Manager – Governance, Risk and Compliance (GRC)

Job Description:

• Own and manage SpyCloud’s day-to-day GRC and compliance operations across multiple frameworks, including SOC 2, ISO 27001, NIST, and CMMC 2.0.
• Lead internal and external audit coordination activities, evidence collection, remediation tracking, and control validation efforts.
• Maintain and improve security policies, standards, procedures, and governance documentation.
• Drive ongoing compliance readiness activities and operationalize scalable compliance processes across the business.
• Partner closely with Legal, Security Engineering, DevOps, and Engineering teams to ensure alignment on security and regulatory requirements.
• Conduct enterprise risk assessments and facilitate ongoing risk identification, tracking, remediation, and reporting processes.
• Develop and maintain risk registers and support leadership reporting on security and compliance risks.
• Lead third-party/vendor risk management activities, including security reviews and vendor assessments.
• Support customer trust initiatives, including security questionnaires, compliance inquiries, and due diligence requests.
• Partner with DevOps and Security Engineering teams to strengthen cloud security governance across AWS and cloud-native environments.
• Ensure security controls are aligned with compliance frameworks and operational best practices.
• Support implementation and monitoring of governance controls related to cloud infrastructure, identity management, logging, vulnerability management, and secure development practices.
• Contribute to ongoing security awareness and compliance education initiatives across the organization.
• Manage and mentor direct report(s), supporting professional growth and operational excellence within the GRC function.
• Collaborate with technical and non-technical stakeholders to drive accountability and operational maturity.
• Help prioritize remediation efforts and compliance initiatives based on business risk and organizational goals.
• Support the Senior Director of Governance, Risk and Information Security in scaling SpyCloud’s overall security governance program.

Requirements:

• 6+ years of experience in Governance, Risk, and Compliance (GRC), Information Security, Security Compliance, or related fields.
• Demonstrated hands-on experience managing operational compliance programs within SaaS, cloud, or cybersecurity environments.
• Proven experience supporting and maintaining compliance frameworks such as:
• SOC 2
• ISO 27001
• NIST
• CMMC 2.0
• Experience leading audits, managing evidence collection, and coordinating remediation activities.
• Experience with third-party/vendor risk management and enterprise risk assessment processes.
• Experience working cross-functionally with Legal, Engineering, DevOps, Security, and executive stakeholders.
• Bachelor's degree in Cybersecurity, Information Security, Computer Science, Business, or related field, or equivalent practical experience.
• Strong understanding of security governance, compliance operations, and risk management practices.
• Familiarity with cloud security concepts and governance within AWS or similar cloud environments.
• Strong organizational and project management skills with the ability to manage multiple priorities simultaneously.
• Excellent written and verbal communication skills.
• Ability to translate compliance requirements into practical operational processes.
• Strong analytical, documentation, and problem-solving skills.

Benefits:

• 401(k) with Employer Contribution
• Health, Vision, and Dental Insurance
• Health Savings Account (HSA) available with Employer Contribution
• Employer Paid Life, Short-term, and Long-term Disability Insurance
• Generous PTO Plan and 16 paid holidays per year