GRC Manager

About the Role

Cloud Zero is growing fast. Our customer base is expanding, the regulatory and risk landscape is getting more complex, and the business needs a GRC function that can keep pace. As the GRC Manager at Cloud Zero, you’ll own and scale our governance, risk, and compliance programs across the organization.

Reporting to the Sr. Director of IT & Security within the Office of the CTO organization, you’ll partner closely with Legal, Engineering, Product, Sales, and G&A to build a GRC function that protects Cloud Zero’s interests, earns customer trust, and gives the business the confidence to move quickly.

This is a high-impact, highly cross-functional role. You’ll be as comfortable presenting a risk register to leadership as you are helping a sales team close a deal with the right compliance documentation. This is a hybrid role with an expectation of in-office presence 2–3 days per week.

• Design and operate a comprehensive GRC framework spanning governance structures, enterprise risk management, and compliance programs that grows alongside Cloud Zero’s business
• Own audit and certification programs including SOC 2 and other relevant standards, coordinating across internal teams and third‑party auditors to drive successful outcomes
• Own the development, maintenance, and ongoing improvement of Cloud Zero’s security and privacy policies and procedures, ensuring they’re current, practical, and embedded into how teams actually operate
• Lead regular enterprise risk assessments, maintain a living risk register, and create an environment where risk‑informed decision‑making happens at every level of the organization

• Serve as a key stakeholder in building Cloud Zero’s AI Governance & Strategic Risk strategy
• Take full ownership of business continuity and disaster recovery programs, including program design, documentation, regular testing cycles, and tabletop exercises — ensuring operational preparedness when it matters most
• Build and manage third‑party risk management processes, including vendor due diligence, contract reviews, and ongoing monitoring throughout the vendor lifecycle
• Track regulatory developments alongside the Legal team, ensuring Cloud Zero meets its obligations under GDPR, CCPA, and other applicable requirements
• Manage the company’s security awareness training program and run internal audits to validate that controls are working as intended

• Own the security questionnaire and assessment process — including VSAs, SIGs, and custom customer requests — with a primary focus on building and scaling tooling and automation that makes high‑quality responses fast and repeatable
• Review and redline security and data privacy language in customer and prospect contracts, working closely with Legal to protect Cloud Zero’s interests while keeping deals on track
• Build and maintain a library of pre‑approved security responses, compliance artifacts, and contract language so the team isn’t starting from scratch on every deal
• Actively identify and implement tooling to automate questionnaire responses and security review workflows, reducing manual effort and accelerating deal cycles without sacrificing quality
• Maintain and continuously improve Cloud Zero’s trust center, ensuring prospective customers have ready access to up‑to‑date security and compliance documentation
• Partner with Sales Engineering and Solutions teams to address security and compliance requirements early in the sales cycle, removing friction before it becomes a blocker

• 5+ years of experience in governance, risk, and/or compliance roles, ideally within a SaaS or cloud technology company
• Proven experience building or significantly maturing a GRC program, with direct, hands‑on involvement in SOC 2 or similar certification audits
• Working knowledge of established risk management frameworks such as COSO, ISO 31000, or NIST RMF
• Solid understanding of GDPR, CCPA, and how data privacy obligations translate into practical controls and policies

• Strong communicator who can make risk and…