# Manager, GRC Subject Matter Experts, Product

**Company:** [Vanta](https://hotfix.jobs/companies/vanta)
**Location:** Remote
**Role:** Security Engineering
**Salary:** $230k – $311k/yr
**Experience:** 7+ years
**Skills:** GRC, SOC 2, ISO 27001, HIPAA, Pci Dss, Nist Csf, Nist 800-53, FedRAMP, Risk Management, Compliance Frameworks, Control Mapping, Evidence Collection, Policy Management, Third-Party Risk Management, Ai-Assisted Compliance
**Posted:** 2026-05-20

> Lead and develop a team of GRC subject matter experts responsible for the lifecycle, quality, and product integration of Vanta's security and compliance frameworks. Own end-to-end framework release processes while partnering with Product and Engineering.

## Job Description

## What you’ll do

- Hire, mentor, and develop a team of SMEs covering commercial frameworks, government frameworks, test authoring, framework quality uplift, and framework maintenance
- Build a stable, motivated team environment with clear operating rhythms and delegate effectively to grow ownership and capability
- Connect the team's roadmap and content priorities to Vanta's broader product and company strategy
- Create open feedback loops and adapt communication of priorities, decisions, and risks across audiences
- Lead the team through change while holding yourself and them accountable for commitments
- Own and govern Vanta's framework release process end-to-end, partnering with Product and Engineering
- Drive program management work including new framework launches, updates, customer escalations, content requests, and licensing/pricing input
- Track team performance and report KPIs including framework release velocity, content quality, adoption, and customer impact
- Break down ambiguous priorities across framework launches, updates, test authoring, and quality uplift into actionable decisions
- Lead the quality uplift effort for older commercial frameworks to ensure consistent standards for control wording, evidence specificity, and testing method
- Set direction for crosswalks and mappings across security and privacy frameworks, including canonical control IDs and evidence data dictionaries
- Steer the team's contribution to the broader GRC product surface including risk management, POA&M, policy management, access reviews, Trust Center, and third-party risk management
- Partner with Product Management and Design to ensure SMEs are effective product advisors across discovery, PRD authoring, UI/UX review, and usability testing
- Champion AI-assisted compliance by coaching SMEs to translate domain knowledge into machine-readable specs and partnering with Engineering and ML to ship LLM-powered guidance
- Partner with Sales, Customer Success, and Product Marketing to represent the framework portfolio externally
- Serve as a senior escalation point for customer issues related to framework content, scoping, and interpretation

## How to be successful

- 7+ years of GRC and/or Information Security experience with hands-on implementation or assessment across multiple frameworks (SOC 2, ISO 27001/27701, HIPAA, PCI DSS, NIST CSF/800-53)
- 2+ years of experience managing technical or subject matter expert teams
- Experience owning or contributing to programs that span Product, Engineering, and GTM
- Strong program management instincts and comfort defining process and driving prioritization
- Deep GRC craft including controls, risks, testing approaches, evidence standards, and program operations
- Product mindset with ability to coach the team on translating customer and regulatory needs into productizable capabilities
- Technical and automation fluency with AI-augmented tools to accelerate drafting of specs, mappings, and test logic
- Analytical and detail-oriented with skill in precise control wording, mapping accuracy, and evidence specificity
- Excellent written and verbal communication and ability to partner effectively with engineers, designers, GTM teams, auditors, and customers

## Similar roles

- [Senior Engineer, Agentic Identity](https://hotfix.jobs/jobs/854f4cd6-219a-48bf-b2b4-4cdaef0947e3) - Baselayer - San Francisco, CA - $230k – $340k/yr
- [Security Engineer, Detection and Response](https://hotfix.jobs/jobs/ad36f4af-adb4-4f56-9cf2-412bc3302227) - Notion - San Francisco, CA - $230k – $260k/yr
- [Security Engineer - Tech Lead](https://hotfix.jobs/jobs/8cfaaaab-7daf-4731-8dc4-6131fca0e597) - Luma AI - Palo Alto, CA - $230k – $360k/yr
- [Security Architecture Lead](https://hotfix.jobs/jobs/f0fce5f5-9d5e-42ec-ade2-3a5d749ca2f8) - Replit - Foster City, CA - $228k – $363k/yr
- [Senior Security Engineer](https://hotfix.jobs/jobs/62309998-452a-45f9-8dd9-ed880eb50a2d) - Vanta - Remote - $227k – $267k/yr

**Apply:** https://hotfix.jobs/jobs/36e666cc-cc41-42c2-a93f-0fd3c7363c35
**Canonical:** https://hotfix.jobs/jobs/36e666cc-cc41-42c2-a93f-0fd3c7363c35