🛠 Tech Stack

💼 About This Role

You'll own and scale governance, risk, and compliance programs at CloudZero, a fast-growing SaaS platform. You'll partner across Legal, Engineering, and Sales to build a GRC function that protects the business and enables sales velocity through automated security responses. This role has a hybrid schedule with 2-3 days per week in office.

🎯 What You'll Do

• Design and operate the GRC framework including risk management and compliance programs
• Own SOC 2 audits and certification programs across the organization
• Lead enterprise risk assessments and maintain a living risk register
• Own the security questionnaire process and build automation for response
• Manage business continuity, disaster recovery, and third-party risk programs

📋 Requirements

• 5+ years of experience in governance, risk, and compliance roles at a SaaS or cloud company
• Proven experience building or maturing a GRC program with hands-on SOC 2 audit involvement
• Working knowledge of risk management frameworks such as COSO, ISO 31000, or NIST RMF
• Solid understanding of GDPR and CCPA and how to translate obligations into controls

✨ Nice to Have

• Experience with Vanta or Drata for continuous compliance monitoring
• Familiarity with security frameworks such as NIST CSF, CIS Controls, or OWASP
• Professional certifications like CRISC, CISA, CISM, CISSP, or CIPP

🎁 Benefits & Perks

• 🏖️ Unlimited PTO
• 🏥 Comprehensive health insurance
• 💻 Remote-friendly culture
• 📈 Equity grants
• 🍕 Team lunches and events

📨 Hiring Process

Estimated timeline: 3-5 weeks · AI estimate

1. 1Recruiter phone screen· 30 min
2. 2Hiring manager interview· 45 min
3. 3Technical / cross-functional interview· 60 min
4. 4Final round with leadership· 45 min

🚩 Heads Up

• Mixes GRC, sales engineering, and contract negotiation into one role, suggesting scope creep