Manager – Governance, Risk and Compliance (GRC)
Job Description:
- Own and manage SpyCloud’s day-to-day GRC and compliance operations across multiple frameworks, including SOC 2, ISO 27001, NIST, and CMMC 2.0.
- Lead internal and external audit coordination activities, evidence collection, remediation tracking, and control validation efforts.
- Maintain and improve security policies, standards, procedures, and governance documentation.
- Drive ongoing compliance readiness activities and operationalize scalable compliance processes across the business.
- Partner closely with Legal, Security Engineering, DevOps, and Engineering teams to ensure alignment on security and regulatory requirements.
- Conduct enterprise risk assessments and facilitate ongoing risk identification, tracking, remediation, and reporting processes.
- Develop and maintain risk registers and support leadership reporting on security and compliance risks.
- Lead third-party/vendor risk management activities, including security reviews and vendor assessments.
- Support customer trust initiatives, including security questionnaires, compliance inquiries, and due diligence requests.
- Partner with DevOps and Security Engineering teams to strengthen cloud security governance across AWS and cloud-native environments.
- Ensure security controls are aligned with compliance frameworks and operational best practices.
- Support implementation and monitoring of governance controls related to cloud infrastructure, identity management, logging, vulnerability management, and secure development practices.
- Contribute to ongoing security awareness and compliance education initiatives across the organization.
- Manage and mentor direct report(s), supporting professional growth and operational excellence within the GRC function.
- Collaborate with technical and non-technical stakeholders to drive accountability and operational maturity.
- Help prioritize remediation efforts and compliance initiatives based on business risk and organizational goals.
- Support the Senior Director of Governance, Risk and Information Security in scaling SpyCloud’s overall security governance program.
Requirements:
- 6+ years of experience in Governance, Risk, and Compliance (GRC), Information Security, Security Compliance, or related fields.
- Demonstrated hands-on experience managing operational compliance programs within SaaS, cloud, or cybersecurity environments.
- Proven experience supporting and maintaining compliance frameworks such as:
- SOC 2
- ISO 27001
- NIST
- CMMC 2.0
- Experience leading audits, managing evidence collection, and coordinating remediation activities.
- Experience with third-party/vendor risk management and enterprise risk assessment processes.
- Experience working cross-functionally with Legal, Engineering, DevOps, Security, and executive stakeholders.
- Bachelor's degree in Cybersecurity, Information Security, Computer Science, Business, or related field, or equivalent practical experience.
- Strong understanding of security governance, compliance operations, and risk management practices.
- Familiarity with cloud security concepts and governance within AWS or similar cloud environments.
- Strong organizational and project management skills with the ability to manage multiple priorities simultaneously.
- Excellent written and verbal communication skills.
- Ability to translate compliance requirements into practical operational processes.
- Strong analytical, documentation, and problem-solving skills.
Benefits:
- 401(k) with Employer Contribution
- Health, Vision, and Dental Insurance
- Health Savings Account (HSA) available with Employer Contribution
- Employer Paid Life, Short-term, and Long-term Disability Insurance
- Generous PTO Plan and 16 paid holidays per year