Governance, Risk & Compliance (GRC) Manager
Hybrid
Full Time
#Engineering
#GRC
#Security Compliance
#Risk Management
#ISO 27001
#NIST CSF
#SOC
#Audit
Litmus is a growth-stage software company that helps industry leaders like Google, Intel, and Mitsubishi harness machine data to drive digital transformation. As we continue to expand following our successful Series B financing, we are seeking a Governance, Risk & Compliance (GRC) Manager to join our team and help shape the future of Industrial IoT and edge computing.
Responsibilities
- Lead our efforts to achieve and maintain various security compliance certifications.
- Manage our Drata compliance platform and monitor adherence to internal information security policies.
- Direct our ISO 27001 Information Security Management System to ensure ongoing recertification.
- Develop and oversee a robust vendor risk management and quantification program.
- Streamline our response process for client audits and third-party technical risk assessments.
- Act as a subject matter expert on risk management, performing internal audits and technical risk assessments.
- Create and maintain essential security documentation, including policies, standards, and procedures.
- Foster a company-wide culture of security awareness while identifying potential risks and opportunities.
- Recommend policy enhancements based on the evolving regulatory landscape.
Must-haves
- At least 5 years of experience in security governance, risk management, compliance, or internal auditing, with 7 to 10 years of total professional experience.
- Strong knowledge of regulatory frameworks such as NIST CSF, ISO 27001, SOC, GxP, and GMP.
- Hands-on experience managing compliance programs, ideally within a service provider or merchant environment.
- Proven ability to manage multiple projects simultaneously while communicating effectively with both technical teams and executive stakeholders.
- Experience in data analysis, including the creation of security metrics and dashboards.
- Proficiency in managing modern compliance tools like Drata.
- Excellent command of the English language.
Nice-to-haves
- Previous professional experience serving as a Qualified Security Assessor (QSA) or Internal Security Assessor (ISA).
Benefits
- Flexible hybrid work environment.
- The opportunity to work with a high-growth Silicon Valley company and collaborate with industry experts.





