Manager, Governance, Risk & Compliance (GRC)

What You’ll Do

• Manage a team to drive the development and maintenance of policies, control objectives, standards, controls, processes, and guidelines.
• Be an advocate for compliance best practices and the point of contact for stakeholders from departments throughout the company. 
• This role has management/supervisory responsibilities over junior employees.
• Own and evolve the internal controls framework, ensuring new and existing controls are effectively designed, documented, tested, and continuously improved.
• Partner with business and technical leaders to embed compliance and risk management into day-to-day operations, balancing business enablement with regulatory obligations.
• Drive audit readiness and execution by leading preparation for annual SOC 1, SOC 2, and ISO assessments—coordinating stakeholders, reviewing evidence, and managing auditor relationships.
• Develop and maintain policies and standards that align with industry best practices, regulatory requirements, and FloQast’s evolving business model.
• Proactively monitor compliance performance, performing root cause analyses for identified issues and overseeing remediation efforts.
• Serve as a trusted advisor and advocate for security and compliance, engaging with teams across the company to foster a strong risk-aware culture.
• Lead cross-functional initiatives in support of new business initiatives, customer requirements, and continuous improvement projects.
• Support customer assurance activities, including completion of security questionnaires and participation in customer discussions.

What You’ll Bring

• 4+ years of risk and compliance experience, with minimum of 1 year experience managing a team to successfully facilitate regulatory compliance.
• Proven experience with security, privacy, and compliance frameworks such as SOC 1, SOC 2, ISO 27001, ISO 27701, PCI, or HIPAA.
• Strong understanding of information security and privacy principles, including how to operationalize them in a SaaS environment.
• Exceptional communication and relationship-building skills with the ability to influence stakeholders at all levels.
• Experience leading information technology or information security audits.

Nice To Haves/Other

• Familiarity with NIST, CIS, or other security frameworks.
• Experience in a high-growth SaaS or software development environment.
• Track record of driving cross-functional initiatives that improved compliance maturity or reduced risk.
• A collaborative, entrepreneurial mindset with the ability to thrive in a fast-paced, dynamic environment.
• Certification preferred in one of the following: CompTIA, CISSP, CISA, CISM, Cloud platforms such as AWS, Azure or GCP