GRC Program Manager

Remote (United States)

About the Role

This opportunity is for a GRC Program Manager to build, manage, and scale governance, risk, and compliance programs in a regulated financial technology environment. The role owns audit execution, control documentation, risk management, vendor due diligence, compliance workflows, and customer trust support.

This position is ideal for someone who can execute hands-on compliance work while also designing scalable systems, templates, playbooks, and processes that support long-term operational maturity.

Job Type: Full-time

Compensation: $95,000 – $135,000 per year, plus equity

What You’ll Do

• Own day-to-day execution of SOC 1, SOC 2, PCI DSS, and ISO 27001 readiness and audit cycles
• Manage audit scoping, control testing, evidence collection, auditor coordination, and remediation tracking
• Develop and maintain policies, procedures, risk assessments, control narratives, and supporting documentation
• Map controls across SOC, ISO, PCI, and NIST frameworks to identify overlap, gaps, automation opportunities, and maturity improvements
• Facilitate risk assessments for systems, vendors, products, and business initiatives
• Maintain risk registers, mitigation plans, and executive reporting on residual risk
• Partner with engineering and infrastructure teams to translate security requirements into practical technical controls
• Support controls across cloud infrastructure, SDLC, access management, logging, monitoring, and incident response
• Manage vendor security reviews, questionnaires, evidence validation, risk scoring, and ongoing third-party monitoring
• Support customer security reviews, security questionnaires, and trust documentation for enterprise and financial partnerships
• Build scalable compliance workflows, tooling, and automation to reduce manual effort and improve evidence quality
• Maintain dashboards and reporting on audit status, control health, remediation progress, and overall risk posture
• Collaborate with product, sales, engineering, operations, and leadership teams to align priorities and drive outcomes

Qualifications

• 3–6+ years of experience in governance, risk, compliance, audit, or information security roles
• Hands-on experience supporting or leading SOC 1 and/or SOC 2 audits
• Experience with PCI DSS and ISO 27001 strongly preferred
• Strong working knowledge of SOC, ISO 27001, NIST CSF, PCI DSS, and practical control operations
• Experience working cross-functionally with engineering, product, and operations teams in a technical environment
• Ability to build and maintain high-quality documentation, evidence, and audit artifacts
• Comfort working in fast-moving environments with changing priorities and ambiguity
• Ability to build systems from 0 to 1, including scalable frameworks, templates, and playbooks
• Experience collaborating with product, sales, and engineering teams to align priorities and drive outcomes
• Bachelor’s degree in Information Systems, Computer Science, Business, Risk Management, or a related field, or equivalent practical experience

Preferred Qualifications

• Experience in fintech, payments, banking partnerships, PCI environments, or financial audits
• Experience supporting ISO 27001 certification or operating within an ISO-aligned ISMS
• Experience implementing compliance tooling, evidence automation, or GRC platforms
• Hands-on ownership of third-party risk management workflows
• Experience building or scaling compliance programs in a high-growth environment

Key Skills

• Audit operations, including scoping, walkthroughs, evidence management, remediation tracking, and auditor coordination
• Control design and the ability to translate regulatory requirements into clear, testable, scalable controls
• Risk assessment for systems, vendors, products, and operational processes
• Technical fluency across cloud infrastructure, identity and access management, logging, monitoring, SDLC, and security tooling
• Strong documentation and writing skills for policies, procedures, narratives, and evidence artifacts
• Project management skills to manage multiple audits, initiatives, stakeholders, deadlines, and priorities
• Clear communication with engineers, auditors, leadership, customers, and external partners
• Strong organization, attention to detail, follow-through, and operational discipline

Why This Role Matters

This role supports the development of a strong control environment, reliable audit outcomes, regulatory credibility, and scalable compliance processes. The work helps reduce friction for technical teams, support enterprise customer trust, strengthen security posture, and improve operational maturity through documentation, automation, and continuous improvement.

Work Environment

This is a remote-first, full-time role open to candidates located in the United States only. The position offers flexible working arrangements and the opportunity to make a meaningful impact within a small, high-growth team.

Benefits

• Competitive compensation with equity
• Remote-first culture with flexible working arrangements
• Professional growth opportunities in compliance and risk management
• Opportunity to build scalable compliance infrastructure in a regulated technology environment
• Mission-driven work supporting financial innovation while maintaining high regulatory standards