GRC & Privacy Manager

As the Manager, GRC and Privacy, you will be instrumental in enhancing and maintaining our integrated GRC and privacy program. You will be responsible for developing and implementing policies, procedures, and controls to ensure compliance with relevant regulations, industry standards, and customer requirements. This role requires a strong understanding of risk management principles, privacy laws, and the ability to translate complex requirements into practical and scalable solutions. You will collaborate closely with legal, security, product, and customer-facing teams to foster a culture of compliance and trust.

Core Responsibilities:

• Develop, implement, and maintain a comprehensive GRC framework that integrates governance, risk management, and compliance activities.
• Establish and enforce privacy policies, standards, and procedures in accordance with applicable privacy laws and regulations.
• Conduct regular risk assessments and audits to identify and evaluate organizational risks and compliance gaps, and develop mitigation strategies.
• Manage and respond to customer security and privacy questionnaires, audits, and due diligence requests.
• Collaborate with product and engineering teams to embed privacy by design principles into our platform and development lifecycle.
• Monitor changes in relevant regulations and industry standards, and proactively update policies and procedures to ensure ongoing compliance.
• Manage relationships with external auditors.
• Support the preparation for and execution of compliance certifications and attestations.

Requirements:

• Bachelor’s degree in a relevant field and relevant certifications are a plus.
• 5+ years of experience in GRC and/or privacy roles, preferably within a multi-national SaaS or technology company.
• Strong understanding of risk management methodologies, compliance frameworks, and privacy laws and regulations.
• Experience conducting risk assessments, internal audits, and developing and implementing policies and procedures.
• Excellent analytical, problem-solving, and project management skills.
• Strong written and verbal communication skills, with the ability to effectively communicate complex GRC and privacy concepts to diverse audiences.

The anticipated base salary range for the role is $110,000 – $140,000 per year + variable + equity + benefits. Actual salaries may vary and will be based on factors, such as the candidate’s qualifications, skills, competencies, and proficiency for the role. Internal candidates who have current pay within or above the hiring range are still encouraged to apply if interested.