Manager of Governance, Risk and Compliance (GRC)

SpyCloud is seeking a hands-on and operationally focused Manager of Governance, Risk and Compliance (GRC) to lead and mature critical compliance, governance, and risk management initiatives across the organization. This role will own day-to-day execution of SpyCloud’s compliance and security governance programs while helping scale operational processes that support the company’s security posture and customer trust objectives.

The ideal candidate brings strong experience operating security compliance programs within cloud-native and SaaS environments and has deep familiarity with frameworks such as SOC 2, ISO 27001, NIST, and CMMC 2.0. This individual will work cross-functionally with Privacy, Security Engineering, DevOps, Legal, Product Engineering, and business stakeholders to drive compliance readiness, risk mitigation, policy governance, third-party risk management, and audit coordination.

This role is highly collaborative and execution-oriented, requiring both strategic judgment and operational ownership. The Manager of GRC will also directly manage at least one team member while helping evolve SpyCloud’s overall security governance maturity.

• →Governance & Compliance Operations
• →Own and manage SpyCloud’s day-to-day GRC and compliance operations across multiple frameworks, including SOC 2, ISO 27001, NIST, and CMMC 2.0.
• →Lead internal and external audit coordination activities, evidence collection, remediation tracking, and control validation efforts.
• →Maintain and improve security policies, standards, procedures, and governance documentation.
• →Drive ongoing compliance readiness activities and operationalize scalable compliance processes across the business.
• →Partner closely with Legal, Security Engineering, DevOps, and Engineering teams to ensure alignment on security and regulatory requirements.
• →Risk Management
• →Conduct enterprise risk assessments and facilitate ongoing risk identification, tracking, remediation, and reporting processes.
• →Develop and maintain risk registers and support leadership reporting on security and compliance risks.
• →Lead third-party/vendor risk management activities, including security reviews and vendor assessments.
• →Support customer trust initiatives, including security questionnaires, compliance inquiries, and due diligence requests.
• →Cloud Security & Security Governance
• →Partner with DevOps and Security Engineering teams to strengthen cloud security governance across AWS and cloud-native environments.
• →Ensure security controls are aligned with compliance frameworks and operational best practices.
• →Support implementation and monitoring of governance controls related to cloud infrastructure, identity management, logging, vulnerability management, and secure development practices.
• →Contribute to ongoing security awareness and compliance education initiatives across the organization.
• →Leadership & Cross-Functional Collaboration
• →Manage and mentor direct report(s), supporting professional growth and operational excellence within the GRC function.
• →Collaborate with technical and non-technical stakeholders to drive accountability and operational maturity.
• →Help prioritize remediation efforts and compliance initiatives based on business risk and organizational goals.
• →Support the Senior Director of Governance, Risk and Information Security in scaling SpyCloud’s overall security governance program.

• Experience
• 6+ years of experience in Governance, Risk, and Compliance (GRC), Information Security, Security Compliance, or related fields.
• Demonstrated hands-on experience managing operational compliance programs within SaaS, cloud, or cybersecurity environments.
• Proven experience supporting and maintaining compliance frameworks such as:
• SOC 2
• ISO 27001
• NIST
• CMMC 2.0
• Experience leading audits, managing evidence collection, and coordinating remediation activities.
• Experience with third-party/vendor risk management and enterprise risk assessment processes.
• Experience working cross-functionally with Legal, Engineering, DevOps, Security, and executive stakeholders.
• Education
• Bachelor’s degree in Cybersecurity, Information Security, Computer Science, Business, or related field, or equivalent practical experience.
• Skills
• Strong understanding of security governance, compliance operations, and risk management practices.
• Familiarity with cloud security concepts and governance within AWS or similar cloud environments.
• Strong organizational and project management skills with the ability to manage multiple priorities simultaneously.
• Excellent written and verbal communication skills.
• Ability to translate compliance requirements into practical operational processes.
• Strong analytical, documentation, and problem-solving skills.

• Prior people management or mentorship experience preferred.
• Certifications
• One or more of the following certifications strongly preferred:
• CISSP
• CISA
• CRISC
• CISM
• ISO 27001 Lead Auditor or Lead Implementer
• Experience within cybersecurity SaaS organizations.
• Experience supporting customer-facing security and trust initiatives.
• Familiarity with security tooling, cloud-native environments, and DevSecOps practices.
• Experience with AI governance, security governance automation, or modern GRC tooling.
• Experience working in fast-paced, high-growth technology environments.

SpyCloud transforms recaptured darknet data to disrupt cybercrime. Its automated identity threat protection solutions leverage advanced analytics and AI to proactively prevent ransomware and account takeover, detect insider threats, safeguard employee and consumer identities, and accelerate cybercrime investigations. SpyCloud's data from breaches, malware-infected devices, and successful phishes also powers many popular dark web monitoring and identity theft protection offerings. Customers include seven of the Fortune 10, along with hundreds of global enterprises, mid-sized companies, and government agencies worldwide. Headquartered in Austin, TX, SpyCloud is home to more than 200 cybersecurity experts whose mission is to protect businesses and consumers from the stolen identity data criminals are using to target them now.

To learn more and see insights on your company’s exposed data, visit spycloud.com.

Our mission is to make the internet a safer place by disrupting the criminal underground. Together with our customers and partners, we aim to end criminals’ ability to profit from stolen information.

SpyCloud is a place for innovative, collaborative, and problem-solvers to thrive. Individually, we’re amazing, but together, we’re unstoppable. We celebrate diversity and various perspectives and aim to create an inclusive and supportive environment for all. We are proud to be an Equal Employment Opportunity and Affirmative Action employer of choice. All aspects of employment decisions will be based on merit, performance, and business needs. We do not discriminate on the basis of any status protected under federal, state, or local law. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, sex (including pregnancy, childbirth, reproductive health decisions, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, genetic information, political views or activity, or other applicable legally protected characteristics. Women, minorities, individuals with disabilities, and protected veterans are encouraged to apply. SpyCloud complies with applicable state and local laws governing nondiscrimination in employment. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training.

SpyCloud expressly prohibits any form of workplace harassment. Improper interference with the ability of SpyCloud's employees to perform their job duties may result in discipline up to and including discharge. SpyCloud shares the right to work and participates in the E-Verify program in all locations.

If you need assistance or accommodation due to a disability, you may contact us.

Our culture is something really special. We’re all driven to disrupt the cybercriminal economy as we keep customer accounts safe from compromise. We support a truly worthy and serious mission, but we have fun doing it together. If you are driven, inventive, and collaborative, you’ll fit right in.

We will never ask an applicant for sensitive or personal financial information during the recruitment process. We advise all applicants seeking employment with SpyCloud to review available information on recruitment fraud. Anyone who suspects that they have been contacted by someone falsely representing SpyCloud should email careers@spycloud.com.