GRC Manager

ControlUp creates an autonomous workplace where the day runs itself.

We’re a leader in DEX, unifying digital employee experience and IT operations into one powerful platform built for modern workplace management. By combining real-time monitoring, automation, and proactive remediation, ControlUp enables IT teams to prevent issues before they impact employees, reduce operational complexity, and streamline IT environments, without the clutter of multiple tools. With ControlUp, IT works smarter, employees stay productive, and the workday runs itself. One platform. One powerful shift in how work flows.

No tool sprawl. No wasted time. No interruptions. Just technology that runs smoothly, so people can get on with work that matters.

The Role

We are looking for a Governance, Risk, and Compliance (GRC) Manager to join our Security team. This role is critical in ensuring our SaaS platform complies with global security, privacy, and regulatory requirements. You will work cross-functionally with Legal, Engineering, IT, and Product teams to maintain compliance, mitigate risks, and uphold our security policies. This is an exciting opportunity to grow your career in cybersecurity and compliance while contributing to a dynamic and supportive security team.

How You’ll Spend Your Day

• Compliance & Regulatory Management
• Develop, implement, and enforce compliance programs, policies, and controls aligned with frameworks such as SOC 2, ISO 27001, GDPR
• Monitor evolving regulatory requirements and provide guidance on their impact on ControlUp’s security, cloud infrastructure, and data governance
• Ensure the company adheres to data protection regulations and drive necessary compliance adjustments
• Support third-party security and data protection audits and certifications
• Risk Management & Security Controls
• Conduct security risk assessments, audits, and gap analyses, ensuring continuous improvement in compliance efforts
• Work with operational and technical teams to implement, monitor, and enhance security controls
• Manage vendor risk assessments, ensuring third-party providers align with ControlUp’s security and compliance standards
• Policy & Documentation Management
• Develop, maintain, and refine security policies, risk assessments, compliance documentation, and incident response procedures
• Collaborate with stakeholders to align business operations with regulatory requirements
• Prepare for and coordinate external audits, certifications, and customer security inquiries
• Collaboration & Security Awareness
• Work with Engineering and Product teams to embed security and privacy into product development
• Partner with Legal and IT teams to manage data protection agreements and compliance initiatives
• Conduct security awareness training and foster a compliance-first culture across the organization
• Assist in incident response planning and investigations when necessary
  
  

• 3+ years of experience in GRC, information security, or compliance within SaaS, cloud, or enterprise IT environments
• Familiarity with cloud security concepts and multi-cloud environments (AWS and Azure)
• Strong understanding of regulatory frameworks and security standards such as SOC 2, ISO 27001, GDPR
• Experience conducting security risk assessments and working with auditors or regulatory bodies
• Excellent communication and collaboration skills, with the ability to translate compliance requirements into actionable business processes
• English - high level
• Strong project management skills with the ability to manage multiple compliance initiatives - an advantage
• Certifications such as CISM, CISA, CISSP, or CIPP - an advantage