GRC Lead

Nooks is the AI Sales Assistant Platform (ASAP) that automates the busywork so reps can focus on the human part of selling and generate more sales pipeline. Nooks has helped thousands of sales reps hit quota, saved customers hundreds of thousands of hours, and powered hundreds of millions of dollars in pipeline. Nooks is loved by sales teams at companies like Hubspot, Rippling, and Toast, and hundreds more.

For more information, visit Nooks.ai http://Nooks.ai.

We are seeking a skilled Governance, Risk, and Compliance (GRC) Lead with a minimum 5 years of experience in GRC, information security, risk management, or compliance to join our team. In this role, you will help ensure that our organization maintains compliance with regulatory frameworks, and manages enterprise risks effectively. You will work cross-functionally with Legal, Security, GTM, and Operations teams to strengthen our governance posture and mitigate risk across the business.

Governance & Policy Management

• Maintain and update information security, privacy, and compliance policies.

• Assist policy governance and internal control documentation.

• Administer and improve customer-facing GRC tools

Risk Management

• Lead and execute risk assessments, control testing, and remediation tracking across security, privacy, and operational domains.

Compliance Management

• Manage adherence to regulatory standards such as ISO 27001, SOC 2, GDPR, CCPA and other emerging frameworks.

• Oversee internal and external audits, evidence collection, and gap remediation.

Security Questionnaire Process Oversight

• Lead and improve the process for responding to customer security questionnaires and RFPs, ensuring accuracy and consistency.

• Develop standardized templates, maintain an updated knowledge base, and streamline workflows for faster, consistent responses

Third-Party Risk Management

• Conduct and oversee vendor and partner risk assessments, monitor subprocessor obligations, and maintain third-party risk dashboards.

Monitoring & Reporting

• Develop and present dashboards and executive reports on enterprise risk, compliance health, and audit readiness.

Training & Awareness

• Assist with the design, rollout, and tracking of security awareness and compliance training initiatives.

• Bachelor’s degree in Information Security, Risk Management, Business, or a related field (or equivalent experience).

• Minimum of 5 years of experience in GRC, information security, risk management, or compliance roles.

• Familiarity with industry frameworks and standards such as ISO 27001, SOC 2, GDPR, CCPA

• Hands-on experience supporting audits and certifications against frameworks such as ISO 27001, SOC 2, GDPR, CCPA

• Familiarity with compliance automation and customer trust platforms (e.g., Drata, Vanta, Safebase) and/or enterprise GRC platforms

• Strong analytical, organizational, and problem-solving skills.

• Excellent written and verbal communication abilities for policy documentation and audit interactions.
  

• Professional certifications such as CISA, CRISC, ISO 27001 Lead Implementer, or similar.

• Strong Understanding of global privacy regulations (CCPA, GDPR).

• Experience supporting compliance reviews or audits of AI-enabled products, including data governance, bias/risk assessments, or model transparency requirements.

• Familiarity with AI governance frameworks (e.g., EU AI Act, NIST AI Risk Management Framework, ISO/IEC 42001) and experience assessing risks related to AI/ML systems.

• Competitive salary and benefits package

• Opportunity to work with cutting-edge technologies in a fast-growing organization.

• A collaborative and security-first culture.

Nooks is an equal opportunity employer committed to fostering a diverse and inclusive workforce. We believe in providing equal employment opportunities to all individuals regardless of race, color, religion, gender, gender identity, sexual orientation, national origin, age, disability, veteran status, or any other characteristic protected by law.

Nooks does not discriminate in hiring, promotion, compensation, or any other employment practices, and we are committed to ensuring a workplace that is free from discrimination, harassment, and retaliation. We encourage individuals from all backgrounds to apply and join our team.