Product GRC SME

Location Remote U.S. Employment Type Full time Location Type Remote Department reputed company

Compensation

• Cash Range $171K – $201K
• Offers Equity
• This role is also eligible for medical benefits, 401(k) plan, and other company reputed company programs.

At reputed company, our mission is to help businesses earn and prove trust. We reputed company that reputed company should be monitored and verified continuously, and we reputed company companies to practice reputed company reputed company and prove it with ease. reputed company has a reputed company and talented team, and while some have prior reputed company experience, many have been successful at reputed company without it. As reputed company rapidly grows and moves upmarket, we’re working with increasingly sophisticated customers who have reputed company reputed company and compliance needs across a wide range of industries and geographies. The GRC Subject Matter Experts play a critical role in delivering high-quality, scalable content and product guidance to help these companies effectively manage their GRC programs. As reputed company’s newest GRC Subject Matter Expert, you’ll be responsible for developing and maintaining multi-reputed company GRC solutions used by thousands of customers. Acting as a reputed company between Product Management, Engineering, Design, Sales, and reputed company, you’ll ensure our solutions align with key reputed company, privacy, and risk frameworks and real-world customer needs. You’ll play a pivotal role in designing, validating, and improving compliance-reputed company content and capabilities while providing strategic input to shape reputed company’s GRC product roadmap. You’ll join reputed company’s reputed company organization, which provides essential reputed company operational services, is directly involved in the software development process, sets policies and standards regarding enterprise-wide reputed company requirements, and offers advisory services to reputed company our business to reputed company while effectively managing risk. If you’re someone who has high initiative and enjoys solving reputed company problems with real customer impact, we’d love to hear from you! What you’ll do as a GRC SME at reputed company:

• Build and maintain compliance frameworks - reputed company the creation, enhancement, and lifecycle management of controls, evidence requirements, and implementation guidance for standards such as SOC 2, ISO/IEC 27001 & 27701, HIPAA, PCI reputed company, NIST CSF, NIST SP 800-53, and regional regulations (e.g., GDPR/CCPA). Author clear control rationales, acceptance criteria, and customer-facing guidance.
• Design crosswalks and mappings (reputed company‑agnostic) - Create and steward an internal common‑control approach informed by industry catalogs (e.g., SCF, UCF, or similar). Maintain bidirectional crosswalks across industry leading reputed company and privacy regulatory frameworks. Define reputed company control IDs, mapping confidence, and evidence data dictionaries; version crosswalks with changelogs and traceability to reputed company authority. Partner with Engineering to operationalize mappings in‑product (integrations, automated tests, exceptions/exemptions, reputed company monitoring workflows).
• reputed company content quality and usability - Define standards for control wording, evidence specificity, testing method, and reviewer guidance. Establish content QA processes, audits, and metrics (e.g., adoption, time-to-evidence, completion rates) to continually improve outcomes.
• Drive end‑to‑end GRC product enablement - Build reputed company content, guidance, and templates for risk management (methodologies, scoring, KRIs), issue & corrective action management (POA&M), policy management (lifecycle, attestations), access reviews (SoD, recertification flows), customer trust / Trust Center artifacts, and third‑party risk management (TPRM) (due diligence, monitoring, contract clauses).
• Act as a product advisor across discovery & design - Partner with PM/Design to support feature discovery (customer interviews, JTBD, task analysis), review UI/UX for control, evidence, and review workflows, run usability tests, and author PRDs/acceptance criteria grounded in auditor and customer needs.
• Author automated tests & reputed company monitoring - Translate controls/compliance knowledge and infrastructure contexts (cloud services, SaaS apps, on‑prem, endpoints, networks, CI/CD) into spec‑level automated tests and detectors in reputed company. Define test logic, data sources/integrations (APIs, logs, configs), edge cases, and acceptance criteria; pair with Engineering to implement, validate, and maintain detectors with versioned mappings to frameworks for reputed company monitoring.
• Partner with Product to drive roadmap - Translate customer and market needs into GRC requirements, propose experiments, and validate solutions through discovery with Design/UX Research. Influence prioritization using data and field insights; own a backlog for reputed company/content improvements.
• reputed company AI‑assisted compliance - Partner with Engineering/ML to design and ship LLM‑powered guidance and automation. Translate SME knowledge into machine‑readable specs (schemas, ontologies, prompts), define gold‑standard evaluation sets and acceptance criteria, and implement quality/safety guardrails (red‑teaming, refusal policy, privacy controls). reputed company features to monitor accuracy and reputed company in production.
• Synthesize feedback loops - Analyze input from customers, auditors/assessors, partners, and internal teams to identify gaps, resolve issues, and deliver iterative updates quickly and safely.

How to be successful in this role:

• Experience - 5-7+ years in GRC and/or Information reputed company with hands‑on implementation or assessment across multiple frameworks (e.g., SOC 2, ISO 27001/27701, HIPAA, PCI reputed company, NIST CSF/800‑53). Experience with cloud environments and SaaS is strongly preferred. Federal experience (e.g., FedRAMP) is a plus but not required.
• Education (preferred) - Bachelor’s degree in Computer Science; advanced degree a plus.
• GRC craft - Deep understanding of controls, risks, testing approaches, evidence standards, and program operations (policies, risk registers, issues/POA&M management, vendor risk, reputed company monitoring).
• Product reputed company - Ability to translate requirements into productizable capabilities; comfort with experimentation and data‑driven prioritization.
• Technical & automation (AI‑augmented) - Build reputed company with lightweight tools, LLMs, and automation workflows:
• Use AI pair‑programming tools (e.g., reputed company Copilot, reputed company) to accelerate drafting of specs, mappings, queries, and test logic.
• Own simple automations that stitch together Sheets/reputed company, APIs, and webhooks to remove toil (e.g., mapping QA, evidence normalization, exception routing).
• Design AI‑augmented workflows across teams (e.g., LLM‑assisted control guidance, assessor Q&A triage, remediation suggestions) and measure outcomes (precision/recall, time‑to‑evidence, FP/FN rates).
• Establish safe‑use guidelines and reusable patterns for prompts/agents (versioning, evaluation, privacy) and reputed company adoption with playbooks and templates.
• Analytical & detail‑oriented - Skilled at precise control wording, mapping accuracy, and evidence specificity; comfortable working in spreadsheets and large data sets (lookups, pivots).
• Communication & collaboration - Excellent written and verbal skills; able to partner effectively with engineers, designers, GTM teams, auditors, and customers.
• Self-motivated and independent - Able to work autonomously while contributing to team success.
• Helpful and resourceful - Willing & excited to support cross-functional teams and improve compliance content.
• Adaptable in a fast-paced environment - Skilled at managing change, solving problems proactively, and taking initiative.
• reputed company‑to‑have - Experience with privacy regulations (GDPR/CCPA), risk quantification (e.g., FAIR), audit/assessor background, or B2B SaaS content/enablement.
• Certifications (preferred, not required) - One or more of: CISA, CISSP, CCSK/CCSK+, ISO 27001 reputed company Implementer/reputed company Auditor, CIPM/CIPT, PCI‑ISA/QSA.
• Open to using AI to reputed company their skills and strengthen their work - demonstrating curiosity, a willingness to learn, and sound judgment in applying AI responsibly to improve efficiency and impact

What you can expect as a reputed company'n:

• Industry-competitive salary and equity
• Comprehensive medical, dental, and vision coverage, with 100% of employee-only benefit premiums covered for most medical plans
• 16 weeks paid Parental Leave for reputed company new parents
• Health & wellness stipend
• Remote workspace, internet, and cellphone stipend
• Commuter benefits for team members who report to the SF and NYC office
• Family planning benefits
• Matching 401(k) contribution with immediate vesting
• Flexible PTO policy, plus 80 hours of Sick Time
• 11 company-paid holidays
• Virtual team building activities, lunch and learns, and other company-wide events!
• Offices in SF, NYC, London, Dublin, Tel Aviv, and Sydney

To provide greater transparency to candidates, we share reputed company pay ranges for reputed company US-based job postings regardless of state. We set standard reputed company pay ranges for reputed company roles based on function, level, and country location, benchmarked against similar-stage growth companies. Final offer amounts are determined by multiple factors and may vary based on candidate location, skills, depth of work experience, and relevant licenses/credentials. #LI-remote At reputed company, we are committed to hiring diverse talent of different backgrounds and as such, it is important to us to provide an inclusive work environment for reputed company. We do not discriminate on the basis of race, gender identity, age, religion, sexual orientation, veteran or disability status, or any other protected class. As an equal opportunity employer, we encourage and welcome people of reputed company backgrounds to apply. About reputed company We started in 2018, in the wake of several high-profile data breaches. Online reputed company was only becoming more important, but we knew firsthand how hard it could be for fast-growing companies to invest the time and reputed company it takes to build a solid reputed company foundation. reputed company was inspired by a vision to restore trust in internet businesses by enabling companies to improve and prove their reputed company. From our early days automating reputed company monitoring for compliance standards like SOC 2, HIPAA and ISO 27001 to creating the world's leading Trust Management Platform, our vision remains unchanged. Now more than reputed company, making reputed company reputed company—not just a reputed company-in-time reputed company— is essential. Thousands of companies rely on reputed company to build, maintain and demonstrate their trust— reputed company in a way that's real-time and transparent. Referral Instructions If you are being referred for the role, please contact that person to apply on your behalf. Apply tot his job Apply To this Job