Product GRC Subject Matter Expert
Posted 2026-05-05
Remote, USA
Full-time
Immediate Start
- Job Description:
- Build and maintain compliance frameworks (controls, evidence requirements, implementation guidance for SOC 2, ISO/IEC 27001 & 27701, HIPAA, PCI DSS, NIST CSF, NIST SP 800-53, GDPR/CCPA)
- Design crosswalks and mappings; maintain bidirectional crosswalks and operationalize mappings in-product
- Define content quality standards, establish QA processes and metrics
- Drive end-to-end GRC product enablement: modular content for risk management, POA&M, policy management, access reviews, Trust Center artifacts, third-party risk management
- Act as product advisor in discovery & design; author PRDs/acceptance criteria
- Author automated tests & continuous monitoring; translate controls into spec-level automated tests, pair with Engineering to implement detectors
- Partner with Product to drive roadmap and own backlog for framework/content improvements
- Enable AI-assisted compliance: translate SME knowledge into machine-readable specs, design LLM-powered guidance, define evaluation sets and safety guardrails
- Synthesize feedback from customers, auditors, partners, and internal teams to iterate and resolve issues
- Requirements:
- 5-7+ years in GRC and/or Information Security with hands‑on implementation or assessment across multiple frameworks (e.g., SOC 2, ISO 27001/27701, HIPAA, PCI DSS, NIST CSF/800‑53)
- Experience with cloud environments and SaaS is strongly preferred
- Federal experience (e.g., FedRAMP) is a plus
- Bachelor’s degree in Computer Science preferred; advanced degree a plus
- Deep understanding of controls, risks, testing approaches, evidence standards, and program operations
- Ability to translate requirements into productizable capabilities; comfort with experimentation and data‑driven prioritization
- Technical & automation skills: experience with AI tools, simple automations, integrations (Sheets/Airtable, APIs, webhooks), and designing AI-augmented workflows
- Skilled at precise control wording, mapping accuracy, and evidence specificity; comfortable working in spreadsheets and large data sets
- Excellent written and verbal communication; ability to partner with engineers, designers, GTM teams, auditors, and customers
- Self-motivated, independent, adaptable in a fast-paced environment
- Nice-to-have: Experience with privacy regulations (GDPR/CCPA), risk quantification (e.g., FAIR), audit/assessor background, or B2B SaaS content/enablement
- Preferred certifications: CISA, CISSP, CCSK/CCSK+, ISO 27001 Lead Implementer/Lead Auditor, CIPM/CIPT, PCI‑ISA/QSA
- Benefits:
- Industry-competitive compensation
- 100% covered medical, dental, and vision benefits with dependents coverage
- 16 weeks fully-paid parental Leave for all new parents
- Health & wellness and remote workplace stipends
- Family planning benefits through Carrot Fertility
- 401(k) matching
- Flexible work hours and location
- Open PTO policy
- 11 paid holidays in the US
- Offices in SF, NYC, London, Dublin, and Sydney