Jobs · Finance · Virginia

Governance Risk Compliance (GRC) Manager

Antithesis · Vienna, VA · 1 mo ago
On-siteFinance$140k–$170k/yrFull-time

About the role

We are looking for our first dedicated GRC hire. This is an ownership, hands-on role. You will build and run our compliance program end-to-end — not as a support function, but as a core part of how we earn and keep customer trust.

Responsibilities

  • Own our SOC 2 audit end-to-end, including the transition from point-in-time to a rolling 12-month window

  • Serve as the primary liaison with our external auditors

  • Maintain the evidence repository and ensure controls are documented, tested, and current

  • Own and maintain Vanta as the system of record for our compliance program

  • Maintain and continuously improve our policy library — keeping policies accurate, readable, and actually followed

  • Run the GRC calendar: tabletop exercises, prepare security committee meetings, security awareness training, and annual reviews

  • Identify control gaps and drive remediation across Engineering, IT, HR, and Operations

  • Own and manage the trust center

  • Manage the inbound security questionnaire queue for enterprise sales — turn these around quickly and accurately with a sales-forward mindset to accelerate deals

  • Support vendor security reviews on both sides: evaluating vendors we onboard and participating in customer-side reviews of us

  • Maintain the risk register and lead regular risk review cadences

  • Identify, document, and escalate risks across people, vendors, and infrastructure

  • Support Engineering and Infra lead these, but you keep them on-track and ensure findings are tracked and remediated

  • Lay groundwork for future frameworks as the business requires: e.g., ISO 27001, GDPR, FedRAMPS

  • Support Legal and commercial contracting on security-related clauses and DPAs

  • Support HR policy development in partnership with the Head of HR, including security-related employee policies, acceptable use, and onboarding/offboarding procedures

Requirements

  • Required: 3–5 years of GRC, compliance, or IT audit experience, ideally in a SaaS or highly technical environment

  • Hands-on experience with multiple SOC 2 audits — not advisory, not adjacent, but in the room with the auditors and owning the evidence

  • Strong written communication (including customer-facing communications) and comfortable writing policy, not just reviewing it

  • Ability to learn quickly in a fast-paced, high-growth environment

  • Relevant certifications: CISA, CISSP, CISM, CCSK, or similar

  • Familiarity with ISO 27001, GDPR, or FedRAMP frameworks

  • Experience supporting Legal on DPAs or commercial security schedules

  • Experience owning or heavily using a GRC tool (Vanta preferred)

Compensation Range

$140K - $170K

Similar jobs

GRC Risk Manager

ArmAustin, TX· 1 wk ago
Finance$165k–$223k/yrapply on careers.arm.com

IDC General Manager

Lowe's Companies, Inc.Suffolk, VA· 2 wk ago
Managementapply on talent.lowes.com

DCC General Manager

Dakota Sioux Casino & HotelSisseton, SD· 3 mo ago
Managementapply on recruiting2.ultipro.com

General Manager

Crunch Fitness - Fit Fusion, LLCWestminster, CO· 1 mo ago
Managementapply on crunch-fitness-fit-fusion-llc.careerplug.com

General Manager

Nothing Bundt CakesOrlando, FL· 12 mo ago
Managementapply on careers.hireology.com

General Manager

Checkers & Rally’s Drive-In RestaurantsLittle Rock, AR· 2 wk ago
Managementapply on apply.checkers.com