Governance, Risk, and Compliance Manager
Decagon · San Francisco, CA · 1 wk ago
Finance$190k–$275k/yrFull-time
About the role
Join Decagon as a Compliance Manager and play a critical role in securing customer trust as we scale to serve Fortune 500 and international enterprises. Working closely with the head of security and compliance, you'll be responsible for the day-to-day execution of our compliance program and customer security engagements.
Responsibilities
- Drive compliance certifications including SOC 2 Type II, ISO 27001, PCI DSS, HIPAA, and CCPAA
- Automate or execute compliance evidence collection, ensuring all controls are properly documented and audit-ready
- Maintain and improve security documentation including policies, procedures, and customer-facing security collateral
- Support customer security assessments by preparing materials for security reviews and helping address technical inquiries from Fortune 500 security teams
- Coordinate with contractors and vendors to maintain response quality and meet timelines during peak sales periods
- Build and optimize repeatable processes to scale our GRC operations to hundreds of enterprise customers
- Partner with sales engineering to understand customer security requirements and proactively prepare responses for common concerns
- Partner with Sales and Customer Success to accelerate deal velocity by proactively addressing customer security concerns with published content
- Collaborate with Security, Engineering, and Product teams to translate compliance requirements into actionable technical controls and ensure new features meet regulatory standards
- Partner with Legal to manage vendor risk management programs and assess and monitor third-party security risks across our supply chain
Requirements
- 3-5 years of GRC experience in high-growth SaaS or technology companies, with direct responsibility for compliance programs
- Proven track record successfully contributing to SOC 2, ISO 27001, or similar enterprise compliance certifications
- Experience in data privacy regulations including CCPA, GDPR, and emerging AI governance frameworks
- Strong project management skills with ability to coordinate cross-functional teams under tight deadlines
- Excellent written and verbal communication skills to translate complex security concepts for diverse audiences
- Working knowledge of technical security controls and ability to collaborate effectively with engineering teams
Qualifications
- Experience with AI/ML compliance frameworks and understanding of unique risks in conversational AI systems
- Background in healthcare or financial services with knowledge of HIPAA or PCI requirements
- Track record of building GRC programs at companies scaling from startup to enterprise
- Understanding of cloud security particularly Google Cloud Platform compliance and security features
Skills
- Strong project management skills
- Excellent written and verbal communication skills
- Working knowledge of technical security controls
- Experience with GRC platforms like Vanta, Drata, or SecureFrame to automate compliance workflows
- Understanding of cloud security particularly Google Cloud Platform compliance and security features
Benefits
- Take what you need vacation policy (subject to local requirements; UK employees receive 25 days of statutory leave)
- Medical, Dental, and Vision benefits for you and your family
- Life Insurance and Disability Benefits
- Retail Plan (e.g., 401K, pension)
- Parental Leave
- Fertility and family building benefits through Carrot
- Daily lunches and snacks in the office to keep you at your best