Product GRC Subject Matter Expert

September 17

Apply Now

Receive Emails with Similar Jobs

Vanta

WebsiteLinkedInAll Job Openings

Compliance • Security • SaaS

Vanta is a trust management platform that streamlines compliance workflows and enhances security programs for businesses. By leveraging automation, Vanta helps companies achieve and maintain compliance with frameworks like SOC 2, ISO 27001, and GDPR. It offers solutions for companies of all sizes, from startups to enterprises, ensuring security and compliance at scale. With integrations with over 375 tools, Vanta leverages AI to simplify tasks such as questionnaire automation and vendor risk management. Vanta empowers service providers and auditors to deliver efficient and satisfactory experiences, helping businesses build trust with their clients and partners.

201 - 500 employees

Founded 2018

📋 Compliance

🔐 Security

☁️ SaaS

💰 $40M Series B on 2022-10

📋 Description

• Build and maintain compliance frameworks (controls, evidence requirements, implementation guidance for SOC 2, ISO/IEC 27001 & 27701, HIPAA, PCI DSS, NIST CSF, NIST SP 800-53, GDPR/CCPA) • Design crosswalks and mappings; maintain bidirectional crosswalks and operationalize mappings in-product • Define content quality standards, establish QA processes and metrics • Drive end-to-end GRC product enablement: modular content for risk management, POA&M, policy management, access reviews, Trust Center artifacts, third-party risk management • Act as product advisor in discovery & design; author PRDs/acceptance criteria • Author automated tests & continuous monitoring; translate controls into spec-level automated tests, pair with Engineering to implement detectors • Partner with Product to drive roadmap and own backlog for framework/content improvements • Enable AI-assisted compliance: translate SME knowledge into machine-readable specs, design LLM-powered guidance, define evaluation sets and safety guardrails • Synthesize feedback from customers, auditors, partners, and internal teams to iterate and resolve issues

🎯 Requirements

• 5-7+ years in GRC and/or Information Security with hands‑on implementation or assessment across multiple frameworks (e.g., SOC 2, ISO 27001/27701, HIPAA, PCI DSS, NIST CSF/800‑53) • Experience with cloud environments and SaaS is strongly preferred • Federal experience (e.g., FedRAMP) is a plus • Bachelor’s degree in Computer Science preferred; advanced degree a plus • Deep understanding of controls, risks, testing approaches, evidence standards, and program operations • Ability to translate requirements into productizable capabilities; comfort with experimentation and data‑driven prioritization • Technical & automation skills: experience with AI tools, simple automations, integrations (Sheets/Airtable, APIs, webhooks), and designing AI-augmented workflows • Skilled at precise control wording, mapping accuracy, and evidence specificity; comfortable working in spreadsheets and large data sets • Excellent written and verbal communication; ability to partner with engineers, designers, GTM teams, auditors, and customers • Self-motivated, independent, adaptable in a fast-paced environment • Nice-to-have: Experience with privacy regulations (GDPR/CCPA), risk quantification (e.g., FAIR), audit/assessor background, or B2B SaaS content/enablement • Preferred certifications: CISA, CISSP, CCSK/CCSK+, ISO 27001 Lead Implementer/Lead Auditor, CIPM/CIPT, PCI‑ISA/QSA

🏖️ Benefits

• Industry-competitive compensation • 100% covered medical, dental, and vision benefits with dependents coverage • 16 weeks fully-paid parental Leave for all new parents • Health & wellness and remote workplace stipends • Family planning benefits through Carrot Fertility • 401(k) matching • Flexible work hours and location • Open PTO policy • 11 paid holidays in the US • Offices in SF, NYC, London, Dublin, and Sydney