215 grc lead jobs at 166 companies in United States

1mo
Save
Mark Applied
Hide
GRC Lead
San Francisco, California, United States
HybridFull Time
Brain Co.
Brain Co.: Builds AI software platforms for governments and large enterprises.
8+ YOE8+ years building and running GRC programs in regulated environments; hands-on with SOC 2 Type II, HIPAA, ISO 27001, NIST 800-171, FedRAMP/GovRAMP, GLBA.
Azure, policy-as-code, audit tooling
2mo
Save
Mark Applied
Hide
Senior GRC Lead
Seattle, Washington, United States
$154k-$192k/yr HybridFull Time
Brex
Brex: Corporate cards and spend management software for businesses.
5+ YOE5+ years in GRC/IT governance or security engineering; deep SOC 2, PCI DSS, ISO 27001, NIST CSF; Python and API integrations; automation and scalable security metrics.
Python, APIs, Terraform, Tines, SOAR
1mo
Save
Mark Applied
Hide
Founding GRC Lead
San Francisco, California, United States
$175k-$225k/yr OnsiteFull Time
Pallet
Pallet: Automating logistics and supply chain workflows using AI agents.
7+ YOE7+ years GRC/security compliance experience; ownership of SOC 1/SOC 2 Type II cycles, GDPR/CCPA privacy, vendor risk; technical familiarity with AWS/GCP and compliance automation; certifications (CISA, CISSP, ISO 27001 LA) a plus.
AWS, GCP
3w
Save
Mark Applied
Hide
Senior Security GRC Lead
Austin or Chicago or New York City or Salt Lake City or San Francisco
$121k-$185k/yr OnsiteFull Time
Gong
Gong: AI platform analyzing customer interactions to improve sales performance.
7+ YOE7+ years building/scaling GRC or InfoSec programs, deep expertise with SOC 2/ISO/NIST frameworks, hands-on GRC tooling, policy and risk assessment experience, bachelor’s preferred, relevant certifications strongly preferred.
SOC 2, SOC 2 Type II, ISO 27001, ISO 27017, ISO 27701, ISO 27018, HIPAA, PCI, NIST CSF, GDPR, CCPA, GRC platform
3mo
Save
Mark Applied
Hide
Sr. Manager GRC
San Jose, California, United States
$179k-$257k/yr OnsiteFull Time
Bloom Energy
Bloom EnergyNYSE: BE: Manufactures solid oxide fuel cell systems for onsite power.
12+ YOELead governance, risk, and compliance program; manage risk assessments; ensure ISO27001/NIST CIS/GDPR/CCPA; lead GRC team; collaborate across functions.
GRC tools, Policy management, Compliance tooling
2mo
Save
Mark Applied
Hide
Security GRC Lead
San Francisco, California, United States
$149k-$224k/yr HybridFull Time
Salesforce
SalesforceNYSE: CRM: Sells cloud-based customer relationship management and business software solutions.
3+ YOE3-5+ years FedRAMP and software security governance; project/program management; experience with GovCloud, and certifications like CISSP/CISA/CISM.
FedRAMP, NIST 800-53, 3PAO, SSP, POA&M, CMMC, R&D, DevSecOps
2w
Save
Mark Applied
Hide
Senior GRC Analyst
Orlando, Florida, United States
OnsiteFull Time
Morgan & Morgan
Morgan & Morgan: Provides legal representation for personal injury and consumer litigation.
4+ YOE4+ years in GRC/IT audit/compliance/information security; hands-on GRC platform experience (Vanta preferred); strong knowledge of ISO 27001, NIST CSF, CIS v8.1; ISC2 or ISACA certification required; experience leading audits and vendor risk assessments.
Vanta, ISO 27001, NIST CSF, CIS v8.1
2w
Save
Mark Applied
Hide
IT GRC Lead Analyst
Westfield Center, Ohio, United States
HybridFull Time
Westfield
Westfield: Provides property, casualty, and specialty insurance and surety solutions.
7+ YOE7+ years in IT GRC, information security, or IT audit; Bachelor's in IT/cybersecurity or related; CISSP/CISA/CRISC/CISM/CGEIT preferred; subject-matter expertise in IT governance, controls, risk assessment, and compliance; must be authorized to work in the U.S. without sponsorship.
3w
Save
Mark Applied
Hide
GRC Automation & Assurance Lead
New York, New York, United States
$214k-$255k/yr OnsiteFull Time
Rokt
Rokt: Provides AI-driven personalization for ecommerce transaction checkouts.
4+ YOE4+ years GRC/audit experience in tech, working knowledge of ISO/SOC/NIST/privacy frameworks, hands-on audit experience, experience designing agentic AI systems, familiarity with cloud (AWS), APIs, SQL, Git, and basic scripting (Python/TypeScript).
Claude Code, Cursor, Copilot, Google ADK, LangGraph, OpenAI Agents SDK, MCP, OWASP Agentic Top 10, NIST AI RMF, ISO 27001, SOC 1, SOC 2, NIST CSF, GDPR, CCPA, CPRA, PCI-DSS, CIS, SCF, ISO 42001, AWS, APIs, SQL, Git, GitHub, Python, TypeScript, Jira
2w
Save
Mark Applied
Hide
RMF / GRC Lead
Bethesda, Maryland, United States
OnsiteContract
Softek International
Softek International: Provides IT modernization and systems integration for federal agencies.
Active Secret clearance required; expertise with RMF lifecycle, NIST SP 800-37/800-53 Rev.5, C-SCRM/EO 14028, SBOM review, audit support, enterprise risk governance, and QA review of authorization packages.
RMF, NIST SP 800-37, NIST SP 800-53 Rev.5, EO 14028, SBOM
2mo
Save
Mark Applied
Hide
Cybersecurity GRC Compliance Lead
Chicago, Illinois, United States
$83k-$141k/yr OnsiteFull Time
Northern Trust
Northern TrustNASDAQ: NTRS: Financial services for individuals, families, and global institutions.
7+ YOE7+ years in cybersecurity with focus on assurance or audit; strong knowledge of cyber regulations and risk frameworks; CISSP/CISM/CRISC or similar; excellent communication and stakeholder management.
SOC2, SOX, cyber controls, regulatory reporting, audit coordination
1mo
Save
Mark Applied
Hide
Senior Director, IT & Security GRC
Richardson, Texas, United States
$138k-$236k/yr HybridFull Time
RealPage
RealPage: Provides AI-enabled property management and data analytics software solutions.
12+ YOE7+ MgmtLead IT risk, SOX ITGC, and GRC programs; build unified risk library; oversee executive risk reporting; manage 12+ years of tech risk leadership.
NIST CSF 2.0, COBIT 2019, ISO 27001, MITRE ATT&CK, GRC tools, AI risk tools
1w
Save
Mark Applied
Hide
Lead Specialist - IT SAP GRC/Security
Houston, Texas, United States
OnsiteFull Time
Energy Transfer
Energy TransferNYSE: ET: Operates energy infrastructure including pipelines, storage, and terminals.
Bachelor's or equivalent and 8+ years SAP security/GRC experience including S4/Fiori, GRC Access Control, SOX/internal controls, 2 full lifecycle SAP projects, audit remediation, and mentoring skills.
S4, Fiori, BPC 11.0, O-BPC, E HANA, Solman, GRC 12, GRC 10.1, MSMP, BRF+, SailPoint IdM
1mo
Save
Mark Applied
Hide
Senior Lead, SAP Security, GRC & Compliance- - PVH Corp.
Bridgewater, New Jersey, United States
$105k-$141k/yr HybridFull Time
PVH
PVHNYSE: PVH: Designs and markets global apparel and lifestyle brands.
8+ YOEBachelor's in Computer Science, Accounting or related; 8+ years SAP Security and GRC experience; expertise with SAP roles/authorization, GRC modules, SoD analysis, compliance (SOX/GDPR/HIPAA/NIST); strong communication and problem-solving.
S/4HANA, EWM, FMS CAR, Fiori, BW, ECC, SAP GRC Access Control, SAP GRC Process Control, SAP GRC Risk Management, SU24, PFCG, SAP RISE
1mo
Save
Mark Applied
Hide
GRC Risk Manager
Los Angeles or United States
$108k-$180k/yr OnsiteFull Time
SHEIN
SHEIN: Global online retailer selling affordable fashion and lifestyle products.
7+ YOE7+ years in information security risk management; bachelor’s degree; CISSP/CISM/CISA or ISO 27001 Lead Auditor desirable; strong standards knowledge; team leadership experience.
GRC tools
1mo
Save
Mark Applied
Hide
Lead, Information Risk and GRC (Miramar, FL, US, 33132)
Miramar, Florida, United States
OnsiteFull Time
Royal Caribbean Group
Royal Caribbean GroupNew York Stock Exchange: RCL: Operates a global fleet of cruise ships.
5+ YOE5+ MgmtResponsible for leading third‑party risk and GRC programs; requires 5+ years in information security/IT/risk/audit, 5+ years managing projects/teams, info security certification (e.g., CISSP, CISM), GRC platform experience.
ServiceNow GRC, RSA Archer, MetricStream, NIST CSF, ISO 27001
2mo
Save
Mark Applied
Hide
Senior Manager, Security GRC
Denver or São Paulo or Colombia or Argentina or United States or Brazil or Costa Rica
RemoteContract
AspenView: Provides nearshore software engineering and digital transformation services.
12+ YOE5+ Mgmt12+ years in cybersecurity with 5+ years leading enterprise GRC; CISSP or CISM required, CRISC or CGEIT preferred; expertise in NIST, ISO, SOX, GDPR, CMMC; executive advisory and team leadership skills.
NIST CSF, NIST RMF, ISO 27001, ISO 31000, SOX, GDPR, CMMC
4d
Save
Mark Applied
Hide
Sr. Director, GRC, IT Controls & Cyber Culture, Orthopedics
Raritan or West Chester or Palm Beach Gardens or Warsaw or Raynham
$178k-$307k/yr HybridFull Time
Johnson & Johnson
Johnson & JohnsonNYSE: JNJ: Provides pharmaceutical products and medical technology healthcare solutions.
12+ YOE12+ years cybersecurity/GRC experience, bachelor\u0002s required (master\u0002s preferred), proven experience building enterprise GRC, SOX/IT controls, audit readiness, and leading cybersecurity teams; travel up to 20%.
3w
Save
Mark Applied
Hide
Lead GRC Analyst (IT/Security)
Austin, Texas, United States
OnsiteFull Time
Ultra Clean Holdings
Ultra Clean HoldingsNASDAQ: UCTT: Provides critical subsystems and cleaning services for semiconductor manufacturing.
3+ YOE3+ years in IT governance, risk, compliance, audit, or related field; bachelor's degree or equivalent experience; professional certifications (CRISC, CISA, CISM, CISSP) preferred; experience with control testing, risk registers, third-party risk, and audit readiness.
CIS, NIST CSF, ISO 27001, SOC 2, SOX, ITGC
2w
Save
Mark Applied
Hide
GRC SOX Project Lead
Atlanta, Georgia, United States
OnsiteFull Time
Tech Mahindra
Tech MahindraNational Stock Exchange of India: TECHM: Global provider of information technology and business process services.
6+ YOEBachelor's degree required; 6+ years experience in SOX/ITGC with expertise in control design, operating effectiveness, deficiency management, evidence validation, audit support, and remediation advisory.