Skip to content
SigmaSigmaSan francisco, CA

Governance, Risk & Compliance Manager

Lead and scale enterprise GRC programs including governance frameworks, ERM, SOC 2/ISO 27001/HIPAA compliance, and third-party risk management. Partner across Legal, Engineering, Product, and Sales to enable secure business growth.

190k – 215k
On-site4+ YOELegal

About the role

Governance

  • Design and implement governance frameworks, including reporting, policy governance, and control oversight
  • Establish and maintain enterprise policies, standards, and procedures across technology, security, privacy, and operational functions
  • Build and lead a governance committee structure that provides appropriate oversight and decision-making
  • Create governance dashboards and metrics to provide visibility into program maturity and effectiveness
  • Partner with leadership to align governance activities with business strategy and risk appetite

Risk Management

  • Develop and operate a comprehensive Enterprise Risk Management (ERM) program
  • Conduct regular enterprise-wide risk assessments and maintain a dynamic risk register
  • Build and maintain business continuity and disaster recovery programs, including regular testing and tabletop exercises
  • Implement third-party risk management processes, including vendor risk assessments, contract reviews, and ongoing monitoring
  • Create risk treatment plans and track remediation activities across the organization
  • Facilitate risk-informed decision-making at all levels of the organization
  • Coordinate with functional leaders to ensure risks across all business areas are identified and managed appropriately

Compliance

  • Own audit and certification programs including SOC 2, ISO 27001, HIPAA, and other relevant standards
  • Develop and maintain compliance monitoring programs to track regulatory changes and work with the legal team to assess impact
  • Partner with HR and Legal to support labor & employment compliance programs, including workplace safety, anti-discrimination, wage and hour requirements, and multi-jurisdictional employment regulations
  • Monitor and ensure adherence to industry-specific regulatory requirements relevant to Sigma's business operations
  • Manage security awareness training programs enterprise-wide
  • Conduct internal audits and assessments to validate control effectiveness
  • Coordinate external audits and assessments with third-party auditors

Business Enablement

  • Support sales and customer success teams with compliance documentation and security inquiries
  • Develop customer-facing materials that articulate Sigma's risk management and compliance posture
  • Complete and manage responses to customer security questionnaires and assessments (VSAs, SIGs, custom questionnaires)
  • Enable efficient deal cycles by maintaining ready-to-use compliance artifacts, trust center content, and documentation
  • Partner with Sales Engineering and Solutions teams to address prospect security and compliance requirements

Required Qualifications

  • 4+ years of experience in governance, risk management, and/or compliance roles, preferably in SaaS or technology companies
  • Demonstrated experience building or significantly maturing a GRC program from the ground up
  • Track record of successfully leading certification audits (SOC 2, ISO 27001, HIPAA, or similar)
  • Experience implementing risk management frameworks (COSO, ISO 31000, NIST RMF, or similar)
  • Strong knowledge of data privacy regulations and their practical application (GDPR, CCPA, etc.)
  • Experience developing and maintaining information security and privacy policies, procedures, and control frameworks
  • Strong business acumen with ability to translate risk and compliance requirements into business value
  • Excellent communication skills with ability to influence stakeholders at all levels, including leadership
  • Proven ability to manage multiple priorities and stakeholders in a fast-paced, high-growth environment
  • Collaborative mindset and commitment to enabling business success while managing risk

Preferred Qualifications

  • Experience with GRC platforms (ServiceNow GRC, Archer, LogicGate, or similar)
  • Hands-on experience with cloud environments (GCP, AWS, Azure) from a compliance and security perspective
  • Experience with labor & employment compliance or cross-functional collaboration with HR on regulatory matters
  • Familiarity with multi-state or international employment regulations
  • Experience with continuous compliance automation tools (Vanta, Drata, Secureframe, Tugboat, or similar)
  • Professional certifications such as CRISC, CISA, CISM, CGEIT, CISSP, or CIPP
  • Experience in high-growth SaaS or technology companies
  • Background in both technical and operational risk management
  • Experience working in organizations with distributed or remote teams
  • Familiarity with security frameworks such as NIST CSF, CIS Controls, or OWASP

Compensation & Benefits

  • Base salary range: $190,000 - $215,000 annually
  • Eligible for stock options
  • Comprehensive benefits package
  • Generous health benefits
  • Flexible time off policy

Skills

SOC 2ISO 27001HIPAAGDPRCCPANist RmfCosoIso 31000Servicenow GrcArcherLogicgateGCPAWSAzureVanta

Similar roles

Legal jobs
Mirage

Product Counsel

MirageNew York, NY

Product Counsel serving as embedded legal partner to product, engineering, and research teams at an AI video platform. Advise on generative AI issues including IP, copyright, right of publicity, privacy, and content moderation while building legal processes and triaging company-wide matters.

190k – 280k
On-site5+ YOELegal
Postman

Commercial Counsel

PostmanSan Francisco, CA

Commercial Counsel responsible for drafting, negotiating, and managing enterprise SaaS subscription agreements and strategic partner/channel/reseller agreements at Postman. Requires JD, 5-8 years B2B SaaS legal experience with strong focus on partnership deals, and ability to advise Sales and Partner teams.

190k – 230k
On-site5+ YOELegal
Decagon

Governance, Risk, and Compliance Manager

DecagonSan Francisco, CA

Leads execution of GRC compliance programs including SOC 2, ISO 27001, and data privacy certifications. Manages customer security assessments, RFP responses, and vendor risk for enterprise AI platform, requiring 3-5 years GRC experience in SaaS.

190k – 275k
On-site3+ YOELegal
Fivetran

Product Attorney

FivetranDenver, CO

Product Counsel advising Product and Engineering teams on IP, licensing, privacy, AI, and regulatory issues throughout the product lifecycle at a SaaS data company. Requires 4-7 years SaaS legal experience and a J.D.

190k – 238k
Hybrid4+ YOELegal
Instacart

Product Counsel

InstacartUnited States

Product Counsel embedded with Instacart's product teams to provide strategic legal guidance on new international markets, hardware (Caper carts), and retailer platforms. Advise on e-commerce, privacy, payments, and compliance while using AI tools to streamline processes and act as an enabler to product, engineering, and business teams.

193k – 244k
Remote5+ YOELegal