×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security

Senior Security GRC Lead

Job in San Francisco, San Francisco County, California, 94199, USA
Listing for: Gong
Full Time position
Listed on 2026-06-28
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security
Salary/Wage Range or Industry Benchmark: 121000 - 185000 USD Yearly USD 121000.00 185000.00 YEAR
Job Description & How to Apply Below

Company Overview

Gong harnesses the power of AI to transform how revenue teams win. The Gong Revenue AI Operating System unifies data, insights, and workflows into a single, trusted system that observes, guides, and acts alongside the world’s most successful revenue teams. Powered by the Gong Revenue Graph, AI‑powered intelligence, specialized agents, and trusted applications, Gong helps more than 5,000 companies around the world deeply understand their teams and customers, automate critical sales workflows, and close more deals with less effort.

For more information, visit (Use the "Apply for this Job" box below)..

At Gong, you will join a company built on innovative products, ambitious goals, and passionate people. We are shaping the future of revenue intelligence and we want people who are excited to build what comes next. You will work with a team that dreams big, moves fast, and cares deeply about the craft and about each other. Here, transparency and trust are core to how we operate, and every person has the opportunity to make a visible impact.

If you want to grow, stretch, and do work that truly matters, Gong is the place to do the best work of your career.

Role Summary

This is a high‑visibility, high‑impact role at the center of Gong’s security and compliance story. As our Senior GRC Security Lead, you will be the architect of foundational programs we are building — Gong’s first‑ever Common Controls Framework, standing up a formal risk process and register, implementing a GRC tooling ecosystem, and owning the full policy, standards, and exceptions management lifecycle.

It’s a role for a builder — someone who thrives in ambiguity, operates with urgency, and finds energy in creating order from complexity. You will work directly with Legal, Sales, Engineering, Customer Audit teams, and executive stakeholders, and your fingerprints will be visible across everything Gong builds for compliance and trust for years to come.

Responsibilities
  • Design and implement Gong’s Common Controls Framework, mapping controls across SOC 2, ISO 27001, 27017, 27701, 27018, HIPAA, PCI, and other applicable frameworks.
  • Rationalize overlapping requirements across frameworks to reduce compliance burden and create a single source of truth for control ownership.
  • Partner with Engineering, Infrastructure, and Product Security to embed controls at the architecture level, not just as audit check boxes.
  • Establish control testing methodology, evidence collection standards, and continuous control monitoring processes.
  • Serve as the subject‑matter expert on control mapping during customer and external audits, RFPs, and enterprise sales engagements.
  • Build Gong’s product & enterprise risk register from the ground up—defining risk taxonomy, scoring methodology, risk appetite thresholds, and ownership models.
  • Implementation of a GRC platform and system of record, and ability to build executive‑level dashboards to track vulnerability, risk, and control remediation.
  • Create and maintain risk treatment plans in partnership with risk owners across the business, tracking remediation milestones and escalating blockers.
  • Develop executive‑level risk reporting cadences and dashboards for the Head of GRC and senior leadership.
  • Own the complete lifecycle of Gong’s information security policy suite—creation, review cycles, version control, and employee acknowledgment tracking.
  • Establish and operate a formal exceptions management program, including intake, risk assessment, approval workflows, compensating controls, and periodic review.
  • Ensure policies remain aligned with evolving regulatory requirements, industry frameworks, and Gong’s rapidly changing technology environment.
  • Drive policy adoption through clear communication, training support, and cross‑functional partnership.
  • Liaise with external auditors and certification bodies for SOC 2, ISO, and other certifications.
Qualifications
  • 7+ years of progressive experience in GRC, Information Security, or a closely related function— with meaningful time spent building or scaling programs, not just running them.
  • Demonstrated hands‑on experience building a GRC program at scale—ideally in a high‑growth SaaS or technology company.
  • Deep expertise…
Position Requirements
10+ Years work experience
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search