Velera: Integrated fintech and payment processing solutions for credit unions.
8+ YOE8+ years in cyber GRC or related fields, 5+ years in GRC program management, experience implementing GRC tools (Optro,Vanta,Drata,OneTrust), PCI/NIST/SOC audit experience, strong stakeholder and program skills.
Lendistry: Technology-enabled lender providing capital to small businesses.
3+ YOE3-5 years in GRC, data privacy, risk management; SOC 2 and GLBA; cloud experience (AWS/Azure); privacy engineering; CIPT/CDPSE required; CIPM/CISSP preferred; B.S. in CS/Info Security or equivalent.
SHEIN: Global online retailer selling affordable fashion and lifestyle products.
7+ YOE7+ years in information security risk management; bachelor’s degree; CISSP/CISM/CISA or ISO 27001 Lead Auditor desirable; strong standards knowledge; team leadership experience.
CloudZero: Platform for cloud cost intelligence and FinOps optimization.
5+ YOE5+ years in governance, risk, and compliance, SaaS/cloud focus; SOC 2/audit experience; knowledge of COSO/ISO 31000/NIST RMF; GDPR/CCPA controls.
Mattermost: Secure collaboration platform for defense and enterprise teams.
Owner of governance, risk, and compliance programs with federal and commercial experience; familiarity with NIST, CMMC, ISO 27001, SOC 2, third-party risk, and cloud security; strong communication and program leadership.
Claude, OpenAI, Gemini, Vanta, Drata, AWS, GCP, Azure, Microsoft Teams, Outlook, Microsoft 365
Sydney or Melbourne or San Francisco or London or United States
HybridFull Time
Deputy: Workforce management software for scheduling and managing hourly employees.
5+ YOE5+ years GRC experience in a fast-paced SaaS environment; hands-on audit execution; expertise in ISO 27001, SOC2, PCI-DSS and emerging AI standards; policy writing, risk assessments, and stakeholder engagement; advanced security/privacy certs preferred.
ISO 27001, SOC2, PCI-DSS, ISO 42001 (AI), NIST AI, NIST Privacy Framework
ModineNYSE: MOD: Manufactures thermal management systems and HVAC equipment.
5+ YOE5+ years in Information Security GRC, IT Audit, or IT Compliance with ITGC/SOX experience, GRC tool configuration, framework knowledge, strong process and project management skills.
SMBC GroupNew York Stock Exchange: SMFG: Provides global banking, investment, securities, and consumer finance services.
5+ YOEBachelor's in IT/InfoSec,5+ years IT audit/assurance experience,knowledge of IT controls,regulations and frameworks;strong communication,analytical and project management skills.
Vercel: Frontend cloud platform for building and hosting web applications.
3+ YOE3+ years supporting audit lifecycle in cloud environments; manage ISO/SOC/HIPAA/PCI compliance, collaborate with engineering, strong project management and communication; familiarity with cloud and GRC tools.
Denver or São Paulo or Colombia or Argentina or United States or Brazil or Costa Rica
RemoteContract
AspenView: Provides nearshore software engineering and digital transformation services.
12+ YOE5+ Mgmt12+ years in cybersecurity with 5+ years leading enterprise GRC; CISSP or CISM required, CRISC or CGEIT preferred; expertise in NIST, ISO, SOX, GDPR, CMMC; executive advisory and team leadership skills.
NIST CSF, NIST RMF, ISO 27001, ISO 31000, SOX, GDPR, CMMC
VeracyteNASDAQ: VCYT: Provides genomic diagnostic tests for precise cancer diagnosis.
6+ YOE6+ years in audit, regulatory compliance, cybersecurity GRC, or risk management; hands-on IT SOX/ITGC experience; familiarity with COSO, NIST RMF, ISO 27001/27005; strong cross-functional leadership and audit management; Bachelor’s required.
Signet JewelersNYSE: SIG: Global retailer of diamond jewelry and professional jewelry services.
10+ YOELead governance, risk, and compliance program; 10+ years information security/risk; 2–3+ years GRC; strong frameworks; audits; bachelor’s degree; excellent communication and project management.
OpenAI: Develops artificial intelligence models and generative AI software services.
Experienced GRC/product assurance professional with product launch review, customer trust, and security compliance experience; able to build operating models, automation, metrics, and clear customer-facing security narratives.
Greystar: Provides global property management and real estate investment services.
8+ YOE2+ Mgmt8+ years in information security with 4+ years focused on GRC and 2+ years people-management. Bachelor's or equivalent, experience with risk management, third-party risk, compliance frameworks (ISO 27001, NIST, SOC 2), GRC platforms, cloud environments, and security awareness programs.
Hyperproof, OneTrust, Archer, AWS, GCP, Azure, SIG, CAIQ, ISO 27001, PCI DSS, SOX, GDPR, CCPA, ISO 42001, NIST AI RMF, SOC 2, NIST 800-53