Jobs · Information Technology · California

Senior Security GRC Lead

Gong · San Francisco, CA · 3 wk ago
Information Technology$121k–$185k/yrFull-time

About the role

Gong harnesses the power of AI to transform how revenue teams win. The Senior GRC Security Lead will design and implement Gong’s Common Controls Framework, establish a risk process and register, and own the full policy, standards, and exceptions management lifecycle.

Responsibilities

  • Design and implement Gong’s Common Controls Framework, mapping controls across various frameworks.
  • Rationalize overlapping requirements across frameworks to reduce compliance burden and create a single source of truth for control ownership.
  • Partner with Engineering, Infrastructure, and Product Security to embed controls at the architecture level.
  • Establish control testing methodology, evidence collection standards, and continuous control monitoring processes.
  • Serve as the subject-matter expert on control mapping during customer and external audits, RFPs, and enterprise sales engagements.
  • Build Gong’s product & enterprise risk register from the ground up, defining risk taxonomy, scoring methodology, risk appetite thresholds, and ownership models.
  • Implement a GRC platform and system of record, and create executive level dashboards to track vulnerability, risk, and control remediation.
  • Create and maintain risk treatment plans in partnership with risk owners across the business, tracking remediation milestones and escalating blockers.
  • Develop executive-level risk reporting cadences and dashboards for the Head of GRC and senior leadership.
  • Own the complete lifecycle of Gong’s information security policy suite, including creation, review cycles, version control, and employee acknowledgment tracking.
  • Establish and operate a formal exceptions management program, including intake, risk assessment, approval workflows, compensating controls, and periodic review.
  • Ensure policies remain aligned with evolving regulatory requirements, industry frameworks, and Gong’s rapidly changing technology environment.
  • Drive policy adoption through clear communication, training support, and cross-functional partnership.
  • Liaise with external auditors and certification bodies for SOC 2, ISO, and other certifications.

Qualifications

  • 7+ years of progressive experience in GRC, Information Security, or a closely related function.
  • Deep expertise across multiple compliance and security frameworks, including SOC 2 Type II, ISO 27001, NIST CSF, and at least one regulatory framework (GDPR, CCPA, HIPAA, or equivalent).
  • Strong policy and standards writing ability, capable of translating complex regulatory language into clear, actionable documentation.
  • Experience conducting and managing product & enterprise risk assessments, with a working knowledge of risk quantification methodologies.
  • Proven ability to manage and communicate with senior stakeholders, including Legal, Engineering, and executive audiences.
  • Bachelor’s degree in Information Security, Computer Science, Business, or a related field; equivalent practical experience considered.
  • Relevant certifications strongly preferred: CISSP, CISM, CRISC, CISA, CCSP, or comparable credentials.

Similar jobs

Senior Security GRC Lead

GongAustin, CO· 3 wk ago
Information Technology$121k–$185k/yrapply on job-boards.greenhouse.io

Senior Security GRC Lead

GongNew York, NY· 3 wk ago
Information Technology$121k–$185k/yrapply on job-boards.greenhouse.io

Senior Security GRC Lead

GongChicago, IL· 3 wk ago
Information Technology$121k–$185k/yrapply on job-boards.greenhouse.io

Senior Security GRC Lead

GongSalt Lake City, UT· 3 wk ago
Information Technology$121k–$185k/yrapply on job-boards.greenhouse.io

Senior GRC Lead

BrexSeattle, WA· 1 wk ago
Information Technology$154k–$192k/yrapply on brex.com

Senior GRC Lead

BrexSan Francisco, CA· 1 wk ago
Information Technology$154k–$192k/yrapply on brex.com