# Governance, Risk & Compliance Manager

**Company:** [Sigma](https://hotfix.jobs/companies/sigma)
**Location:** San francisco, CA, New York, NY
**Role:** Legal
**Salary:** $190k – $215k/yr
**Experience:** 4+ years
**Skills:** SOC 2, ISO 27001, HIPAA, GDPR, CCPA, Nist Rmf, Coso, Iso 31000, Servicenow Grc, Archer, Logicgate, GCP, AWS, Azure, Vanta
**Posted:** 2026-06-10

> Lead and scale enterprise GRC programs including governance frameworks, ERM, SOC 2/ISO 27001/HIPAA compliance, and third-party risk management. Partner across Legal, Engineering, Product, and Sales to enable secure business growth.

## Job Description

## Governance

- Design and implement governance frameworks, including reporting, policy governance, and control oversight
- Establish and maintain enterprise policies, standards, and procedures across technology, security, privacy, and operational functions
- Build and lead a governance committee structure that provides appropriate oversight and decision-making
- Create governance dashboards and metrics to provide visibility into program maturity and effectiveness
- Partner with leadership to align governance activities with business strategy and risk appetite

## Risk Management

- Develop and operate a comprehensive Enterprise Risk Management (ERM) program
- Conduct regular enterprise-wide risk assessments and maintain a dynamic risk register
- Build and maintain business continuity and disaster recovery programs, including regular testing and tabletop exercises
- Implement third-party risk management processes, including vendor risk assessments, contract reviews, and ongoing monitoring
- Create risk treatment plans and track remediation activities across the organization
- Facilitate risk-informed decision-making at all levels of the organization
- Coordinate with functional leaders to ensure risks across all business areas are identified and managed appropriately

## Compliance

- Own audit and certification programs including SOC 2, ISO 27001, HIPAA, and other relevant standards
- Develop and maintain compliance monitoring programs to track regulatory changes and work with the legal team to assess impact
- Partner with HR and Legal to support labor & employment compliance programs, including workplace safety, anti-discrimination, wage and hour requirements, and multi-jurisdictional employment regulations
- Monitor and ensure adherence to industry-specific regulatory requirements relevant to Sigma's business operations
- Manage security awareness training programs enterprise-wide
- Conduct internal audits and assessments to validate control effectiveness
- Coordinate external audits and assessments with third-party auditors

## Business Enablement

- Support sales and customer success teams with compliance documentation and security inquiries
- Develop customer-facing materials that articulate Sigma's risk management and compliance posture
- Complete and manage responses to customer security questionnaires and assessments (VSAs, SIGs, custom questionnaires)
- Enable efficient deal cycles by maintaining ready-to-use compliance artifacts, trust center content, and documentation
- Partner with Sales Engineering and Solutions teams to address prospect security and compliance requirements

## Required Qualifications

- 4+ years of experience in governance, risk management, and/or compliance roles, preferably in SaaS or technology companies
- Demonstrated experience building or significantly maturing a GRC program from the ground up
- Track record of successfully leading certification audits (SOC 2, ISO 27001, HIPAA, or similar)
- Experience implementing risk management frameworks (COSO, ISO 31000, NIST RMF, or similar)
- Strong knowledge of data privacy regulations and their practical application (GDPR, CCPA, etc.)
- Experience developing and maintaining information security and privacy policies, procedures, and control frameworks
- Strong business acumen with ability to translate risk and compliance requirements into business value
- Excellent communication skills with ability to influence stakeholders at all levels, including leadership
- Proven ability to manage multiple priorities and stakeholders in a fast-paced, high-growth environment
- Collaborative mindset and commitment to enabling business success while managing risk

## Preferred Qualifications

- Experience with GRC platforms (ServiceNow GRC, Archer, LogicGate, or similar)
- Hands-on experience with cloud environments (GCP, AWS, Azure) from a compliance and security perspective
- Experience with labor & employment compliance or cross-functional collaboration with HR on regulatory matters
- Familiarity with multi-state or international employment regulations
- Experience with continuous compliance automation tools (Vanta, Drata, Secureframe, Tugboat, or similar)
- Professional certifications such as CRISC, CISA, CISM, CGEIT, CISSP, or CIPP
- Experience in high-growth SaaS or technology companies
- Background in both technical and operational risk management
- Experience working in organizations with distributed or remote teams
- Familiarity with security frameworks such as NIST CSF, CIS Controls, or OWASP

## Compensation & Benefits

- Base salary range: $190,000 - $215,000 annually
- Eligible for stock options
- Comprehensive benefits package
- Generous health benefits
- Flexible time off policy

## Similar roles

- [Product Counsel](https://hotfix.jobs/jobs/21a3b753-c900-4f37-b85a-c7d4c7f70263) - Mirage - New York, NY - $190k – $280k/yr
- [Commercial Counsel](https://hotfix.jobs/jobs/b0bac8e2-0a26-43ba-b935-e40817652e15) - Postman - San Francisco, CA - $190k – $230k/yr
- [Governance, Risk, and Compliance Manager](https://hotfix.jobs/jobs/5e407075-824a-4639-96f7-821772a6f497) - Decagon - San Francisco, CA - $190k – $275k/yr
- [Product Attorney](https://hotfix.jobs/jobs/d19cea93-fb40-4194-adfd-0210c7574d4b) - Fivetran - Denver, CO - $190k – $238k/yr
- [Product Counsel](https://hotfix.jobs/jobs/bef1d075-ec14-481c-b7d9-cf163bf1f0c4) - Instacart - Remote - $193k – $244k/yr

**Apply:** https://hotfix.jobs/jobs/06288482-1df7-4e88-8585-f5b1fa8e07ba
**Canonical:** https://hotfix.jobs/jobs/06288482-1df7-4e88-8585-f5b1fa8e07ba