Skip to content
VantaVantaUnited States

Manager, GRC Subject Matter Experts, Product

Lead and develop a team of GRC subject matter experts responsible for the lifecycle, quality, and product integration of Vanta's security and compliance frameworks. Own end-to-end framework release processes while partnering with Product and Engineering.

230k – 311k
Remote7+ YOESecurity Engineering

About the role

What you’ll do

  • Hire, mentor, and develop a team of SMEs covering commercial frameworks, government frameworks, test authoring, framework quality uplift, and framework maintenance
  • Build a stable, motivated team environment with clear operating rhythms and delegate effectively to grow ownership and capability
  • Connect the team's roadmap and content priorities to Vanta's broader product and company strategy
  • Create open feedback loops and adapt communication of priorities, decisions, and risks across audiences
  • Lead the team through change while holding yourself and them accountable for commitments
  • Own and govern Vanta's framework release process end-to-end, partnering with Product and Engineering
  • Drive program management work including new framework launches, updates, customer escalations, content requests, and licensing/pricing input
  • Track team performance and report KPIs including framework release velocity, content quality, adoption, and customer impact
  • Break down ambiguous priorities across framework launches, updates, test authoring, and quality uplift into actionable decisions
  • Lead the quality uplift effort for older commercial frameworks to ensure consistent standards for control wording, evidence specificity, and testing method
  • Set direction for crosswalks and mappings across security and privacy frameworks, including canonical control IDs and evidence data dictionaries
  • Steer the team's contribution to the broader GRC product surface including risk management, POA&M, policy management, access reviews, Trust Center, and third-party risk management
  • Partner with Product Management and Design to ensure SMEs are effective product advisors across discovery, PRD authoring, UI/UX review, and usability testing
  • Champion AI-assisted compliance by coaching SMEs to translate domain knowledge into machine-readable specs and partnering with Engineering and ML to ship LLM-powered guidance
  • Partner with Sales, Customer Success, and Product Marketing to represent the framework portfolio externally
  • Serve as a senior escalation point for customer issues related to framework content, scoping, and interpretation

How to be successful

  • 7+ years of GRC and/or Information Security experience with hands-on implementation or assessment across multiple frameworks (SOC 2, ISO 27001/27701, HIPAA, PCI DSS, NIST CSF/800-53)
  • 2+ years of experience managing technical or subject matter expert teams
  • Experience owning or contributing to programs that span Product, Engineering, and GTM
  • Strong program management instincts and comfort defining process and driving prioritization
  • Deep GRC craft including controls, risks, testing approaches, evidence standards, and program operations
  • Product mindset with ability to coach the team on translating customer and regulatory needs into productizable capabilities
  • Technical and automation fluency with AI-augmented tools to accelerate drafting of specs, mappings, and test logic
  • Analytical and detail-oriented with skill in precise control wording, mapping accuracy, and evidence specificity
  • Excellent written and verbal communication and ability to partner effectively with engineers, designers, GTM teams, auditors, and customers

Skills

GRCSOC 2ISO 27001HIPAAPci DssNist CsfNist 800-53FedRAMPRisk ManagementCompliance FrameworksControl MappingEvidence CollectionPolicy ManagementThird-Party Risk ManagementAi-Assisted Compliance
Baselayer

Senior Engineer, Agentic Identity

BaselayerSan Francisco, CA

Build and own core components of KYA (Know Your Agent), a cryptographic identity substrate for AI agents using verifiable credentials, JWS, OAuth, and Merkle logs. Requires production experience shipping cryptographically correct identity systems in Python and Go.

230k – 340k
Hybrid5+ YOESecurity Engineering
Notion

Security Engineer, Detection and Response

NotionSan Francisco, CA +1

Build and operate detection systems for cloud, identity, endpoints, and SaaS. Design high-signal detections, improve detection platforms, and participate in incident response.

230k – 260k
Hybrid6+ YOESecurity Engineering
Luma AI

Security Engineer - Tech Lead

Luma AIPalo Alto, CA

Lead design and implementation of security foundations including access governance, RBAC/ABAC, secrets management, and agent permissions for AI platforms. Partner with teams to embed secure practices while maintaining velocity; requires hands-on coding and production security experience.

230k – 360k
HybridSecurity Engineering
Replit

Security Architecture Lead

ReplitFoster City, CA

Leads security architecture for a multi-tenant SaaS platform, defining vision, mentoring engineers, conducting reviews, and managing risks. Requires 8+ years in security engineering, technical leadership, and cloud-native expertise, especially GCP.

228k – 363k
Hybrid8+ YOESecurity Engineering
Vanta

Senior Security Engineer

VantaUnited States

Senior Security Engineer owning risk identification, threat modeling, vulnerability management, and secure architecture projects. Partners with engineering to build security culture and tools while minimizing operational friction. Requires independent ownership, software development experience, and strong collaboration skills.

227k – 267k
Remote5+ YOESecurity Engineering