GRC Manager

About ControlUp

ControlUp is a Digital Experience Monitoring and Optimization platform that transforms the way IT admins manage their environment and troubleshoot issues. Our product suit enables IT Administrators to be more proactive and have greater visibility into the digital experience of their users. Most of our customers utilize Citrix, VMware, Nutanix, and/or Microsoft for their virtualization layer. Additionally, we have many customers who utilize IGEL thin clients.

Our Culture

We have a fun and energetic company culture. We fly team members to fun locations across the globe. We value a culture of transparency and curiosity. This is a company with a sense of humor, where we all are hard workers, but we balance that with lots of hilarity interspersed with that hard work.

The Role

We are looking for a Governance, Risk, and Compliance (GRC) Manager to join our Security team. This role is critical in ensuring our SaaS platform complies with global security, privacy, and regulatory requirements. You will work cross-functionally with Legal, Engineering, IT, and Product teams to maintain compliance, mitigate risks, and uphold our security policies. This is an exciting opportunity to grow your career in cybersecurity and compliance while contributing to a dynamic and supportive security team.

Why Join ControlUp?

This is a great opportunity to grow your career in compliance and cybersecurity within a dynamic and supportive security team. You’ll gain exposure to key industry regulations, risk management practices, and security governance while working alongside experienced professionals.

Who We’re Looking For

• A team player who thrives in a collaborative environment and can contribute to areas beyond their primary expertise
• A balance of a GRC Manager, with an eagerness to fill knowledge gaps and learn new technologies
• A proactive individual who embraces challenges and seeks to innovate within the IT space
  
  

• Develop, implement, and enforce compliance programs, policies, and controls aligned with frameworks such as SOC 2, ISO 27001, GDPR, FedRAMP, and NIST
• Monitor evolving regulatory requirements and provide guidance on their impact on ControlUp’s security, cloud infrastructure, and data governance
• Ensure the company adheres to data protection regulations and drive necessary compliance adjustments
• Support third-party security and data protection audits and certifications
  
  

• Conduct security risk assessments, audits, and gap analyses, ensuring continuous improvement in compliance efforts
• Work with operational and technical teams to implement, monitor, and enhance security controls
• Manage vendor risk assessments, ensuring third-party providers align with ControlUp’s security and compliance standards
  
  

• Develop, maintain, and refine security policies, risk assessments, compliance documentation, and incident response procedures
• Collaborate with stakeholders to align business operations with regulatory requirements
• Prepare for and coordinate external audits, certifications, and customer security inquiries
  
  

• Work with Engineering and Product teams to embed security and privacy into product development
• Partner with Legal and IT teams to manage data protection agreements and compliance initiatives
• Conduct security awareness training and foster a compliance-first culture across the organization
• Assist in incident response planning and investigations when necessary
  
  

• 3–5+ years of experience in GRC, information security, or compliance within SaaS, cloud, or enterprise IT environments
• Strong understanding of regulatory frameworks and security standards such as SOC 2, ISO 27001, GDPR, FedRAMP, and NIST
• Experience conducting security risk assessments and working with auditors or regulatory bodies
• Familiarity with cloud security concepts and multi-cloud environments (AWS and Azure)
• Strong project management skills with the ability to manage multiple compliance initiatives
• Excellent communication and collaboration skills, with the ability to translate compliance requirements into actionable business processes
• Certifications such as CISM, CISA, CISSP, or CIPP are a plus but not required