More jobs:
Manager, Security Governance Risk & Compliance
Job in
Greater London, London, Greater London, W1B, England, UK
Listed on 2026-07-06
Listing for:
Commerce Inc
Full Time
position Listed on 2026-07-06
Job specializations:
-
IT/Tech
Cybersecurity
Job Description & How to Apply Below
Manager, Security Governance Risk & Compliance Skip to main content
We use data collected by cookies and JavaScript libraries, which are necessary for website functioning, to improve user’s browsing experience, analyze site traffic, deliver personalized advertisements, and increase the overall performance of our site.# Careers Manager, Security Governance Risk & Compliance page is loaded## Manager, Security Governance Risk & Compliance Apply remote type:
Hybrid locations:
London, United Kingdom:
Austin, TXtime type:
Full time posted on:
Posted Todayjob requisition :
JR102771#
** Welcome to the Agentic Commerce Era**## At Commerce, our mission is to empower businesses to innovate, grow, and thrive with our open, AI-driven commerce ecosystem. As the parent company of Big Commerce, Feedonomics, and Makeswift, we connect the tools and systems that power growth, enabling businesses to unlock the full potential of their data, deliver seamless and personalized experiences across every channel, and adapt swiftly to an ever-changing market.
We believe in harnessing AI responsibly to unlock new possibilities, and we’re looking for individuals who use it intentionally to solve problems, accelerate outcomes, and expand what’s possible in their role. Our purpose is to help businesses confidently solve complex commerce challenges so they can build smarter, adapt faster, and grow on their own terms. If you want to be part of a team of bold builders, sharp thinkers, and technical trailblazers who shape the future of commerce, this is the place for you.
As a Manager of Security GRC, you will lead our compliance programs and serve as the strategic owner of our audit portfolio will oversee our most critical certification and regulatory programs — including PCI DSS, SOC 2, ISO 27001, and other security audits — ensuring compliance is embedded into our "business as usual" (BAU) operations and that our control environment is continuously audit-ready across Commerce, Feedonomics, and Makeswift.
You will serve as the organizational bridge between Engineering, Infrastructure, Legal, Privacy, and external auditors, translating complex regulatory requirements into clear, executable programs. A core part of this role is working directly with control owners across all business units to ensure they understand their obligations, maintain evidence, and operate within the control framework. This role reports into our GRC function and leads a team of analysts responsible for audit success and control framework integrity.
**** What You'll Do:
***** Audit Ownership:
Own the end-to-end lifecycle of Commerce's core audit programs — PCI DSS 4.0, SOC 2 Type 2, ISO 27001, and SOX — across Commerce, Feedonomics, and Makeswift, including scoping, evidence strategy, auditor management, and final report outcomes.
* Control Owner Engagement:
Partner with control owners across all three business units to ensure they understand their compliance obligations, maintain audit-ready evidence, and operate effectively within the BC Secure Controls Framework on an ongoing basis.
* External Auditor Relationships:
Serve as the primary point of contact for QSAs, external auditors, and certification bodies. Defend the control environment, manage audit timelines, and minimize disruption to technical teams.
* Continuous Audit Readiness:
Drive the operationalization of audit requirements into BAU workflows across all business units, reducing reliance on point-in-time evidence collection and eliminating audit fatigue organization-wide.
* Findings & Remediation:
Own the tracking and closure of audit findings and control gaps across Commerce, Feedonomics, and Makeswift. Partner with control owners to deliver pragmatic, risk-informed remediation plans within defined timelines.
* PCI 4.0 Evolution:
Direct the ongoing maturity of Commerce's PCI DSS 4.0 program, including Targeted Risk Analyses (TRAs), customized approach applicability, and annual assessment planning.
* Scoping & Segmentation:
Partner with Cloud Engineering to validate and maintain PCI scope across Commerce's global footprint, ensuring effective network segmentation and data flow isolation.
* ISA Oversight:
Man…
Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
Search for further Jobs Here:
×