Senior Manager, GRC (Remote)

At Drata, members of the GRC team have a rare opportunity to be Customer Zero—we actively use the same GRC platform that our customers rely on. This means your work as Senior Manager, GRC will directly shape the product we’re continually developing and improving, and it directly impacts Drata’s core mission. Your insights will help define and refine Drata’s product journey, user experience, and strategic objectives. You’ll be collaborating with product, engineering, and leadership teams, providing crucial feedback that ensures our solution exceeds the needs of both our own compliance program and those of our global clientele. This isn’t just a GRC role—it’s a chance to be at the forefront of innovation, influencing Drata’s success every step of the way!

Drata’s Senior Manager, GRC will drive the strategic vision and execution of governance, risk, compliance, and trust management initiatives, enabling Drata’s customers to achieve and maintain adherence with security and compliance standards, frameworks, applicable laws and regulations, industry best practices, and all relevant internal policies. In this role, the ideal candidate will collaborate with external and internal assessors and senior stakeholders across the organization, fostering strong partnerships to help ensure successful ongoing operations and completion of compliance processes, testing, and continuous improvement of controls and risk mitigation plans. As a leader, you will champion process optimization, enhance operational efficiencies, and oversee the development of mature compliance programs that align with organizational objectives. Proficiency in industry-related audits, such as SOC 2 Type 2, HIPAA, ISO 27001/27017/27018/42001, NIST CSF, NIST 800-171, FedRAMP, and CMMC is essential. Familiarity with the GDPR, data privacy, and data security regulations is also a must.

What you'll do: 

• Champion Continuous Improvement:
  Don’t just trust the process—elevate it. Drive strategic initiatives to automate and enhance Drata’s compliance operations, helping ensure our platform remains the industry leader for Trust Management and GRC. Offer actionable insights to product teams based on daily platform usage, and devise cutting-edge solutions for complex challenges such as vendor management, onboarding/offboarding, and internal/external assessments. Identify control requirement best practices and guide us on how to best implement their security controls – expanding our current external assessment compliance attestation footprint to include applicable requirements for customers needing to obtain and comply with even the most stringent requirements such as FedRAMP (all impact levels) and others.
• Maintain Oversight and Accountability:
  Provide executive-level oversight of company-wide compliance-related functions to confirm we’re meeting all of Drata’s security and compliance mandates. Serve as the driving force behind rigorous standards and the catalyst for continuous improvement, maintaining a culture of excellence. 
• Inspire Customer Confidence:
  Solidify Drata’s reputation as a trusted partner by responding to customer inquiries—whether through our Trust Center, via questionnaires, or one-off diligence questions—and by working closely with internal and external assessors. Help ensure they receive – in a timely and responsive manner – the necessary artifacts and guidance to validate our comprehensive compliance posture.
• Foster a Culture of Proactive GRC:
  Collaborate with organizational leaders on initiatives like policy management, risk management and mitigation, compliance, customer due diligence, vendor due diligence, privacy requests, and additional engagements. Leverage these insights to strengthen Drata’s GRC posture and maturity journey and promote an environment of innovative, forward-looking GRC and Trust Management.
• Drive Clear, Strategic Communications:
  Lead cross-functional alignment by articulating the “why” behind controls, processes, and requirements. Provide executive-level insight into risks and state of compliance with controls to help ensure all stakeholders understand the strategic intent and can collaborate effectively toward shared goals. Inform management of changes and updates to key frameworks, requirements and regulations regarding compliance and security.
• Establish Robust Standards, Supported by Repeatable Procedures:
  Create and maintain a comprehensive, business-aligned GRC Program and supporting documentation—from a well established and documented GRC program, policies, and procedures to compliance standards—that resonates with auditors, customers, and internal teams, ensuring clarity and accountability across the organization.
• Stay at the Forefront of Innovation:
  Continuously explore emerging technologies and industry trends, identifying opportunities to integrate new tools or processes that advance Drata’s GRC objectives. Encourage a mindset of curiosity and growth within your team. Consult with Customer Success, Sales, and Go-To-Market teams to assist with successful understanding of Trust Management and GRC across a diverse customer base.
• Shape Drata’s Future:
  Through automation, leadership, and transparent communication, redefine what it means to be compliant in a modern, fast-paced environment. Your influence will add to Drata’s continuing to revolutionize this industry—and transform how businesses view GRC and Trust Management. Partner with sales, customer success, business development, product and engineering teams to assist with the development and implementation of industry leading GRC programs backed by Drata’s amazing platform.
• Mentor and Lead High-Performing Teams:
• Recruit, develop, and retain top-tier talent in GRC. Provide coaching, guidance, and professional development opportunities that empower team members to excel. Cultivate a collaborative environment where knowledge sharing and continuous learning are integral to success. Report regularly on progress, and directly contribute as a key player on this team as part of day-to-day GRC operations.

What you’ll bring:

• 10+ years experience as a GRC professional. 5+ of those years leading GRC teams.
• Extensive experience, knowledge of, experience being audited against SOC 2, ISO 27001, ISO 42001, HIPAA, and NIST standards.
• Ability to take the lead in providing compliance guidance to customers and internal team members.
• Great interpersonal skills so you can collaborate with a diverse range of colleagues in other disciplines and cultures.
• Excellent written and verbal communication skills
• Big 4 accounting firm experience working at large publicly-traded companies is a plus, as well as experience working in a startup or entrepreneurial environment.

Benefits:

• Healthcare: 90-100% paid premiums for medical, dental, and vision plans for employee and dependents + on demand health care concierge
• HSA, FSA, & DCFSA: Pre-tax savings plans for healthcare and dependent care, with up to a $600 annual employer contribution to the HSA plan (if enrolled in HSA medical plan)
• 100% paid short and long term disability plus life + AD&D benefits
• Learning & Development: $500 annually towards professional development opportunities + $250 annually towards personal development opportunities
• Flexible Time Off: Flexible vacation policy for strong, fully charged batteries
• 16 Weeks Paid Parental Leave: An inclusive policy to ensure you have time with your newborn, newly adopted, or foster child
• Work Remotely: Flexible hours and work from home + $1,000 annually to cover necessary business related items for your home office
• 401K: Reach your financial goals while reducing your taxes

This role will receive a competitive base salary, benefits, and stock, typically in the form of Restricted Stock Units (RSUs). The applicable salary range for each US-based role is based on where the employee works and is aligned to one of 3 tiers based on the cost of labor for that geographic area. The expected salary ranges for this role are below, subject to change. 

Tier 1: $186,100 - $229,800

Tier 2: $167,500 - $206,800

Tier 3: $148,900 - $183,800

You can view which tier applies to where you plan to work here. A variety of factors are considered when determining someone’s leveling and compensation–including a candidate’s professional background and experience. These ranges may be modified in the future and final offer amounts may vary from the amounts listed above.