InfoSec Governance Risk and Compliance Lead

📋 Description

• Lead GRC strategy for UpGuard's infoSec program.
• Embed security reviews in procurement; lead third-party risk.
• Review security exhibits, DPAs, and questionnaires in negotiations.
• Collaborate with the CISO on enterprise risk matters.
• Own the risk management process; deliver exec insights.
• Own SOC 2 Type II audit cycle; coordinate remediations.

🎯 Requirements

• 4+ years in Information Security, IT Audit, or GRC in cloud.
• Experience with risk frameworks, GRC platforms, and TPRM.
• Procurement, legal, and privacy contract review experience.
• Strategic communicator translating risk into business impact.
• Autonomy and ownership; manage details toward goals.
• Problem-solving mindset; navigate ambiguity and risk trade-offs.

🎁 Benefits

• Monthly lifestyle subsidy.
• WFH setup allowance.
• $1500 USD annual L&D allowance.
• Annual leave: PTO plus 2 extra days.
• 18 weeks paid parental leave.
• Fully remote work environment; no mandatory attendance.