Manager of Governance, Risk and Compliance (GRC)

About SpyCloud

SpyCloud is on a mission to make the internet a safer place by disrupting the criminal underground. SpyCloud’s solutions thwart cyberattacks and protect more than 4 billion accounts worldwide. Cybersecurity is an exciting, evolving space, and being at the forefront of the fight to disrupt cybercrime makes SpyCloud a special place to work. If you’re driven to align your career with a fantastic mission, look no further!

Position Overview

SpyCloud is seeking a hands-on and operationally focused Manager of Governance, Risk and Compliance (GRC) to lead and mature critical compliance, governance, and risk management initiatives across the organization. This role will own day-to-day execution of SpyCloud’s compliance and security governance programs while helping scale operational processes that support the company’s security posture and customer trust objectives.

The ideal candidate brings strong experience operating security compliance programs within cloud-native and SaaS environments and has deep familiarity with frameworks such as SOC 2, ISO 27001, NIST, and CMMC 2.0. This individual will work cross-functionally with Privacy, Security Engineering, DevOps, Legal, Product Engineering, and business stakeholders to drive compliance readiness, risk mitigation, policy governance, third-party risk management, and audit coordination.

This role is highly collaborative and execution-oriented, requiring both strategic judgment and operational ownership. The Manager of GRC will also directly manage at least one team member while helping evolve SpyCloud’s overall security governance maturity.

What You'll Do

• Governance & Compliance Operations
  • Own and manage SpyCloud’s day-to-day GRC and compliance operations across multiple frameworks, including SOC 2, ISO 27001, NIST, and CMMC 2.0.
  • Lead internal and external audit coordination activities, evidence collection, remediation tracking, and control validation efforts.
  • Maintain and improve security policies, standards, procedures, and governance documentation.
  • Drive ongoing compliance readiness activities and operationalize scalable compliance processes across the business.
  • Partner closely with Legal, Security Engineering, DevOps, and Engineering teams to ensure alignment on security and regulatory requirements.
• Risk Management
  • Conduct enterprise risk assessments and facilitate ongoing risk identification, tracking, remediation, and reporting processes.
  • Develop and maintain risk registers and support leadership reporting on security and compliance risks.
  • Lead third-party/vendor risk management activities, including security reviews and vendor assessments.
  • Support customer trust initiatives, including security questionnaires, compliance inquiries, and due diligence requests.
• Cloud Security & Security Governance
  • Partner with DevOps and Security Engineering teams to strengthen cloud security governance across AWS and cloud-native environments.
  • Ensure security controls are aligned with compliance frameworks and operational best practices.
  • Support implementation and monitoring of governance controls related to cloud infrastructure, identity management, logging, vulnerability management, and secure development practices.
  • Contribute to ongoing security awareness and compliance education initiatives across the organization.
• Leadership & Cross-Functional Collaboration
  • Manage and mentor direct report(s), supporting professional growth and operational excellence within the GRC function.
  • Collaborate with technical and non-technical stakeholders to drive accountability and operational maturity.
  • Help prioritize remediation efforts and compliance initiatives based on business risk and organizational goals.