Governance, Risk & Compliance Manager

Governance

• Design and implement governance frameworks, including reporting, policy governance, and control oversight
• Establish and maintain enterprise policies, standards, and procedures across technology, security, privacy, and operational functions
• Build and lead a governance committee structure that provides appropriate oversight and decision-making
• Create governance dashboards and metrics to provide visibility into program maturity and effectiveness
• Partner with leadership to align governance activities with business strategy and risk appetite

Risk Management

• Develop and operate a comprehensive Enterprise Risk Management (ERM) program
• Conduct regular enterprise-wide risk assessments and maintain a dynamic risk register
• Build and maintain business continuity and disaster recovery programs, including regular testing and tabletop exercises
• Implement third-party risk management processes, including vendor risk assessments, contract reviews, and ongoing monitoring
• Create risk treatment plans and track remediation activities across the organization
• Facilitate risk-informed decision-making at all levels of the organization
• Coordinate with functional leaders to ensure risks across all business areas are identified and managed appropriately

Compliance

• Own audit and certification programs including SOC 2, ISO 27001, HIPAA, and other relevant standards
• Develop and maintain compliance monitoring programs to track regulatory changes and work with the legal team to assess impact
• Partner with HR and Legal to support labor & employment compliance programs, including workplace safety, anti-discrimination, wage and hour requirements, and multi-jurisdictional employment regulations
• Monitor and ensure adherence to industry-specific regulatory requirements relevant to Sigma's business operations
• Manage security awareness training programs enterprise-wide
• Conduct internal audits and assessments to validate control effectiveness
• Coordinate external audits and assessments with third-party auditors

Business Enablement

• Support sales and customer success teams with compliance documentation and security inquiries
• Develop customer-facing materials that articulate Sigma's risk management and compliance posture
• Complete and manage responses to customer security questionnaires and assessments (VSAs, SIGs, custom questionnaires)
• Enable efficient deal cycles by maintaining ready-to-use compliance artifacts, trust center content, and documentation
• Partner with Sales Engineering and Solutions teams to address prospect security and compliance requirements

Required Qualifications

• 4+ years of experience in governance, risk management, and/or compliance roles, preferably in SaaS or technology companies
• Demonstrated experience building or significantly maturing a GRC program from the ground up
• Track record of successfully leading certification audits (SOC 2, ISO 27001, HIPAA, or similar)
• Experience implementing risk management frameworks (COSO, ISO 31000, NIST RMF, or similar)
• Strong knowledge of data privacy regulations and their practical application (GDPR, CCPA, etc.)
• Experience developing and maintaining information security and privacy policies, procedures, and control frameworks
• Strong business acumen with ability to translate risk and compliance requirements into business value
• Excellent communication skills with ability to influence stakeholders at all levels, including leadership
• Proven ability to manage multiple priorities and stakeholders in a fast-paced, high-growth environment
• Collaborative mindset and commitment to enabling business success while managing risk

Preferred Qualifications

• Experience with GRC platforms (ServiceNow GRC, Archer, LogicGate, or similar)
• Hands-on experience with cloud environments (GCP, AWS, Azure) from a compliance and security perspective
• Experience with labor & employment compliance or cross-functional collaboration with HR on regulatory matters
• Familiarity with multi-state or international employment regulations
• Experience with continuous compliance automation tools (Vanta, Drata, Secureframe, Tugboat, or similar)
• Professional certifications such as CRISC, CISA, CISM, CGEIT, CISSP, or CIPP
• Experience in high-growth SaaS or technology companies
• Background in both technical and operational risk management
• Experience working in organizations with distributed or remote teams
• Familiarity with security frameworks such as NIST CSF, CIS Controls, or OWASP

Compensation & Benefits

• Base salary range: $190,000 - $215,000 annually
• Eligible for stock options
• Comprehensive benefits package
• Generous health benefits
• Flexible time off policy