CloudZero: Platform for cloud cost intelligence and FinOps optimization.
5+ YOE5+ years in governance, risk, and compliance, SaaS/cloud focus; SOC 2/audit experience; knowledge of COSO/ISO 31000/NIST RMF; GDPR/CCPA controls.
Sydney or Melbourne or San Francisco or London or United States
HybridFull Time
Deputy: Workforce management software for scheduling and managing hourly employees.
5+ YOE5+ years GRC experience in a fast-paced SaaS environment; hands-on audit execution; expertise in ISO 27001, SOC2, PCI-DSS and emerging AI standards; policy writing, risk assessments, and stakeholder engagement; advanced security/privacy certs preferred.
ISO 27001, SOC2, PCI-DSS, ISO 42001 (AI), NIST AI, NIST Privacy Framework
OpenAI: Develops artificial intelligence models and generative AI software services.
Experienced GRC/product assurance professional with product launch review, customer trust, and security compliance experience; able to build operating models, automation, metrics, and clear customer-facing security narratives.
Form Energy: Developing multi-day batteries for grid-scale energy storage.
10+ YOE5+ Mgmt10+ years in cybersecurity/IT GRC with 5+ years leadership; deep ITGC, IAM, EDR/MDR, vulnerability management, incident response, and audit liaison experience; ISO 27001/SOC 2/NIST familiarity; strong executive communication.
Workato: Enterprise platform for automating business workflows and integrating applications.
8+ YOE8+ years in cybersecurity, audits, risk management, or compliance; hands-on FedRAMP experience; cloud security controls; strong communication; eligibility for federal programs.
AWS GovCloud, Azure Government, Google Cloud, NIST 800-53, FedRAMP, PCI-DSS, SOC 2, ISO 27001, 27701
Sierra: Conversational AI platform for building enterprise customer agents
10+ YOE3+ Mgmt10+ years in compliance/security/customer trust, 3+ years building/scaling customer-facing security programs, experience with regulated industries, knowledge of security frameworks and multi-cloud, and experience implementing trust automation platforms.
NIST 800-53, SOC 2, ISO 27001, PCI DSS, HIPAA, AWS, GCP, GDPR, UK GDPR, EU AI Act, SIG, CAIQ, ISO 42001, NIST AI RMF, CRM
SalesforceNYSE: CRM: Sells cloud-based customer relationship management and business software solutions.
3+ YOE3-5+ years FedRAMP and software security governance; project/program management; experience with GovCloud, and certifications like CISSP/CISA/CISM.
San Francisco or New York City or London or Sydney
$190k-$215k/yrOnsiteFull Time
Sigma Computing: Cloud-native analytics platform featuring a spreadsheet-style interface.
4+ YOE4+ years GRC experience in SaaS/tech, proven track record building GRC programs and leading SOC 2/ISO 27001/HIPAA audits, experience with ERM frameworks (COSO, ISO 31000, NIST RMF), data privacy (GDPR/CCPA), policy and control development, strong communication.
Risk Consulting - Risk Technology - Oracle GRC - Manager (New York, NY, US, 10001-8604)
New York or Atlanta or Boston or Chicago or Cleveland or Dallas or Detroit or Pittsburgh or Hoboken or Houston or Los Angeles or McLean or Miami or Minneapolis or North Carolina or Philadelphia or Portland or San Francisco or Seattle or Tampa
$150k-$260k/yrHybridFull Time
EY: Global firm providing audit, tax, and professional consulting services.
5+ YOEBachelor's or master's degree with ~5 years related experience; Oracle security/controls and controls testing experience; strong project management, client service, leadership, communication, analytical skills; valid US driver’s license and passport; willing to travel.
Delinea: Provides identity security and privileged access management software.
4+ YOE4+ years in technical advisory or customer success roles with deep expertise in GRC/IGA, Segregation of Duties, access reviews/certifications, audit evidence collection, and enterprise application integrations.
Fastpath, SAP, Oracle, Microsoft Dynamics, NetSuite, AuditBoard, Workiva
AdobeNASDAQ: ADBE: Provides software for digital media creation and marketing analytics
8+ YOE8–12+ years in strategy, business operations, risk management, or related fields; proven experience building metrics and executive reporting; able to engage and influence executives.
Tata Consultancy ServicesNational Stock Exchange of India: TCS: Global provider of IT services, consulting, and business solutions.
5+ years in cybersecurity/TPRM/GRC with hands-on experience running vendor assessments, managing CAPs, stakeholder escalation, and producing leadership reports.
Ivo: AI-powered contract review and intelligence platform for legal teams.
3+ YOE3–5 years GRC/InfoSec/IT audit experience; hands-on SOC 2 Type II, ISO 27001, CSA STAR, ISO/IEC 42001; experience with Vanta, audits, evidence management, risk assessments, policy maintenance, and strong communication skills.
United States or Canada or Columbus or Austin or San Francisco or New York City
$172k-$238k/yrRemoteFull Time
UpstartNasdaq: UPST: AI-powered lending marketplace for consumer and automotive loans.
8+ YOE3+ MgmtBachelor's or equivalent, 8+ years technology risk/information security/IT audit experience in banking, 3+ years people management, FFIEC/OCC regulatory experience, regulator engagement, and GRC program experience; professional certs preferred.
PenumbraNYSE: PEN: Designs and manufactures medical devices for vascular conditions.
8+ YOEBachelor's in accounting or information systems, 8+ years in IT SOX compliance/InfoSec/IT risk, experience with SOX 404, ITGCs/ITACs, SAP and GRC platforms preferred, strong communication and problem-solving skills.
DocuSignNASDAQ: DOCU: Provides electronic signature and agreement management software solutions.
8+ YOE8+ years in security risk management/GRC, bachelor’s in CS/InfoSec, experience with cloud (AWS/Azure/GCP), GRC platforms, risk quantification (FAIR), and security domain expertise; CISSP/CRISC/CISM preferred.
AWS, Azure, GCP, ServiceNow IRM, OneTrust, FAIR, Tableau, Power BI