Governance, Risk & Compliance; GRC Manager

Position: Governance, Risk & Compliance (GRC) Manager
Position Overview

Teams Work is seeking an experienced and detail-oriented Governance, Risk & Compliance (GRC) Manager to establish, manage, and continuously improve our compliance, governance, privacy, and risk management programs. This role will be responsible for overseeing compliance with industry-recognized frameworks such as SOC 2, ISO 27001, GDPR, CCPA, and other applicable regulatory requirements, while also supporting internal corporate governance initiatives, policy management, SOP oversight, and operational compliance across the organization.

The ideal candidate will serve as the primary compliance and governance leader, working closely with executive leadership, department heads, engineering teams, HR, operations, customer success, and external auditors to ensure that the organization maintains a strong compliance posture and scalable governance processes.

Key Responsibilities

Governance & Compliance Management

- Develop, implement, and maintain the organization's Governance, Risk, and Compliance (GRC) program.
- Establish and continuously improve compliance processes, controls, policies, and procedures.
- Maintain organizational compliance with applicable regulations, standards, and contractual obligations.
- Monitor regulatory developments and recommend updates to internal policies and practices.
- Act as the primary point of contact for compliance-related matters across the organization.
- Prepare compliance reports, dashboards, and executive summaries for leadership.

Security & Privacy Compliance

- Lead and manage compliance initiatives for:
- SOC 2
- ISO 27001
- GDPR
- CCPA/CPRA
- Privacy and data protection requirements
- Other applicable security and compliance frameworks
- Coordinate internal and external compliance audits.
- Maintain compliance evidence repositories and audit documentation.
- Manage remediation activities arising from audits, assessments, and compliance reviews.
- Conduct periodic compliance assessments and gap analyses.
- Support customer security questionnaires, vendor assessments, and compliance inquiries.

Risk Management

- Develop and maintain organizational risk management processes.
- Facilitate risk identification, assessment, mitigation, and monitoring activities.
- Maintain enterprise risk registers and risk treatment plans.
- Conduct periodic risk assessments across business functions.
- Collaborate with leadership to address compliance and operational risks.

Policy & SOP Governance

- Develop, review, maintain, and enforce company-wide policies and procedures.
- Establish standards for SOP creation, review, approval, and version control.
- Review departmental SOPs to ensure consistency, completeness, and compliance.
- Coordinate annual reviews and updates of organizational policies and SOPs.
- Ensure employees have access to current and approved documentation.

Corporate Governance & Operational Compliance

- Support the development and implementation of governance frameworks across the organization.
- Monitor adherence to internal policies, procedures, and operational standards.
- Conduct internal compliance reviews and audits.
- Track corrective and preventive actions (CAPA) and ensure timely closure.
- Assist leadership in strengthening organizational controls and accountability.

Compliance Training & Awareness

- Develop and deliver compliance, privacy, security, and policy awareness training.
- Promote a culture of compliance throughout the organization.
- Educate team members on regulatory requirements and internal policies.
- Coordinate periodic compliance acknowledgments and certifications.

Vendor & Third-Party Compliance

- Conduct vendor risk assessments and due diligence reviews.
- Maintain vendor compliance records and documentation.
- Review vendor security and privacy controls.
- Support procurement and contract review processes from a compliance perspective.

Qualifications

Required

- Bachelor's degree in Information Security, Cybersecurity, Risk Management, Business Administration, Law, or a related field.
- 5+ years of experience in Governance, Risk & Compliance (GRC), Information Security Compliance, Privacy Compliance, Audit, or related roles.
- Hands-on experience managing:
- SOC 2
- ISO 27001
- GDPR
- CCPA/CPRA
- Experience coordinating external audits and compliance assessments.
- Strong understanding of risk management methodologies.
- Experience developing and managing policies, procedures, and governance frameworks.
- Excellent documentation, organizational, and project management skills.
- Strong communication and stakeholder management abilities.

Preferred

- Experience working in SaaS, cloud-based, or technology organizations.
- Experience supporting enterprise customer compliance requirements.
- Knowledge of:
- NIST Cybersecurity Framework
- CIS Controls
- ISO 27701
- HIPAA (if applicable)
- Experience implementing GRC platforms and compliance management tools.

Preferred Certifications

One or more of the following certifications is highly desirable:

- ISACA Certified Information Systems Auditor (CISA)
- ISACA…