection to continuous monitoring
  • Third-Party Risk: Architect a scalable framework for assessing third-party vendors and AI model providers

Requirements

  • 8+ years of experience in GRC or Information Security
  • Leadership Experience: Proven experience mentoring other GRC professionals or leading complex cross-functional projects
  • Technical Fluency: Ability to speak the language of engineering, cloud (GCP/AWS), and security architecture
  • Regulatory Breadth: Deep experience with SOC 2, ISO 27001, PCI, HIPPA, and Privacy laws
  • Collaborative Communication: Strong ability to explain risk and tradeoffs to technical (Engineers), legal, and commercial (Sales/Execs) stakeholders
  • Automation Mindset: Experience with GRC automation tools (e.g., Vanta, Drata) and a bias toward reducing manual toil

Nice to have

Familiarity with FedRAMP, ITAR, or AI regulation is a strong plus

What we offer

  • Competitive Salary & Equity
  • 401(k) Program with a 4% match
  • Health, Dental, Vision and Life Insurance
  • Short Term and Long Term Disability
  • Paid Parental, Medical, Caregiver Leave
  • Commuter Benefits
  • Monthly Wellness Stipend
  • Autonomous Work Environment
  • In Office Set-Up Reimbursement
  • Flexible Time Off (FTO) + Holidays
  • Quarterly Team Gatherings
  • In Office Amenities

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Similar Jobs for

GRC Lead

8 matching positions

Global GRC Lead

Monte Carlo is seeking our first Global GRC Manager to lead our compliance effor...
Location
Location
Salary
Salary:
160000.00 - 210000.00 USD / Year
montecarlodata.com Logo
Monte Carlo Data
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Deep GRC Expertise: extensive knowledge of common frameworks (SOC 2, ISO 27001, NIST, GDPR, etc.) and experience managing end-to-end audit processes
  • Strong Communication Skills: translate security jargon into business language and effectively manage customer and vendor communications
  • Risk Management Mindset: balance business objectives with security requirements, prioritizing risk mitigation in a way that aligns with company goals
  • Team Player: thrive in cross-functional environments, effectively collaborating with engineering, legal, product, and other teams
  • Adaptability: flourish in a fast-paced environment, pivoting quickly when new threats, requirements, or business needs emerge
  • 5+ years of experience in a GRC or compliance-focused role, ideally in a SaaS or technology company
  • Proven track record of managing third-party risk assessments, vendor security reviews, and compliance audits
  • Expertise in compliance frameworks such as SOC 1/2, ISO 27001| 27017 | 27018 | 27701 | 42001, and GDPR
  • Relevant certifications (e.g., CISA, CISSP, CRISC, or CISM) are highly desirable
  • Excellent written and verbal communication skills with a strong attention to detail
Job Responsibility
Job Responsibility
  • Manage and respond to customer security reviews, questionnaires, and audits
  • Serve as the primary liaison for security-related inquiries from prospects, customers, and partners
  • Oversee ongoing compliance initiatives (SOC 2, ISO 27001, 27017, 27018, GDPR etc.) and maintain the risk register
  • Collaborate with cross-functional teams (Engineering, Sales, Product, HR) on risk management strategies
  • Evaluate third-party vendors, manage due diligence processes, and coordinate remediation actions
  • Develop, refine, and maintain security and compliance policies, procedures, and standards
  • Support and promote security awareness initiatives, including employee training and phishing simulations
  • Lead and coordinate internal and external audits, ensuring continuous improvement in controls
What we offer
What we offer
  • Stock Options
  • Healthcare plans
  • 401k Retirement Plan
  • Wellness Stipend
  • Home Office Stipend
  • Cell Phone or WIFI reimbursement
  • Paid Parental Leave
  • Flexible Time Off
  • Generous Travel Policy
  • Offers Equity
  • Fulltime
Read More
Arrow Right

Lead GRC Program Manager

Location
Location
United States , Austin
Salary
Salary:
Not provided
bumble.com Logo
Bumble Inc.
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Have you personally built a GRC or compliance program from the ground up in a product or technology company rather than supporting or inheriting an existing program?
  • Have you replaced a recurring manual compliance or audit control with an automated, system-driven control?
  • Have you owned external audits end to end, including control design, evidence strategy, auditor interaction, and remediation decisions?
  • Have you worked through a customer payment or sensitive data flow to determine PCI scope, storage locations, and compliance boundaries?
  • Are you comfortable owning compliance and risk decisions in a fast-moving product environment without relying on a fully implemented GRC platform or large compliance team?
  • Do you live in/within commutable distance to Austin
Read More
Arrow Right

Cyber GRC Project Lead

Help us deliver like never before  We’re looking for a Cyber Risk Advisor – Majo...
Location
Location
Australia , Richmond
Salary
Salary:
Not provided
auspost.com.au Logo
Australia Post
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Experience in cyber security, risk, or GRC within complex or program-based environments
  • Strong stakeholder engagement skills, with the ability to influence and act as a trusted advisor
  • Experience conducting or coordinating risk assessments, with an understanding of cyber frameworks and governance practices
Job Responsibility
Job Responsibility
  • Partner closely with program teams and cyber stakeholders to embed strong governance, risk and compliance practices across key transformation initiatives
  • Act as the central point of triage for cyber risk, providing insights, driving improvements, and building trusted relationships across the business
  • Lead and coordinate cyber risk assessments across major programs, acting as the central triage point for incoming work
  • Engage and influence key stakeholders to uplift cyber awareness and embed GRC practices into delivery
  • Provide timely reporting and insights on program risk posture, trends and key findings
  • Continuously improve processes through feedback and iteration to enhance how cyber GRC supports delivery
What we offer
What we offer
  • Work across high-impact, enterprise-wide transformation programs driving meaningful cyber outcomes
  • A genuinely collaborative environment where you're empowered to shape processes and ways of working
  • Opportunities to grow your capability and build trusted advisor relationships across Digital Technology and the broader business
  • Fulltime
Read More
Arrow Right

Lead Cybersecurity GRC Engineer

Lead Cybersecurity GRC Engineer role focusing on risk remediation and governance...
Location
Location
United States , New York
Salary
Salary:
225000.00 USD / Year
realign-llc.com Logo
Realign
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • CISSP certification strongly preferred (or equivalent demonstrated experience)
  • Additional certifications such as CISA, CISM are a plus
  • Experience with GRC platforms such as: ServiceNow IRM / GRC, Archer, 6clicks, Other comparable GRC tools
  • Prior exposure to regulated financial services environments (Banking / Insurance)
  • Minimum 8 years of experience in Cybersecurity and GRC, spanning multiple security domains (CISSP domains may be used as a reference framework)
  • Strong hands-on experience in risk remediation, particularly across security design, testing, compliance, BCP/DR, and third-party risk
  • Proven ability to translate policy and regulatory requirements into actionable remediation steps
  • Demonstrated experience in control testing (ToD and ToE)
  • Excellent verbal and written communication skills, with experience engaging senior leaders within banking or insurance organizations
  • Strong analytical and documentation skills with a track record of producing professional, client-ready deliverables
Job Responsibility
Job Responsibility
  • Lead and oversee cybersecurity risk remediation and governance initiatives aligned with enterprise risk and compliance requirements
  • Interpret security policies, standards, and regulatory requirements, and apply them effectively to enterprise assets and environments
  • Identify control gaps, non-compliance issues, and deviations, and drive remediation efforts to closure
  • Perform and guide security control testing, including: Test of Design (ToD), Test of Effectiveness (ToE)
  • Provide remediation guidance across key cybersecurity domains, including but not limited to: Secure architecture and security design, Security testing and validation, Secure coding and code compliance, Business Continuity Planning (BCP) and Disaster Recovery (DR), Third-Party Risk Management (TPRM)
  • Partner with technical, risk, and business stakeholders to gather and validate evidence supporting remediation and compliance activities
  • Prepare and maintain high-quality documentation such as: Policies, procedures, and SOPs, Remediation plans and guidance documents, Risk and compliance reports
  • Present findings, recommendations, and remediation strategies to senior stakeholders and decision-makers
  • Influence outcomes through clear, tactful, and data-driven communication
  • Support compliance and audit activities
  • Fulltime
Read More
Arrow Right

Director, Security GRC Program Lead

Meta is seeking a highly skilled Security GRC Program Manager to join our Risk O...
Location
Location
United States , Bellevue
Salary
Salary:
227000.00 - 287000.00 USD / Year
meta.com Logo
Meta
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Significant experience as a leader and contributor in security risk management and compliance, including providing second-line oversight
  • Strong track record of operating effectively and influencing outcomes with Engineering, Product, GRC, and Legal partners
  • Extensive experience with Governance, Risk, and Compliance (GRC) and Legal functions
  • Deep expertise in security, with the ability to holistically understand relevant issues, partners, and products, and go deep on technical details
  • Proven ability to identify critical issues, balance competing priorities, translate technical and regulatory concepts for diverse audiences, and personally drive initiatives to completion
  • In-depth knowledge of complex global regulatory requirements (e.g., GDPR, SEC, PCI-DSS, NYDFS)
  • Demonstrated ability to build strong formal and informal networks with key influencers and decision makers inside and outside the company
  • Experience working in integrated privacy-security environments or familiarity with unified GRC frameworks across multiple risk domains
Job Responsibility
Job Responsibility
  • Lead and deliver on deeply complex, high-impact projects that shape Meta's risk profile and business trajectory
  • Proactively identify long-term, critical, and ambiguous problems, setting a clear vision and strategy for risk management in alignment with company goals
  • Partner with Central Security teams to analyze, streamline, and consolidate issues and risks from all sources (1LoD, 2LoD, 3LoD, external) into a clear, prioritized list for first-line-of-defense consumption and actioning
  • Integrate security risk management with Meta's Security Prioritization Framework (SPF) and contribute to capability maturity assessments to drive risk-based prioritization across the organization
  • Define and maintain clear interfaces and points of contact with the Security organization and other key partners, ensuring efficient governance and communication
  • Prepare regular updates and compliance documents to ensure Meta meets board and regulatory obligations, adapting processes and strategies to evolving regulatory and business environments
  • Drive cross-org execution, collaborating with Risk, Security, Legal, Product, and Engineering functions to deliver results and maximize impact
  • Champion organizational efforts to build and sustain diversity, culture, recruitment, onboarding, mentoring, and development programs, serving as a role model and mentor for others
  • Integrate learnings and best practices from/to sister 2LoD organizations (e.g., Integrity GRC, Privacy GRC), and partner with Product & Engineering teams on necessary second-line-of-defense tooling within the unified GRC framework
What we offer
What we offer
  • bonus
  • equity
  • benefits
Read More
Arrow Right

Global Privacy GRC Senior Specialist

We are seeking a privacy and digital trust professional to ensure the effective ...
Location
Location
Romania , Bucuresti
Salary
Salary:
Not provided
vodafone.com Logo
Vodafone
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Results-oriented, proactive, pragmatic, and ethical, with a strong interest in privacy, programme management, and the societal impact of technology
  • Experienced in solving complex problems within large, technology-driven and regulated organisations, creating practical and repeatable solutions
  • An effective communicator with strong presentation and stakeholder engagement skills
  • Comfortable working in a matrix environment, with the ability to navigate ambiguity and competing priorities
  • Resilient and persistent, with the confidence to challenge constructively and deliver difficult messages when required
  • Highly knowledgeable in privacy and data protection laws and regulations
  • Experienced in programme management within complex, multinational organisations
  • Skilled in compliance and risk management frameworks and methodologies
  • Experienced within the technology or telecommunications sector in a global, matrix organisation
Job Responsibility
Job Responsibility
  • Prepare high-quality materials for key oversight forums, including the Group Risk and Compliance Committee, Group Policy and Compliance Committee, and Group Audit & Risk Committee
  • Oversee the annual second line assurance process for VGSL and other relevant Group entities, including contribution to the annual CEO attestation
  • Monitor and track risk mitigating actions across the business, working with risk owners to ensure privacy controls are understood and operate effectively
  • Produce regular KPI reporting with insightful analysis, including data breach trends and the impact of regulatory developments on the privacy programme
  • Plan, manage, and monitor initiatives that drive the privacy agenda, including the development and delivery of the Privacy & Digital Trust Annual Plan
  • Measure and report functional operational performance to leadership, tracking actions identified to improve outcomes
  • Track and report on internal audit actions owned by the Global Privacy Officer and the Global Privacy & Digital Trust team against agreed timelines
  • Drive operational governance with domain leads and provide clear, consistent reporting to stakeholders
  • Continuously review, simplify, standardise, centralise, and automate privacy and digital trust policies, processes, and tools, in collaboration with the wider Compliance function
  • Monitor external regulatory and industry trends, translating these into impact assessments and change proposals for relevant stakeholders
What we offer
What we offer
  • Hybrid way of working: 2 days from office per week (8 per month)
  • Medical and dental services
  • Life and hospitalization insurance
  • Dedicated employee phone subscription
  • Take control of your benefits and choose any of the following options: meal tickets / private pension / vacation vouchers / cultural vouchers - within the budget
  • Special discounts for gyms and retailers
  • Annual Company Bonus
  • Ongoing Education
  • You get to work with tried and trusted web-technology
  • 23 days off
  • Fulltime
Read More
Arrow Right

Solutions Engineer

This is a pre-sales and solutions role sitting at the intersection of compliance...
Location
Location
United Kingdom , London
Salary
Salary:
100000.00 - 120000.00 GBP / Year
jobs.360resourcing.co.uk Logo
360 Resourcing Solutions
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Prior experience working within or alongside a risk or compliance function in financial services, whether as a compliance analyst, associate, or officer, or in a consulting or advisory role serving compliance teams
  • Solid working knowledge of core compliance disciplines including regulatory change management, conflicts of interest, policy and procedure governance, and employee monitoring
  • Familiarity with the regulatory environment relevant to asset managers, wealth managers, broker-dealers, or similar regulated firms
  • Genuine curiosity about how regulation is evolving and how technology can help compliance teams keep pace
  • Confident and credible in front of senior compliance and risk stakeholders, able to lead a conversation rather than present slides
  • Able to read a room, adapt a demonstration in real time, and handle questions without losing the thread of the narrative
  • Clear written communication
  • produces documentation that is precise, well-organised, and appropriate for a client audience
  • Comfortable learning and administering SaaS platforms
  • picks up new systems quickly and applies that knowledge practically
Job Responsibility
Job Responsibility
  • Lead product demonstrations across the full Ruleguard platform, tailoring the narrative to the prospect's regulatory profile, firm type, and priority compliance obligations
  • Prepare thoroughly for each demo, researching the prospect's context and structuring the session around their specific pain points rather than a generic feature walkthrough
  • Handle functional and technical questions during demonstrations with confidence, distinguishing clearly between current platform capability and the product roadmap
  • Work with sales colleagues to plan and sequence the pre-sales process, advising on when and how to deploy demonstrations, proof-of-concept exercises, and follow-up sessions
  • Coach and support sales colleagues through demonstrations where a subject matter lead is not present, providing briefing materials, talk tracks, and objection-handling guidance
  • Configure AI agents using goals, intent, constraints, guardrails and context to demonstrate real efficiencies that this technology can bring to our clients
  • Translate prospect requirements into clear, well-structured solution design and scoping documents for internal use and client presentation
  • Map client workflows to platform capabilities, identifying where configuration can meet requirements directly, where bespoke approaches are needed, and where gaps exist
  • Contribute to proposal and RFP responses, providing the functional and technical content that underpins the commercial offer
  • Collaborate closely with Product and Engineering teams to surface recurring customer requirements, implementation patterns, and opportunities for product enhancement
  • Fulltime
Read More
Arrow Right
New

Sap Basis Administrator

We are expanding the SAP team of our global client and looking for a Senior SAP ...
Location
Location
Hungary , Budapest
Salary
Salary:
Not provided
https://www.randstad.com Logo
Randstad
Expiration Date
September 30, 2026
Flip Icon
Requirements
Requirements
  • 5 years of SAP Basis experience
  • Proven ability to support basis and Security on latest versions of SAP applications and SAP cloud platforms
  • Demonstrated experience in SAP new installations, performing application upgrades and problem solving techniques
  • Strong Basis skills on SAP applications versions of SAP ECC, S/4 Hana
  • Experience in deploying SAP applications on AWS (Amazon Web Services) and SAP Cloud Platform
  • Must have strong SAP Basis skills on Operating Systems Windows, Linux, Database with Hana, MS SQL and Oracle database
  • Working knowledge on SAP Solution Manager, CHaRM and SAP dialog and batch job processes
  • Must be able to perform independently all standard SAP Basis Administrator duties including installations, upgrades, migrations, patches, system copies, application refreshes, user administration, printer setup, batch job scheduling and other ongoing duties
  • Undedrstanding of SAP security roles, profiles, nice to have Knowledge in GRC functionality and capabilities
  • Ability to work individually (self-motivated) and within a team environment
Job Responsibility
Job Responsibility
  • Execute SAP Basis administration tasks in line with project requirements, timelines, and expectations
  • Partner with business process owners and SAP functional teams to configure ECC 6.0 and/or S/4HANA systems according to project needs
  • Collaborate closely with the Basis team, as well as network, SAP functional, ABAP, and security teams, to ensure end-to-end project delivery
  • Provide regular reporting and review of activities in alignment with project scope and IT technical lead expectations
  • Ensure timely delivery of Basis configurations and system installations within the project scope
  • Deliver and support resolution of project-related incidents and defects
  • Work with external and cross-functional team members to implement solutions in line with business requirements and functional specifications
  • Perform application monitoring, troubleshooting, and tuning to ensure high availability, and performance standards are met
  • Collaborate with the Architecture team to design and implement solutions that meet evolving business needs
What we offer
What we offer
  • Hybrid flexibility: At least 1 office day/week
  • Competitive compensation: We value your expertise and reward it accordingly
  • International & global exposure: Work in a multicultural environment on impactful, global projects
  • Senior-level expertise: Collaborate with and learn from a highly skilled senior team
  • Commitment to quality: Engage in high-standard, meaningful professional work
  • Fulltime
Read More
Arrow Right