CrawlJobs Logo

Lead Security GRC Program Manager

bumble.com Logo

Bumble Inc.

Location Icon

Location:
United States , Austin

Category Icon
Category:
IT - Administration

Job Type Icon

Contract Type:
Not provided

Salary Icon

Salary:

145000.00 - 180000.00 USD / Year
Save Job
Save Icon
Apply Position

Job Description:

At Bumble, we’re building secure, AI-driven systems that empower connection and trust globally. Security and privacy are at the heart of that mission. We’re seeking a Lead Security GRC Program Manager to lead our PCI, SOX, ITGC, and GDPR programs, driving audit excellence, automation maturity, and cross-functional compliance alignment across Bumble’s products and infrastructure. This role is ideal for someone who thrives in fast-moving environments and knows how to transform compliance from a checkpoint into a scalable, automated enabler of trust.

Job Responsibility:

  • Own Bumble’s Core Compliance Programs: Lead end-to-end management of PCI, SOX, ITGC, and GDPR frameworks — from annual audit planning through evidence collection, remediation, and executive reporting
  • Drive Audit Efficiency & Automation: Partner with Security Engineering, Finance IT, and Product teams to automate evidence workflows, control attestations, and testing pipelines via tools such as Drata, Vanta, or ServiceNow GRC
  • Lead SOX & ITGC Program Delivery: Co-own SOX ITGC compliance with Finance IT, directly manage external audit partners, and maintain strong control hygiene across identity, change management, and infrastructure layers
  • Oversee PCI Compliance Operations: Maintain Bumble’s PCI program scope, manage annual assessments, and coordinate with payments and infrastructure teams to ensure ongoing adherence and minimal audit fatigue
  • Steward GDPR Alignment: Partner with Legal, Privacy, and Data Engineering to operationalize GDPR requirements, ensuring data protection principles and privacy-by-design controls are consistently validated
  • Report Risk & Remediation Metrics: Build dashboards and KPI reports that provide visibility into audit readiness, control performance, and remediation progress for executive stakeholders

Requirements:

  • 6+ years of experience in Security GRC, audit, or compliance within a cloud-native or technology-driven environment
  • Proven ownership of PCI, SOX, ITGC, and GDPR compliance programs — from planning through audit closure
  • Demonstrated success driving measurable improvements in audit efficiency, control maturity, or automation adoption
  • Strong working knowledge of cloud architectures, including hands-on experience operating in GCP environments
  • Experience with AWS is a plus
  • Strong grasp of common ITGC control areas, including access management, change management, and incident response
  • Experience integrating GRC tools with engineering systems (e.g., CI/CD pipelines, Jira, Slack, or identity platforms like Okta)
  • Ability to design or refine control automation workflows and collaborate with engineers on technical control implementation
  • Practical understanding of data flow mapping and system-of-record validation to support GDPR evidence and privacy controls
  • Track record of leading multi-stakeholder audits (Finance, Legal, Engineering, Privacy) and aligning diverse teams on deadlines and deliverables
  • Skilled at presenting complex audit or risk topics to executive leadership using concise, data-driven insights
  • Capable of drafting clear, audit-ready documentation and control narratives without excessive bureaucracy
  • Automation-first mindset
  • Business-aligned mindset
  • Outcome-driven mindset
  • Collaborative mindset

Nice to have:

  • Hands-on experience automating evidence collection or audit testing workflows
  • Familiarity with data protection impact assessments (DPIAs) and GDPR privacy operations
  • Experience building or maintaining risk registers, executive dashboards, or compliance OKRs/KPIs
  • Certifications such as CISA, CISM, CISSP, CRISC, or ISO Lead Auditor
  • Background in payments, fintech, or regulated SaaS environments
What we offer:
  • Maven Fertility: $10,000 lifetime benefit opportunity for reproductive journey support
  • Family & compassionate paid leave
  • 26 weeks parental leave for primary caregiver
  • 26 weeks paid leave for secondary caregiver after 1 year of employment
  • Unlimited paid time off
  • Company-wide week off
  • Focus Fridays

Additional Information:

Job Posted:
February 18, 2026

Employment Type:
Fulltime
Work Type:
Hybrid work
Icon
Bumble Inc. - All Job Offers
Job Link Share:
Copy Link Icon
Facebook Icon Twitter Icon LinkedIn Icon

Looking for more opportunities? Search for other job offers that match your skills and interests.

Briefcase Icon

Similar Jobs for Lead Security GRC Program Manager

Program Manager

Come join our growing team and make a difference every day! AnaVation is seeking...
Location
Location
United States , Washington, DC
Salary
Salary:
Not provided
anavationllc.com Logo
AnaVation
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s or master’s degree in Project Management, Information Systems, Cybersecurity, Business Administration, or a related field preferred
  • In lieu of a degree, at least ten (10) years of progressively responsible program management experience in federal IT or cybersecurity environments is required
  • A minimum of eight (8) years of overall experience
  • At least five (5) years of experience managing cybersecurity and Governance, Risk, and Compliance (GRC)-specific programs on large federal enterprise systems
  • Project Management Professional (PMP) certification is required
  • Certified Information Systems Security Professional (CISSP) certification is required
  • Proven experience leading cross-functional technical teams in a cybersecurity or RMF-compliant environment
  • Project or task management experience and the ability to perform standard project management tasks
  • Must have excellent written and verbal communication skills and the ability to produce deliverables of high quality without oversight
  • Strong understanding of NIST SP 800-53, RMF, FISMA, federal cybersecurity policy, ATO processes, etc.
Job Responsibility
Job Responsibility
  • Provide overall program leadership and oversight across all contract activities
  • Manage day-to-day operations, team schedules, and performance metrics
  • Serve as the primary interface with stakeholders, including the COR and GTM
  • Ensure timely submission of weekly activity reports, deliverables, and quality control plans
  • Develop and execute transition plans, staffing plans, and strategic recommendations
  • Monitor financial status, operational risks, and program milestones
  • Review ISSO outputs for completeness, accuracy, and compliance with RMF and standards
  • Coordinate training, leave schedules, and ensure contract staffing remains at required levels
  • Lead quality assurance activities and maintain program documentation
  • Evaluate and support special projects to enhance program efficiency or cybersecurity posture
What we offer
What we offer
  • Generous cost sharing for medical insurance for the employee and dependents
  • 100% company paid dental insurance for employees and dependents
  • 100% company paid long-term and short term disability insurance
  • 100% company paid vision insurance for employees and dependents
  • 401k plan with generous match and 100% immediate vesting
  • Competitive Pay
  • Generous paid leave and holiday package
  • Tuition and training reimbursement
  • Life and AD&D Insurance
  • Fulltime
Read More
Arrow Right

Security Strategy and Risk Management Head of Department

The Security Strategy and Risk Management Head of Department is a senior leaders...
Location
Location
United States , Irvine
Salary
Salary:
181240.00 - 259160.00 USD / Year
haeaus.com Logo
Hyundai AutoEver America
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 15–20 years of progressive experience across Information Security, GRC/Risk Management, customer/vendor security management and/or strategic operations
  • Bachelor’s degree in Cybersecurity, Information Technology, Risk Management, Business Administration or a related discipline
  • Excellent stakeholder management, communication, and leadership skills
  • Demonstrated experience working across multi-disciplinary teams to achieve common objectives
  • Proficient in English for effective communication and coordination
Job Responsibility
Job Responsibility
  • Lead enterprise-wide risk assessment, risk issue management, and risk exception management
  • Maintain and enhance risk management frameworks aligned with industry best practices
  • Deliver insightful, data-driven risk reporting to senior leadership
  • Oversee the Information Security compliance and control assurance program
  • Lead coordination of internal and external audits, assessments, and certification processes
  • Lead the Third-Party Risk Management (TPRM) program
  • Oversee creation, governance, maintenance, and communication of Information Security policies, standards, and procedures
  • Direct the Information Security Training and Awareness program
  • Partner with the CISO to define and maintain the Information Security strategic roadmap
  • Lead budget planning, forecasting, tracking, and optimization for the full Information Security organization
  • Fulltime
Read More
Arrow Right

Cyber Manager's Control Assessment (MCA) Lead Analyst

This role will report to the Cybersecurity MCA Group Manager, responsible for pr...
Location
Location
Hungary , Budapest
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Have at least 8+ years of relevant experience
  • Experience in Manager’s Control Assessment (MCA), Operational Risk, Information Security, Cybersecurity, Risk Management, and/or Governance, Risk and Control (GRC)
  • Risk Management, Cybersecurity, and/or Project Management certifications are a plus (e.g. CRISC, CISA, CISM, CISSP, PMP)
  • Proven experience in implementing sustainable solutions and improving processes
  • Bring creative approaches to help us drive value for clients
  • Ability to influence decisions with senior leadership and business partners when confronted with differing opinions on information security risks
  • Proficiency with Microsoft Office, advanced Excel skills (e.g. macros, pivots, complex formulas)
  • Knowledge of data visualization/analytics business applications such as Tableau, QlikView, and Microsoft Power BI
  • Familiarity with Machine Learning and Artificial Intelligence (AI) is a plus
  • Fluent in English (ability to read, write, and speak)
Job Responsibility
Job Responsibility
  • Manage the planning, coordination, and execution of MCA Transformation program for CISO
  • Drive MCA best practices, transformation, and execution consistency across business/functions
  • Lead efforts in Global Process MCA Profiles (GPMPs) and Continuous Risk Management (CRM) for CISO
  • Gain expert-level knowledge of MCA Standard, Procedure, and tools to support future-state MCA
  • Support CISO Business Processes, Control Owners, and Global Assessment Unit (GAU) Owners in their responsibilities related to MCA execution
  • Identify and document key controls necessary for mitigation of cybersecurity risk
  • Be a hands-on Subject Matter Expert (SME) with the ability to drive problem solving and root cause analyses, simplify complex messages and summarize key points
  • Partner with CISO’s Enterprise Architecture Methodology (EAM) Lead team by which taxonomies and processes interlink with each other, establishing a multifaceted matrix to inform decision-making and simplification
  • Foster constructive dialogue and facilitate open discussion, sharing of knowledge and experience with customers and stakeholders
  • Actively manage relationships with CISO business partners and risk management teams to achieve sustained success
What we offer
What we offer
  • Cafeteria Program
  • Home Office Allowance (for colleagues working in hybrid work models)
  • Paid Parental Leave Program (maternity and paternity leave)
  • Private Medical Care Program and onsite medical rooms at our offices
  • Pension Plan Contribution to voluntary pension fund
  • Group Life Insurance
  • Employee Assistance Program
  • Access to a wide variety of learning and development programs, online course libraries and upskilling platforms, such as Udemy and Degreed
  • Flexible work arrangements to support you in managing work - life balance
  • Career progression opportunities across geographies and business lines
  • Fulltime
Read More
Arrow Right

Information Security Officer

Elevate Our Security Posture: Join Us as an Information Security Officer. Are yo...
Location
Location
Poland , Łódź
Salary
Salary:
Not provided
arrive.com Logo
Arrive
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's degree in Computer Science, Information Security, or a related field
  • 5+ years of experience in an information security role, with at least 2 years in a leadership position
  • Relevant certifications (CRISC, CISSP, CISA, CISM) are preferred
  • Strategic Mindset: Deep understanding of business goals and objectives, with the ability to align cybersecurity risk management with overall business strategy
  • Risk Management Expertise: Proven ability to identify, assess, and prioritize cybersecurity risks
  • Technical Proficiency: In-depth knowledge of cybersecurity principles, security controls, incident response, and industry frameworks
  • Communication & Collaboration: Excellent communication skills, with the ability to translate complex technical concepts for non-technical audiences
  • Leadership: Proven ability to lead and mentor a team of security professionals
  • Thrive in a Fast-Paced Environment: Experience contributing to and managing cybersecurity within a high-growth company
Job Responsibility
Job Responsibility
  • Risk Management: Proactively identify, assess, and mitigate security risks and vulnerabilities
  • Security Awareness: Develop and deliver engaging training programs to educate employees on security best practices
  • Compliance: Ensure adherence to relevant security standards and regulations (ISO 27001, PCI DSS, GDPR)
  • Policy & Procedure Development: Lead the creation and maintenance of clear and concise security policies and procedures
  • Third-Party Risk Management: Assess and manage the security posture of third-party vendors and partners
  • Data Protection: Define requirements and contribute to implementing Data Loss Prevention (DLP) solutions
  • Security Frameworks: Contribute to the adoption and implementation of industry-leading security frameworks (NIST, CIS)
  • Business Partnership: Collaborate closely with business units to understand their security needs and align with the overall security strategy
  • GRC Program: Operate and mature our Governance, Risk, and Compliance (GRC) program
  • Leadership & Collaboration: Lead and mentor a team of security professionals, fostering a culture of collaboration and continuous improvement
Read More
Arrow Right

Digital Resilience and IT Risk Manager

Our COO Functional Risk Management team embedded in the Digital Resilience Area ...
Location
Location
Spain , Barcelona
Salary
Salary:
Not provided
https://www.allianz.com Logo
Allianz
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Experience in using GRC tools and reporting tools (e.g., PowerBI)
  • A solid track record of achievement and continues development (can be any academic, professional, and/or sport)
  • Strong understanding of risk management frameworks and methodologies
  • Data-driven mindset with experience in data analysis and interpretation
  • excellent analytical and problem-solving skills
  • An organized and methodological approach with strong interpersonal skills
  • Possess a strong sense of curiosity and the ability to think creatively and innovatively
  • 4+ years of experience in Operational, IT, or Information Security (IS) Risk Management, Management Consulting, IT Governance, or a related field
  • Bachelor’s degree or higher in Information Technology, Engineering, Economics, Risk Management, Business Administration, or any related field
Job Responsibility
Job Responsibility
  • Support, coordinate and oversee information Risk Management Lifecycle activities performed by the 1st LoD
  • Actively contributes to identifying improvements and assist in adapting the Risk Management frameworks to address our rapidly evolving risk landscape
  • Coordinate thorough risk assessments to identify, evaluate and mitigate information risks across the organization
  • Ensure adherence to relevant regulatory requirements and internal policies related to information risk management as well as preparing detailed reports and presentations on risk findings, trends and recommendations for senior management and stakeholders
  • Utilize data analytics to support risk assessments, decision-making processes and to drive insights that enhance risk management strategies
  • Work closely with various business units, IT, IS, Risk and compliance teams to ensure alignment and integration of risk management practices
  • Utilize new technologies and feature within our organizational setup to enhance, scale, and optimize existing risk management processes
  • Develop and deliver training programs to enhance awareness and understanding of information risk management across the organization
  • Foster a risk-driven culture and advocate for the benefits of risk management whilst engaging with leadership and functional leads to ensure alignment and support
What we offer
What we offer
  • We offer a hybrid work model which recognizes the value of striking a balance between in-person collaboration and remote working incl. up to 25 days per year working from abroad
  • We believe in rewarding performance and our compensation and benefits package includes a company bonus scheme, pension, employee shares program and multiple employee discounts (details vary by location)
  • From career development and digital learning programs to international career mobility, we offer lifelong learning for our employees worldwide and an environment where innovation, delivery and empowerment are fostered
  • Flexible working, health and wellbeing offers (including healthcare and parental leave benefits) support to balance family and career and help our people return from career breaks with experience that nothing else can teach
  • Fulltime
Read More
Arrow Right

Director - Governance, Risk and Compliance

We are a fast-growing fintech company seeking a proactive and highly organized G...
Location
Location
United States , New York
Salary
Salary:
175000.00 - 200000.00 USD / Year
clearstreet.io Logo
Clear Street
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 7+ years of experience in GRC, security compliance, risk management, or related functions
  • Strong understanding of common security frameworks (SOC 2, ISO 27001, NIST CSF, PCI-DSS)
  • Experience managing audits end-to-end
  • Demonstrated ability to build and maintain governance processes and cross-functional compliance programs
  • Excellent documentation, communication, and stakeholder-management skills
  • Experience in technology, fintech, financial services, or other highly regulated industries
Job Responsibility
Job Responsibility
  • Develop, maintain, and manage the company’s security and compliance policy framework
  • Ensure policies are current, properly communicated, approved, and effectively implemented across the organization
  • Oversee periodic reviews of all internal policies
  • Educate teams on policy requirements and drive adherence
  • Build, implement, and continuously refine the company’s cyber security risk management framework
  • Lead risk identification, assessment, scoring, and periodic re-evaluations
  • Maintain the corporate risk register
  • Manage all internal and external audits including SOC 2, ISO 27001, regulatory exams, and customer due-diligence requests
  • Coordinate and prepare audit evidence
  • Serve as the primary liaison with external auditors, security assessors, and regulatory bodies
What we offer
What we offer
  • Competitive compensation packages
  • Company equity
  • 401k matching
  • Gender-neutral parental leave
  • Full medical, dental and vision insurance
  • Lunch stipends
  • Fully stocked kitchens
  • Happy hours
  • Fulltime
Read More
Arrow Right

Security GRC Manager

We enable Plaid to quickly build safe and secure products while ensuring that Pl...
Location
Location
United States , San Francisco
Salary
Salary:
166800.00 - 282000.00 USD / Year
plaid.com Logo
Plaid
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Hands on experience operating security GRC programs that map to industry frameworks: SSAE18 (SOC1 and SOC2), ISO 27001, SOX 404 ITGCs, NIST CSF and 800-53
  • Hands on experience translating framework requirements into practical and testable control objectives
  • Hands on experience operating technology risk management programs, and applying quantitative risk analysis techniques (FAIR) and structured qualitative risk modeling
  • Cloud-Native security controls and architecture literacy
  • Direct customer facing security and trust assurance experience, and stakeholder management
  • Direct auditor facing experience through scoping, evidence collection, testing, and remediations
  • Direct experience building and deploying control automations
  • Working knowledge of modern web application architecture, build and release techniques, incident response, AuthN/AuthZ strategies, data encryption, vulnerability management, third-party risk management, and security training
Job Responsibility
Job Responsibility
  • Own Plaid's Security GRC strategy and roadmap
  • Lead and scale the Security GRC team
  • Run the Compliance and Assurance programs
  • Build internal and external customer and partner trust
  • Accelerate GRC workflows through automation
What we offer
What we offer
  • medical
  • dental
  • vision
  • 401(k)
  • equity
  • commission
  • Fulltime
Read More
Arrow Right

Senior Information Security Compliance Analyst

We're looking for a technically grounded Senior IS Compliance Analyst who speaks...
Location
Location
United States , Chicago
Salary
Salary:
90000.00 - 130000.00 USD / Year
blumeglobal.com Logo
Blume Global
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Hands-on experience in technical security roles such as Security Operations, Incident Response, Security Analysis, penetration testing, or similar
  • Practical knowledge of security tools, SIEM platforms, vulnerability management, and security monitoring
  • and ability to read and understand security logs, configurations, and technical documentation
  • 6+ years of total experience with significant time in GRC
  • Working knowledge of ISO 27001, NIST frameworks, SOC 1/2, and GDPR requirements
  • Experience developing and implementing information security policies and controls
  • ISO 27001:2022 Lead Implementer and Lead Auditor certification
Job Responsibility
Job Responsibility
  • Lead technical security assessments and integration of acquired companies, mapping their security architectures and controls to our GRC frameworks, identifying gaps, and building remediation roadmaps that address both technical security and compliance alignment
  • Bridge technical security and business stakeholders by evaluating risks through a technical lens, working alongside security engineering teams to translate GRC requirements into practical security measures, and communicating effectively across technical and non-technical audiences
  • Develop and harmonize security policies and control frameworks across acquired entities, ensuring they're both audit ready and operationally sound, while translating between technical security requirements and governance documentation
  • Own customer security questionnaire responses by leveraging your hands-on security background to provide detailed, accurate answers and collaborating with infrastructure, application security, and operations teams to gather technical evidence
  • Drive continuous improvement of our GRC program through technical security enhancements, meaningful security and compliance metrics, and process improvements that increase both control effectiveness and operational efficiency
What we offer
What we offer
  • health and welfare benefits
  • tuition assistance
  • 401K savings and other retirement programs
  • employee assistance programs
Read More
Arrow Right
Jobs by Category
Art and Entertainment Jobs Banking Jobs Call Center Jobs Construction Jobs Consulting Jobs Customer Service Jobs Education Jobs Energy Jobs Finance Jobs Gastronomy Jobs Health and Beauty Jobs Hospitality and Tourism Jobs Human Resources Jobs Insurance Jobs IT - Administration Jobs IT - Software Development Jobs Legal Jobs Logistics Jobs Manufacturing Jobs Marketing, Digital Marketing, SEO, SEM Jobs Media Jobs Nursing Jobs Office Administration Jobs Pharmacy Jobs Physical Work Jobs Public Relations Jobs Public Sector Jobs Purchasing Jobs Quality Control Jobs Real Estate Jobs Research and Development Jobs Sales Jobs
Job Positions Jobs by Country
United States Jobs United Kingdom Jobs India Jobs Canada Jobs Australia Jobs Germany Jobs Ireland Jobs Poland Jobs
Company
Blog About Us Contact
Follow Us
Facebook
X (Twitter)
LinkedIn
Instagram
CrawlJobs Group
ITFlashcards AllDevBlogs
© 2026 CrawlJobs Ltd. All Rights Reserved
Terms & Conditions Privacy Policy