Skip to content
MattermostMattermostUnited States

GRC Manager

Own and modernize Mattermost's end-to-end GRC program across federal (CMMC/NIST) and commercial (SOC 2/ISO 27001) markets. Apply GRC engineering, automation, and AI to replace manual processes with continuous monitoring while leading risk management, audits, customer assurance, and team growth.

139k – 168k
Remote7+ YOEOther

About the role

What You'll Do

  • Own and modernize Mattermost's compliance programs across federal and commercial markets
  • Lead readiness, certification, and surveillance cycles across both programs
  • Operate the risk management program end to end — from identification and assessment through treatment and acceptance
  • Own the third-party and vendor risk management program, including security assessments and supply chain risk
  • Apply GRC engineering and automation to replace manual evidence collection with continuous controls monitoring
  • Build AI-native workflows to accelerate and improve the quality of recurring compliance work
  • Maintain the control library, system security plans, POA&Ms, and policies
  • Coordinate external audits from scoping through remediation
  • Accelerate deal cycles by owning customer security questionnaires, trust center content, and reusable compliance artifacts
  • Grow and lead the GRC team as the program scales

What We're Looking For

  • Bachelor's degree in computer science, information security, or related field — or significant professional GRC and compliance experience
  • Proven senior-level experience in governance, risk, and compliance, security compliance, or IT audit, including direct ownership of a certification or authorization program
  • Experience with U.S. Federal standards including CMMC and NIST series (800-171 / 800-53)
  • Experience with ISO 27001 and SOC 2 Type II
  • Experience operating a formal risk management program
  • Experience running a third-party and vendor risk management program
  • Experience owning customer-facing security assurance, including security questionnaires and trust center content
  • Working knowledge of security controls for cloud environments (AWS, GCP, and/or Azure)
  • Excellent written and verbal communication skills

Nice to Have

  • Professional GRC certifications such as CISA, CRISC, CISM, CISSP, or CIPP
  • Experience working with AI platforms such as Claude, OpenAI, or Gemini
  • Experience with compliance automation tooling such as Vanta or Drata, and continuous controls monitoring
  • Direct experience applying AI or LLM-based workflows to GRC tasks
  • Proficiency in no-code automation or scripting languages
  • Past success in critical infrastructure industries including defense, cybersecurity, communications, or manufacturing

How Success Is Measured

  • CMMC Level 2 gap assessment and readiness roadmap delivered within first 90 days
  • SOC 2 Type II and ISO 27001 audit cycles completed on time without slippage
  • Manual evidence collection replaced with automated, continuously monitored controls
  • Customer security questionnaires and trust center content maintained to unblock deal cycles
  • GRC team grown and operating as a scalable, program-driven function

Skills

GRCCmmcNist 800-171Nist 800-53ISO 27001SOC 2Risk ManagementVendor Risk ManagementAWSGCPAzureCompliance AutomationVantaDrataCissp

Similar roles

Bestow

Senior Technical Underwriter

BestowDallas, TX

Senior Technical Underwriter enhancing and auditing an AI-powered instant decision underwriting platform for life insurers. Requires 8+ years underwriting experience, rules engine knowledge, data analysis skills, and audit/UAT experience.

140k – 160k
Remote8+ YOEOther
Huntress

Senior SEO Manager - Citation Outreach

HuntressUnited States

Own offsite SEO strategy and citation outreach programs, writing and placing technical content across third-party sites, partner properties, and LLM sources to drive brand visibility and referral traffic.

140k – 150k
Remote7+ YOEOther
Runpod

Senior Procurement Officer

RunpodUnited States

Lead strategic sourcing, complex high-value contract negotiations, and vendor management for Runpod's cloud infrastructure procurement (tens to hundreds of millions in spend). Requires deep commercial, financial structuring, and legal acumen; embedded with Engineering.

140k – 180k
Remote7+ YOEOther
Fluidstack

Regional HSE Manager, Data Centers

FluidstackBuffalo, NY +3

Leads EHS programs for data center construction sites across multiple states, managing environmental compliance, permitting, contractor safety, audits, and regulatory relationships. Requires 7+ years EHS experience, bachelor's in engineering/environmental science, and AI tool proficiency; 50% travel to sites in IN and NY.

140k – 200k
On-site7+ YOEOther
Parker

Senior Credit Analyst

ParkerNew York, NY

Conducts deep credit assessments for business applications up to $5M+, analyzing financial statements, bank data, and qualitative risks to recommend approve/decline decisions. Requires 5+ years in credit analysis with strong judgment and financial modeling skills.

140k – 160k
On-site5+ YOEOther