Lead and scale enterprise GRC programs including governance frameworks, ERM, SOC 2/ISO 27001/HIPAA compliance, and third-party risk management. Partner across Legal, Engineering, Product, and Sales to enable secure business growth.
190k – 215k
On-site4+ YOELegal
About the role
Governance
Design and implement governance frameworks, including reporting, policy governance, and control oversight
Establish and maintain enterprise policies, standards, and procedures across technology, security, privacy, and operational functions
Build and lead a governance committee structure that provides appropriate oversight and decision-making
Create governance dashboards and metrics to provide visibility into program maturity and effectiveness
Partner with leadership to align governance activities with business strategy and risk appetite
Risk Management
Develop and operate a comprehensive Enterprise Risk Management (ERM) program
Conduct regular enterprise-wide risk assessments and maintain a dynamic risk register
Build and maintain business continuity and disaster recovery programs, including regular testing and tabletop exercises
Implement third-party risk management processes, including vendor risk assessments, contract reviews, and ongoing monitoring
Create risk treatment plans and track remediation activities across the organization
Facilitate risk-informed decision-making at all levels of the organization
Coordinate with functional leaders to ensure risks across all business areas are identified and managed appropriately
Compliance
Own audit and certification programs including SOC 2, ISO 27001, HIPAA, and other relevant standards
Develop and maintain compliance monitoring programs to track regulatory changes and work with the legal team to assess impact
Partner with HR and Legal to support labor & employment compliance programs, including workplace safety, anti-discrimination, wage and hour requirements, and multi-jurisdictional employment regulations
Monitor and ensure adherence to industry-specific regulatory requirements relevant to Sigma's business operations
Manage security awareness training programs enterprise-wide
Conduct internal audits and assessments to validate control effectiveness
Coordinate external audits and assessments with third-party auditors
Business Enablement
Support sales and customer success teams with compliance documentation and security inquiries
Develop customer-facing materials that articulate Sigma's risk management and compliance posture
Complete and manage responses to customer security questionnaires and assessments (VSAs, SIGs, custom questionnaires)
Enable efficient deal cycles by maintaining ready-to-use compliance artifacts, trust center content, and documentation
Partner with Sales Engineering and Solutions teams to address prospect security and compliance requirements
Required Qualifications
4+ years of experience in governance, risk management, and/or compliance roles, preferably in SaaS or technology companies
Demonstrated experience building or significantly maturing a GRC program from the ground up
Track record of successfully leading certification audits (SOC 2, ISO 27001, HIPAA, or similar)
Experience implementing risk management frameworks (COSO, ISO 31000, NIST RMF, or similar)
Strong knowledge of data privacy regulations and their practical application (GDPR, CCPA, etc.)
Experience developing and maintaining information security and privacy policies, procedures, and control frameworks
Strong business acumen with ability to translate risk and compliance requirements into business value
Excellent communication skills with ability to influence stakeholders at all levels, including leadership
Proven ability to manage multiple priorities and stakeholders in a fast-paced, high-growth environment
Collaborative mindset and commitment to enabling business success while managing risk
Preferred Qualifications
Experience with GRC platforms (ServiceNow GRC, Archer, LogicGate, or similar)
Hands-on experience with cloud environments (GCP, AWS, Azure) from a compliance and security perspective
Experience with labor & employment compliance or cross-functional collaboration with HR on regulatory matters
Familiarity with multi-state or international employment regulations
Experience with continuous compliance automation tools (Vanta, Drata, Secureframe, Tugboat, or similar)
Professional certifications such as CRISC, CISA, CISM, CGEIT, CISSP, or CIPP
Experience in high-growth SaaS or technology companies
Background in both technical and operational risk management
Experience working in organizations with distributed or remote teams
Familiarity with security frameworks such as NIST CSF, CIS Controls, or OWASP
Product Counsel serving as embedded legal partner to product, engineering, and research teams at an AI video platform. Advise on generative AI issues including IP, copyright, right of publicity, privacy, and content moderation while building legal processes and triaging company-wide matters.
190k – 280k
On-site5+ YOELegal
Commercial Counsel
PostmanSan Francisco, CA
Commercial Counsel responsible for drafting, negotiating, and managing enterprise SaaS subscription agreements and strategic partner/channel/reseller agreements at Postman. Requires JD, 5-8 years B2B SaaS legal experience with strong focus on partnership deals, and ability to advise Sales and Partner teams.
190k – 230k
On-site5+ YOELegal
Governance, Risk, and Compliance Manager
DecagonSan Francisco, CA
Leads execution of GRC compliance programs including SOC 2, ISO 27001, and data privacy certifications. Manages customer security assessments, RFP responses, and vendor risk for enterprise AI platform, requiring 3-5 years GRC experience in SaaS.
190k – 275k
On-site3+ YOELegal
Product Attorney
FivetranDenver, CO
Product Counsel advising Product and Engineering teams on IP, licensing, privacy, AI, and regulatory issues throughout the product lifecycle at a SaaS data company. Requires 4-7 years SaaS legal experience and a J.D.
190k – 238k
Hybrid4+ YOELegal
Product Counsel
InstacartUnited States
Product Counsel embedded with Instacart's product teams to provide strategic legal guidance on new international markets, hardware (Caper carts), and retailer platforms. Advise on e-commerce, privacy, payments, and compliance while using AI tools to streamline processes and act as an enabler to product, engineering, and business teams.