Product GRC SME

United States

Apply with AI Apply

$158,000 – $186,000Compensation

Expert & Leadership (9+ years)Experience Level

Full TimeJob Type

UnknownVisa

Enterprise Software, BiotechnologyIndustries

Requirements

Candidates should have experience in developing and maintaining multi-framework GRC solutions, acting as a bridge between product management, engineering, design, sales, and customer success. A strong understanding of security, privacy, and risk frameworks, along with experience in designing crosswalks and mappings, is essential. Familiarity with industry catalogs like SCF or UCF, and experience in defining canonical control IDs, mapping confidence, and evidence data dictionaries is required. Experience in authoring automated tests and continuous monitoring strategies is also necessary.

Responsibilities

The GRC SME will be responsible for building and maintaining compliance frameworks for standards such as SOC 2, ISO/IEC 27001 & 27701, HIPAA, PCI DSS, NIST CSF, NIST SP 800-53, and regional regulations. They will author clear control rationales, acceptance criteria, and customer-facing guidance. The role involves creating and stewarding an internal common-control approach, maintaining bidirectional crosswalks across security and privacy regulatory frameworks, and partnering with Engineering to operationalize mappings in-product. Additionally, the SME will define standards for content quality and usability, establish content QA processes, drive end-to-end GRC product enablement for risk management, issue management, policy management, access reviews, and TPRM, and act as a product advisor for discovery and design.

Skills

GRC

Compliance

Risk Management

Product Management

Engineering

Design

Sales

Customer Success

Security Frameworks

Privacy Frameworks

Vanta

Automates SOC 2 compliance for businesses

About Vanta

Vanta simplifies the process of obtaining and maintaining SOC 2 certification, which is essential for organizations that manage sensitive customer data. The company offers a software-as-a-service (SaaS) platform that automates numerous checks to ensure that security controls are effective and compliant with industry standards. This automation helps small to medium-sized enterprises (SMEs) and tech companies monitor risks and vulnerabilities continuously, significantly reducing the time and cost associated with achieving SOC 2 compliance. Vanta's subscription-based model provides clients with a more efficient and cost-effective way to maintain compliance compared to traditional methods. The goal of Vanta is to transform the compliance process, allowing organizations to focus on their core operations while enhancing their security posture.

San Francisco, CaliforniaHeadquarters

2018Year Founded

$343.4MTotal Funding

SERIES_CCompany Stage

Enterprise Software, CybersecurityIndustries

501-1,000Employees

Benefits

100% Benefits Coverage

Flexible & Remote Work

Paid Parental Leave

Unlimited PTO

Health & Wellness

401(k)

Risks

Emerging competitors like ComplyCube could challenge Vanta's market position.

Healthcare data breaches may increase demand for more robust security measures.

Reliance on partnerships like HITRUST poses risks if standards evolve significantly.

Differentiation

Vanta automates up to 90% of audit preparation, reducing compliance costs significantly.

The platform offers real-time insights, enhancing trust and streamlining security reviews.

Vanta's HITRUST e1 solution automates 80% of requirements, ensuring continuous compliance.

Upsides

Vanta secured $150M in Series C funding, boosting its growth potential.

Partnership with HITRUST enhances Vanta's credibility in the healthcare sector.

Rising demand for automated compliance solutions supports Vanta's market expansion.

Land your dream remote job 3x faster with AI

Try Jobo Free