About the Role
We are seeking an experienced professional to lead our Governance, Risk and Compliance (GRC) team. The successful candidate will play a crucial role in ensuring that our security governance, risk and compliance efforts are integrated, scalable and proactive.
Key Responsibilities:
* Lead the maintenance and continuous improvement of our ISO 27001-aligned Information Security Management System (ISMS).
* Oversee the control assurance program, ensuring robust evidence collection, control testing and continuous monitoring.
* Own key internal and external audit workstreams, including SOC 2, ISO 27001, Fed RAMP and customer audits.
* Drive the risk assessment lifecycle, embedding business, technical and supply chain risk perspectives.
* Enhance risk methodologies and tools, integrating real-time risk metrics into dashboards and governance forums.
* Support risk acceptance processes and facilitate cross-functional remediation plans.
* Monitor emerging regulations and translate them into actionable internal obligations.
* Manage customer security assessments and DDQs, enabling frictionless trust through reusable assurance artefacts.
* Coordinate timely and high-quality client responses and external assurance artefacts.
* Lead third-party security reviews and ensure governance controls are extended across the vendor lifecycle.
* Partner with procurement and legal to align contractual security requirements and risk acceptance criteria.
* Maintain the Info Sec policy lifecycle and track compliance across business units.
* Develop and maintain security governance metrics and reporting for the Chief Information Security Officer and wider executive team.
* Support the operation of governance forums and steering committees.
* Deliver targeted security training and awareness campaigns aligned to regulatory and business needs.
* Promote a security-aware culture of governance accountability and enablement across teams.
* Own and refine core GRC workflows, including documentation, issue tracking, evidence management and status reporting.
* Maintain and expand GRC tooling integrations, ensuring high-quality automation and reporting outputs.
-----------------------------------
Requirements
* A minimum of 10 years of experience in security governance, risk or compliance roles within SaaS or regulated industries.
* A strong track record of operationalising ISMS frameworks, managing control assurance and supporting external audits.
* Hands-on experience with GRC platforms, security metrics reporting and risk assessments.
* A proven ability to work across business, engineering and legal teams to embed governance effectively.
* Familiarity with modern regulatory landscapes and frameworks such as ISO 27001, SOC 2, GDPR, DORA, Fed RAMP and SEC Cyber rules.
* Strong communication skills, with the ability to create executive-level reporting and artefacts.
* Experience leading client assurance programs or third-party risk management.
* Professional certifications preferred.
-----------------------------------
About Us
We value diversity and believe that providing opportunities for everyone to be their authentic self is key to our success.
We work closely with popular communications platforms and leading cloud infrastructure platforms.
We use the latest AI/ML technology to help our customers break new ground at scale.
Come join us and find out what the best work of your career looks like.