Manager, Security Governance Risk & Compliance

Posted 7 Hours Ago
Be an Early Applicant
2 Locations
In-Office
113K-169K Annually
Senior level
Artificial Intelligence • Cloud • Consumer Web • eCommerce • Information Technology • Software
We Mean Business.
The Role
Lead and run enterprise compliance and audit programs (PCI DSS 4.0, SOC 2, ISO 27001, SOX) across multiple business units. Manage external auditors and control-owner relationships, drive continuous audit readiness, track remediation, maintain PCI scope/ISA functions, and integrate a multi-framework Secure Controls Framework into BAU. Provide GRC leadership on architecture and product changes and mature cloud-native compliance practices.
Summary Generated by Built In
Welcome to the Agentic Commerce Era

At Commerce, our mission is to empower businesses to innovate, grow, and thrive with our open, AI-driven commerce ecosystem. As the parent company of BigCommerce, Feedonomics, and Makeswift, we connect the tools and systems that power growth, enabling businesses to unlock the full potential of their data, deliver seamless and personalized experiences across every channel, and adapt swiftly to an ever-changing market. We believe in harnessing AI responsibly to unlock new possibilities, and we’re looking for individuals who use it intentionally to solve problems, accelerate outcomes, and expand what’s possible in their role. Our purpose is to help businesses confidently solve complex commerce challenges so they can build smarter, adapt faster, and grow on their own terms. If you want to be part of a team of bold builders, sharp thinkers, and technical trailblazers who shape the future of commerce, this is the place for you.

As a Manager of Security GRC, you will lead our compliance programs and serve as the strategic owner of our audit portfolio at Commerce. You will oversee our most critical certification and regulatory programs — including PCI DSS, SOC 2, ISO 27001, and other security audits — ensuring compliance is embedded into our "business as usual" (BAU) operations and that our control environment is continuously audit-ready across Commerce, Feedonomics, and Makeswift.

You will serve as the organizational bridge between Engineering, Infrastructure, Legal, Privacy, and external auditors, translating complex regulatory requirements into clear, executable programs. A core part of this role is working directly with control owners across all business units to ensure they understand their obligations, maintain evidence, and operate within the control framework. This role reports into our GRC function and leads a team of analysts responsible for audit success and control framework integrity.

What You'll Do:

  • Audit Ownership: Own the end-to-end lifecycle of Commerce's core audit programs — PCI DSS 4.0, SOC 2 Type 2, ISO 27001, and SOX — across Commerce, Feedonomics, and Makeswift, including scoping, evidence strategy, auditor management, and final report outcomes.

  • Control Owner Engagement: Partner with control owners across all three business units to ensure they understand their compliance obligations, maintain audit-ready evidence, and operate effectively within the BC Secure Controls Framework on an ongoing basis.

  • External Auditor Relationships: Serve as the primary point of contact for QSAs, external auditors, and certification bodies. Defend the control environment, manage audit timelines, and minimize disruption to technical teams.

  • Continuous Audit Readiness: Drive the operationalization of audit requirements into BAU workflows across all business units, reducing reliance on point-in-time evidence collection and eliminating audit fatigue organization-wide.

  • Findings & Remediation: Own the tracking and closure of audit findings and control gaps across Commerce, Feedonomics, and Makeswift. Partner with control owners to deliver pragmatic, risk-informed remediation plans within defined timelines.

  • PCI 4.0 Evolution: Direct the ongoing maturity of Commerce's PCI DSS 4.0 program, including Targeted Risk Analyses (TRAs), customized approach applicability, and annual assessment planning.

  • Scoping & Segmentation: Partner with Cloud Engineering to validate and maintain PCI scope across Commerce's global footprint, ensuring effective network segmentation and data flow isolation.

  • ISA Oversight: Manage and support ISA-designated personnel; ensure the ISA function operates with rigor and consistency aligned to PCI Council standards.

  • Integrated Controls Framework: Oversee Commerce's Secure Controls Framework (SCF), built from NIST, ISO 27001, and PCI DSS, ensuring controls are designed, tested, and documented to satisfy multiple regulatory obligations simultaneously across all business units.

  • Compliance by Design: Provide GRC leadership on architectural reviews, product launches, and infrastructure changes across Commerce, Feedonomics, and Makeswift to ensure regulatory requirements are addressed upstream — not as an afterthought.

  • Regulatory Intelligence: Stay ahead of emerging requirements across PCI, SOC, and ISO 27001:2022, translating regulatory changes into actionable program updates.

Who You Are:

  • Experience: 6–10 years in Information Security, IT Audit, or GRC, with demonstrated ownership of enterprise-level audit programs (PCI, SOC 2, ISO 27001, or SOX).

  • Audit Fluency: Proven track record managing Level 1 Service Provider assessments and navigating complex, multi-framework audit environments spanning multiple business units or legal entities.

  • Control Owner Partnership: Demonstrated ability to work cross-functionally with control owners and operational teams, holding stakeholders accountable to their compliance obligations while maintaining strong working relationships.

  • Regulatory Expertise: Deep working knowledge of PCI DSS 4.0, ISO 27001:2022, SOC 2 Trust Service Criteria, and SOX IT general controls.

  • Leadership Presence: Ability to influence and manage cross-functional stakeholders at all levels — from engineers to executives — with clarity, diplomacy, and conviction.

  • Communication: Skilled at translating compliance requirements into business-relevant language that drives enablement rather than friction.

  • Certification: PCI ISA, CISA, CISSP, or equivalent audit/security certification strongly preferred.

  • Big 4 Experience: Prior experience at a Big 4 advisory or audit firm (Deloitte, PwC, EY, KPMG) in an IT audit, risk advisory, or security compliance capacity is a strong plus.

  • Cloud Security: Experience applying GRC frameworks in cloud-native environments and familiarity with modern cloud security tooling.

  • You lead with the "Why": You build compliance programs that improve security posture — not just check boxes. Your teams and control owners understand the intent behind every requirement.

  • Strategically Grounded, Technically Fluent: You can hold your own in a conversation about IAM policies or network segmentation, and you can turn that same conversation into an executive briefing.

  • Multi-Entity Mindset: You are comfortable operating across distinct business units with different tech stacks, cultures, and maturity levels — bringing consistency to the control framework without losing sight of context.

  • Calm Under Audit Pressure: You thrive in high-stakes audit cycles and know how to keep teams focused, organized, and confident when external scrutiny is highest.

(US Pay Transparency Range: $112,870.00 - $169,306.00)

#LI-RA1

Inclusion and Belonging

At Commerce, we believe that celebrating the unique histories, perspectives and abilities of every employee makes a difference for our company, our customers and our community. We are an equal opportunity employer and the inclusive atmosphere we build together will make room for every person to contribute, grow and thrive.

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the interview process, to perform essential job functions and to receive other benefits and privileges of employment. If you need an accommodation in order to interview at Commerce, please let us know during any of your interactions with our recruiting team.

Learn more about the Commerce team, culture and benefits at https://www.commerce.com/careers/

Protect Yourself Against Hiring Scams: Our Corporate Disclaimer 

Commerce, along with many other employers, has become the subject of fraudulent job offers to hopeful prospective job seekers.
Be advised:
Commerce does not offer jobs to individuals who do not go through our formal hiring process.
Commerce will never:

  • require payment of recruitment fees from candidates;

  • request personally identifiable information through unsanctioned websites or applications;

  • attempt to solicit money from you as part of the hiring process or as part of an employment offer;

  • solicit money to complete visa requirements as part of a job offer.

If you receive unsolicited offers of employment from Commerce, we urge you to be extremely cautious and avoid engaging or responding.

Skills Required

  • 6-10 years in Information Security, IT Audit, or GRC with ownership of enterprise-level audit programs (PCI, SOC 2, ISO 27001, or SOX).
  • Proven track record managing Level 1 Service Provider assessments and multi-framework audit environments across multiple business units or legal entities.
  • Demonstrated ability to partner with control owners and operational teams to maintain audit-ready evidence and ensure control effectiveness.
  • Deep working knowledge of PCI DSS 4.0, ISO 27001:2022, SOC 2 Trust Service Criteria, and SOX IT general controls.
  • Experience applying GRC frameworks in cloud-native environments and familiarity with modern cloud security tooling.
  • Experience leading a team of analysts responsible for audit success and control framework integrity.
  • Ability to influence cross-functional stakeholders at all levels and communicate compliance requirements in business-relevant language.
  • PCI ISA, CISA, CISSP, or equivalent audit/security certification.
  • Prior Big 4 advisory or audit firm experience in IT audit, risk advisory, or security compliance.

What the Team is Saying

Jason Schmitt
Gloriana Berry
Tiffany Croom
Tiffany Croom
Larry Choate
Madison Buchmeyer
Preston Huth

Commerce Compensation & Benefits Highlights

  • Healthcare Strength Multiple national medical options (PPO and HDHP), dental, vision, mental-health support, and EAP are provided; some plans indicate in-network coverage up to 100% depending on option.
  • Retirement Support A 401(k) with an employer match of 50% on the first 6% contributed sits alongside company-paid life insurance up to 3x salary and company-paid short- and long-term disability, signaling robust financial protection.
  • Leave & Time Off Breadth Salaried employees receive open (unlimited) vacation while hourly employees have a defined PTO bank, complemented by paid sick leave, a paid wellness day, and paid volunteer time.

Commerce Insights

Am I A Good Fit?
beta
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.

The Company
HQ: Austin, TX
1,200 Employees
Year Founded: 2009

What We Do

Commerce (Nasdaq: CMRC) empowers businesses to innovate, grow, and thrive through an open, AI-driven commerce ecosystem. As the parent company of BigCommerce, Feedonomics, and Makeswift, we help brands unlock the full potential of their data, connect systems, and deliver seamless, personalized experiences across every channel. Visit commerce.com or follow us for more. #PoweredByCommerce

Why Work With Us

Ask any employee what makes Commerce unique, they will tell you it's the people. The team is full of brilliant, dedicated individuals focused on revolutionizing the world of ecommerce. We foster a culture that encourages inclusion of every employee, celebrating our individuality and the values that bring us together.

Gallery

Gallery
Gallery
Gallery
Gallery
Gallery
Gallery
Gallery
Gallery
Gallery
Gallery

Commerce Offices

Hybrid Workspace

Employees engage in a combination of remote and on-site work.

Typical time on-site: 3 days a week
HQAustin
Ireland
Ukraine
Atlanta
London
Sydney
Learn more

Similar Jobs

Commerce Logo Commerce

Senior Software Engineer

Artificial Intelligence • Cloud • Consumer Web • eCommerce • Information Technology • Software
In-Office
2 Locations
1200 Employees
116K-195K Annually

Commerce Logo Commerce

Agentic & Platform Partnerships Director

Artificial Intelligence • Cloud • Consumer Web • eCommerce • Information Technology • Software
In-Office
Austin, TX, USA
1200 Employees

Commerce Logo Commerce

Business Systems Analyst

Artificial Intelligence • Cloud • Consumer Web • eCommerce • Information Technology • Software
In-Office
Austin, TX, USA
1200 Employees
93K-139K Annually

Commerce Logo Commerce

Search Engine Optimization Manager

Artificial Intelligence • Cloud • Consumer Web • eCommerce • Information Technology • Software
In-Office
Austin, TX, USA
1200 Employees
68K-130K Annually

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account