Every nation has data. Few can protect it. Fewer still can act on it.
Dream is the sovereign AI and national cyber-defense company for governments.
We help nations secure their most critical systems, connect fragmented information at a national scale, and turn their most sensitive data into decisions, all fully sovereign.
This is more than a job. It's a Dream job, where you'll work at a global scale alongside some of the best AI researchers, cyber operators, and government experts in the world.
The mission only works if the company behind it does. This role keeps Dream running at the scale our work demands. And our work demands a uniquely global scale.
The Dream JobWe are looking for a GRC Lead to establish, implement, and maintain a cross-organizational GRC program that supports the organization's growth and security objectives. This role will work closely with IT, Security, Legal, HR, and business stakeholders to develop and enforce governance processes, manage security and business risks, support compliance initiatives, and build a scalable security framework that enables business growth.
The Dream-Maker Responsibilities- Develop and maintain the organization's information security governance framework, including policies, standards, and procedures.
- Establish and manage the enterprise security risk management process and maintain the corporate risk register.
- Lead compliance initiatives and support external certifications and regulatory requirements.
- Coordinate internal and external audits, including evidence collection, control reviews, and remediation tracking.
- Develop and manage third-party/vendor risk assessment processes.
- Monitor compliance with internal policies and security standards.
- Support security awareness and policy communication across the organization.
- Track security findings and remediation activities, providing regular reporting to management.
- Partner with IT and Security teams to ensure governance processes align with operational realities and business objectives.
- 5+ years of experience in GRC, Information Security, or a related governance, risk, or compliance role.
- Certified by CISM, CISSP, CRISC, CISA.
- Experience and understanding of common security frameworks and standards (e.g., ISO 27001, NIST CSF, SOC 2, CIS Controls, GDPR, and/or similar frameworks).
- Ability to build new processes and work independently in a growing organization.
- Experience developing and maintaining security policies, standards, procedures, control matrices, evidence repositories, and audit documentation.
- Experience with cloud security concepts and best practices across AWS and Azure, including IAM, logging and monitoring, configuration management, and observability.
- Excellent communication and stakeholder management skills, with the ability to collaborate effectively across IT, Security, Engineering, Legal, HR, and business teams.
- Ability to work across technical and business teams, balancing security, compliance, and business objectives.
- Self-driven, hands-on, and comfortable establishing new processes, driving initiatives independently, and operating effectively in a fast-growing organization.
If you think this role doesn't fully match your skills but are eager to grow and break glass ceilings, we’d love to hear from you!
Skills Required
- 5+ years of experience in GRC, Information Security, or related governance, risk, or compliance role
- Experience and understanding of security frameworks and standards (ISO 27001, NIST CSF, SOC 2, CIS Controls, GDPR, CISM, CISSP, CRISC, CISA, or similar)
- Ability to build new processes and work independently in a growing organization
- Experience developing and maintaining security policies, standards, procedures, control matrices, evidence repositories, and audit documentation
- Experience with cloud security concepts and best practices across AWS and Azure, including IAM, logging and monitoring, configuration management, and observability
- Excellent communication and stakeholder management skills
- Ability to work across technical and business teams, balancing security, compliance, and business objectives
- Self-driven, hands-on, comfortable establishing new processes and driving initiatives independently in a fast-growing organization
What We Do
Dream is a pioneering AI cybersecurity company delivering revolutionary defense through artificial intelligence. Our proprietary AI platform creates a unified security system safeguarding assets against existing and emerging generative cyber threats. Dream's advanced AI automates discovery, calculates risks, performs real-time threat detection, and plans an automated response. With a core focus on the "unknowns," our AI transforms data into clear threat narratives and actionable defense strategies. Dream's AI cybersecurity platform represents a paradigm shift in cyber defense, employing a novel, multi-layered approach across all organizational networks in real-time. At the core of our solution is Dream's proprietary Cyber Language Model, a groundbreaking innovation that provides real-time, contextualized intelligence for comprehensive, actionable insights into any cyber-related query or threat scenario.


.png)






