Sr. Governance, Risk, and Compliance Lead

Remote

Auto‑apply with AI Apply

Not SpecifiedCompensation

Senior (5 to 8 years)Experience Level

Full TimeJob Type

UnknownVisa

Information Security, Cybersecurity, Technology ServicesIndustries

Requirements

Candidates should possess 5+ years of experience in GRC, Information Security, or Compliance, ideally within a technology or cloud-first environment, and demonstrated success managing end-to-end audit processes and cross-functional compliance initiatives. Relevant certifications such as CISA, CRISC, or ISO 27001 Lead Auditor/Implementer are preferred. Strong expertise with ISO 27001, SOC 2, and third-party compliance programs like Microsoft SSPA is required.

Responsibilities

The Sr. Lead, GRC will lead and manage internal and external audits for ISO 27001 and SOC 2 Type 2, including evidence collection, readiness assessments, and remediation tracking; own Upwork’s compliance with Microsoft Supplier Security and Privacy Assurance (SSPA), including completing the annual DPR and attestation; maintain and evolve the Information Security Management System (ISMS) and associated documentation; collaborate with Engineering, IT, Legal, and Privacy teams to implement controls and address identified gaps; monitor and report on the enterprise risk register, audit findings, and key compliance metrics; act as the primary point of contact for auditors and external stakeholders; track and interpret changes in regulatory and compliance frameworks; and provide strategic insights into risk and compliance operations.

Skills

Governance

Risk Management

Compliance

ISO 27001

SOC 2

Security Audits

ISMS

Vendor Management

Data Security

Privacy

Security Frameworks

Upwork

Online platform connecting freelancers and clients

About Upwork

Upwork connects freelancers with clients looking for various services in the gig economy, which focuses on short-term contracts instead of permanent jobs. The platform allows freelancers to create profiles that showcase their skills, while clients can post job listings for specific projects. Freelancers bid on these projects, and clients choose the best candidates based on proposals and reviews. Upwork earns revenue through service fees charged to freelancers based on their earnings, with a tiered structure that rewards long-term client relationships. The platform also offers premium memberships and additional services for enhanced visibility and access to job listings. Upwork provides tools for time tracking, invoicing, and project management, making it easier for both freelancers and clients to manage their work and payments. The goal of Upwork is to facilitate successful project completion by bridging the gap between freelancers and clients.

San Francisco, CaliforniaHeadquarters

2015Year Founded

$143.8MTotal Funding

IPOCompany Stage

Consulting, Enterprise SoftwareIndustries

10,001+Employees

Benefits

Health Insurance

Unlimited Paid Time Off

401(k) Retirement Plan

401(k) Company Match

Parental Leave

Employee Stock Purchase Plan

Risks

Increased competition from Fiverr and Toptal threatens Upwork's market share.

The new Fiverr-style Project Catalog may commoditize services, reducing freelancers' perceived value.

Strategic shifts under new management may not align with current client expectations.

Differentiation

Upwork connects freelancers with clients across diverse industries, enhancing global work opportunities.

The platform offers tools like time tracking and invoicing for efficient project management.

Upwork's tiered fee structure incentivizes long-term client relationships, differentiating it from competitors.

Upsides

Upwork's acquisition of Objective AI enhances its AI capabilities for better talent matching.

The introduction of Featured Jobs increases visibility for job posts, attracting more candidates.

Upwork's recognition as the top job posting site boosts its credibility among employers.

Land your dream remote job 3x faster with AI

Try Jobo Free