Skip to content
DecagonDecagonSan Francisco, CA

Governance, Risk, and Compliance Manager

Leads execution of GRC compliance programs including SOC 2, ISO 27001, and data privacy certifications. Manages customer security assessments, RFP responses, and vendor risk for enterprise AI platform, requiring 3-5 years GRC experience in SaaS.

190k – 275k
On-site3+ YOELegal

About the role

Responsibilities

  • Drive compliance certifications including SOC 2 Type II, ISO 27001, PCI DSS, HIPAA, and CCPA
  • Automate or execute compliance evidence collection, ensuring all controls are properly documented and audit-ready
  • Maintain and improve security documentation including policies, procedures, and customer-facing security collateral
  • Support customer security assessments by preparing materials for security reviews and helping address technical inquiries from Fortune 500 security teams
  • Manage security and compliance topics in RFPs end-to-end, coordinating responses across engineering, product, and legal teams
  • Coordinate with contractors and vendors to maintain response quality and meet timelines during peak sales periods
  • Build and optimize repeatable processes to scale GRC operations to hundreds of enterprise customers
  • Partner with sales engineering to understand customer security requirements and proactively prepare responses for common concerns
  • Partner with Sales and Customer Success to accelerate deal velocity by proactively addressing customer security concerns with published content
  • Collaborate with Security, Engineering, and Product teams to translate compliance requirements into actionable technical controls and ensure new features meet regulatory standards
  • Establish vendor risk management programs to assess and monitor third-party security risks across our supply chain

Requirements

  • 3-5 years of GRC experience in high-growth SaaS or technology companies, with direct responsibility for compliance programs
  • Proven track record successfully contributing to SOC 2, ISO 27001, or similar enterprise compliance certifications
  • Experience in data privacy regulations including CCPA, GDPR, and emerging AI governance frameworks
  • Strong project management skills with ability to coordinate cross-functional teams under tight deadlines
  • Excellent written and verbal communication skills to translate complex security concepts for diverse audiences
  • Working knowledge of technical security controls and ability to collaborate effectively with engineering teams

Nice-to-Haves

  • Experience with AI/ML compliance frameworks and understanding of unique risks in conversational AI systems
  • Background in healthcare or financial services with knowledge of HIPAA or PCI requirements
  • Track record of building GRC programs at companies scaling from startup to enterprise
  • Experience with GRC platforms like Vanta, Drata, or SecureFrame to automate compliance workflows
  • Understanding of cloud security particularly Google Cloud Platform compliance and security features

Compensation

$190K – $275K + Equity

Skills

SOC 2ISO 27001Pci DssHIPAACCPAGDPRVantaDrataSecureframeGCP

Similar roles

Legal jobs
Mirage

Product Counsel

MirageNew York, NY

Product Counsel serving as embedded legal partner to product, engineering, and research teams at an AI video platform. Advise on generative AI issues including IP, copyright, right of publicity, privacy, and content moderation while building legal processes and triaging company-wide matters.

190k – 280k
On-site5+ YOELegal
Postman

Commercial Counsel

PostmanSan Francisco, CA

Commercial Counsel responsible for drafting, negotiating, and managing enterprise SaaS subscription agreements and strategic partner/channel/reseller agreements at Postman. Requires JD, 5-8 years B2B SaaS legal experience with strong focus on partnership deals, and ability to advise Sales and Partner teams.

190k – 230k
On-site5+ YOELegal
Sigma

Governance, Risk & Compliance Manager

SigmaSan francisco, CA +1

Lead and scale enterprise GRC programs including governance frameworks, ERM, SOC 2/ISO 27001/HIPAA compliance, and third-party risk management. Partner across Legal, Engineering, Product, and Sales to enable secure business growth.

190k – 215k
On-site4+ YOELegal
Fivetran

Product Attorney

FivetranDenver, CO

Product Counsel advising Product and Engineering teams on IP, licensing, privacy, AI, and regulatory issues throughout the product lifecycle at a SaaS data company. Requires 4-7 years SaaS legal experience and a J.D.

190k – 238k
Hybrid4+ YOELegal
Instacart

Product Counsel

InstacartUnited States

Product Counsel embedded with Instacart's product teams to provide strategic legal guidance on new international markets, hardware (Caper carts), and retailer platforms. Advise on e-commerce, privacy, payments, and compliance while using AI tools to streamline processes and act as an enabler to product, engineering, and business teams.

193k – 244k
Remote5+ YOELegal