×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Information Security Cybersecurity Data Security

Governance, Risk & Compliance; GRC Manager

Job in San Francisco, San Francisco County, California, 94199, USA
Listing for: Sigma Computing
Full Time position
Listed on 2026-06-24
Job specializations:
  • IT/Tech
    Information Security, Cybersecurity, Data Security
Salary/Wage Range or Industry Benchmark: 200000 - 250000 USD Yearly USD 200000.00 250000.00 YEAR
Job Description & How to Apply Below
Position: Governance, Risk & Compliance (GRC) Manager

Governance, Risk & Compliance (GRC) Manager

Sigma is seeking an experienced GRC Manager to lead and scale our governance, risk, and compliance programs. This role is based in our San Francisco office or upcoming New York office and reports to the General Counsel. You'll have the opportunity to build a strategic, enterprise-wide GRC function that enables business growth while managing organizational risk.

As our GRC Manager, you'll partner with Legal, Engineering, Product, Sales, Operations, and leadership to develop a comprehensive GRC framework that protects Sigma's interests, supports our strategic objectives, and builds stakeholder trust. You'll mature our governance structures, implement scalable risk management processes, and ensure compliance with applicable regulatory requirements—all while enabling the business to move quickly and confidently.

What You’ll Do Governance
  • Design and implement governance frameworks, including reporting, policy governance, and control oversight
  • Establish and maintain enterprise policies, standards, and procedures across technology, security, privacy, and operational functions
  • Build and lead a governance committee structure that provides appropriate oversight and decision‑making
  • Create governance dashboards and metrics to provide visibility into program maturity and effectiveness
  • Partner with leadership to align governance activities with business strategy and risk appetite
  • Develop and operate a comprehensive Enterprise Risk Management (ERM) program
  • Conduct regular enterprise‑wide risk assessments and maintain a dynamic risk register
  • Build and maintain business continuity and disaster recovery programs, including regular testing and tabletop exercises
  • Implement third‑party risk management processes, including vendor risk assessments, contract reviews, and ongoing monitoring
  • Create risk treatment plans and track remediation activities across the organization
  • Facilitate risk‑informed decision‑making at all levels of the organization
  • Coordinate with functional leaders to ensure risks across all business areas are identified and managed appropriately
Compliance
  • Own audit and certification programs including SOC 2, ISO 27001, HIPAA, and other relevant standards
  • Develop and maintain compliance monitoring programs to track regulatory changes and work with the legal team to assess impact
  • Partner with HR and Legal to support labor & employment compliance programs, including workplace safety, anti‑discrimination, wage and hour requirements, and multi‑jurisdictional employment regulations
  • Monitor and ensure adherence to industry‑specific regulatory requirements relevant to Sigma’s business operations
  • Manage security awareness training programs enterprise‑wide
  • Conduct internal audits and assessments to validate control effectiveness
  • Coordinate external audits and assessments with third‑party auditors
Business Enablement
  • Support sales and customer success teams with compliance documentation and security inquiries
  • Develop customer‑facing materials that articulate Sigma’s risk management and compliance posture
  • Complete and manage responses to customer security questionnaires and assessments (VSAs, SIGs, custom questionnaires)
  • Enable efficient deal cycles by maintaining ready‑to‑use compliance artifacts, trust center content, and documentation
  • Partner with Sales Engineering and Solutions teams to address prospect security and compliance requirements
What You Bring Required
  • 4+ years of experience in governance, risk management, and/or compliance roles, preferably in SaaS or technology companies
  • Demonstrated experience building or significantly maturing a GRC program from the ground up
  • Track record of successfully leading certification audits (SOC 2, ISO 27001, HIPAA, or similar)
  • Experience implementing risk management frameworks (COSO, ISO 31000, NIST RMF, or similar)
  • Strong knowledge of data privacy regulations and their practical application (GDPR, CCPA, etc.)
  • Experience developing and maintaining information security and privacy policies, procedures, and control frameworks
  • Strong business acumen with ability to translate risk and compliance requirements into business value
  • Excellent communication skills
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search