GRC Manager

WHO WE ARE

Come join the company reinventing data security, empowering businesses to realize the full potential of their data. As the leading data security platform purpose-built for the cloud era, Cyera’s mission is to reinvent how businesses secure data, enable agile collaboration, and boldly pursue new business opportunities. Trusted by security teams at leading global businesses, our team is proving that data security is the next big thing in cyber. Backed by the world’s leading investors and working with a large and growing list of Fortune 1000 companies, we are looking for world-class talent to join us as we usher in the new era of data security.

THE OPPORTUNITY

Cyera is seeking a strategic, execution-focused GRC Manager to lead and mature our global Governance, Risk, and Compliance program.

This is a senior leadership role responsible for owning Cyera’s audit and certification strategy across frameworks such as ISO 27001, SOC 2 Type 2, C5, PCI DSS, ISO 42001, and FedRAMP, while driving operational excellence across third-party risk management, supplier governance, policy lifecycle management, enterprise risk processes, and security awareness programs.

The GRC Manager will lead and develop a team of 3–4 GRC analysts and act as a key partner to Security Engineering, Legal, IT, Product, and Executive Leadership. This role requires both deep technical understanding of security control frameworks and strong leadership capabilities to scale a best-in-class GRC function.

RESPONSIBILITIES:

Audit & Certification Leadership

• Own end-to-end lifecycle of external audits and certifications:
• ISO 27001
• SOC 2 Type 2
• C5
• PCI DSS
• ISO 42001
• FedRAMP (as applicable)
• Develop and execute a multi-year audit and certification roadmap aligned to company growth.
• Serve as primary liaison with external auditors, assessors, and regulatory bodies.
• Ensure ongoing control readiness, not point-in-time compliance.
• Translate audit findings into measurable remediation plans and track closure.
• Drive control automation and evidence collection improvements.
• Maintain framework crosswalks and ensure control harmonization across multiple standards.

Third-Party Risk Management & Supplier Governance

• Own and mature Cyera’s Third-Party Risk Management (TPRM) program.
• Establish vendor tiering methodology and risk scoring processes.
• Lead pre-engagement vendor security assessments and ongoing reassessments.
• Oversee SOC report reviews, security due diligence, and contractual security requirements.
• Partner with Legal to embed security and compliance obligations in vendor contracts.
• Ensure effective vendor offboarding and data destruction validation.
• Develop reporting dashboards for supplier risk exposure.

Policy Governance & Policy Exception Management

• Own the full lifecycle of security and compliance policies:
• Drafting
• Review
• Executive approval
• Publication
• Periodic review
• Align policies across ISO, SOC 2, FedRAMP, and other frameworks.
• Lead formal policy exception process, including:
• Risk evaluation
• Compensating controls
• Executive approval workflows
• Exception tracking and renewal cadence
• Ensure policies remain operationally practical and enforceable.

Enterprise Risk Management

• Own and maintain the corporate risk register.
• Facilitate periodic risk assessments across business units.
• Identify and assess operational, technical, regulatory, and strategic risks.
• Track remediation plans and report on residual risk.
• Develop executive-ready risk reporting materials.
• Present risk posture updates to senior leadership.

Security Awareness & Culture

• Oversee annual security awareness training program.
• Develop targeted training modules for high-risk roles.
• Track completion and effectiveness metrics.
• Continuously improve awareness strategy based on risk trends and audit findings.
• Promote a security-first culture across the organization.

GRC Reporting & Executive Communication

• Develop KPIs and dashboards for:
• Audit readiness
• Risk exposure
• Policy compliance
• Third-party risk posture
• Control maturity
• Provide recurring updates to executive leadership
• Support Board-level reporting as needed
• Identify opportunities to automate reporting and control monitoring

Team Leadership & Development

• Lead, mentor, and develop a team of 3–4 GRC analysts.
• Define career paths and professional development plans.
• Establish performance metrics and accountability frameworks.
• Foster a high-performance, collaborative team culture.
• Provide coaching in audit management, risk assessment, and stakeholder engagement.
• Scale team processes to support rapid company growth.

Requirements

REQUIRED QUALIFICATIONS:

• 7–10+ years of experience in GRC, security compliance, or audit leadership.
• 3+ years of people management experience.
• Deep expertise in:
• ISO 27001
• SOC 2 Type 2
• PCI DSS
• FedRAMP
• C5
• ISO 42001 (or emerging AI governance frameworks)
• Experience managing external audits and assessors.
• Strong understanding of cloud security environments (AWS, GCP, Azure).
• Proven experience building or maturing a third-party risk management program.
• Strong knowledge of risk management methodologies and control frameworks.
• Experience leading policy governance programs.
• Excellent executive communication and reporting skills.
• Ability to operate strategically while driving tactical execution.

PREFERRED QUALIFICATIONS

• CISSP, CISA, CRISC, CISM, ISO 27001 Lead Implementer/Auditor, or similar certifications.
• Experience in SaaS or cloud-native environments.
• Experience preparing organizations for FedRAMP authorization.
• Familiarity with automation tools for GRC evidence collection and control monitoring.
• Experience with AI governance frameworks (ISO 42001).

WHAT SUCCESS LOOKS LIKE

Within 12 months, the GRC Manager will have:

• Successfully led multiple audit cycles with no significant findings.
• Implemented a scalable third-party risk management framework.
• Matured policy governance and exception tracking processes.
• Delivered executive-level risk reporting dashboards.
• Developed a high-performing GRC team.
• Transitioned the GRC program from reactive compliance to proactive risk leadership.

WHY THIS ROLE IS DIFFERENT

This is not a customer questionnaire or reactive compliance role.

This is a strategic leadership position responsible for:

• Building scalable compliance infrastructure.
• Driving measurable risk reduction.
• Preparing the company for enterprise and federal growth.
• Leading and developing the next generation of GRC professionals.

COMPENSATION INFORMATION: 

Compensation Range: $120,000-$150,000. The range represents base salary only, and does not include company bonus, incentive for sales roles, equity or benefits, as applicable.

This compensation range represents Cyera’s good faith and reasonable estimate of the range of possible compensation for this role at the time of posting, and Cyera may ultimately pay more or less than the posted range. The final salary for this position will be determined in Cyera’s sole discretion, consistent with applicable law, and based on a variety of factors, including but not limited to the employee’s work experience, skills, and qualifications for the role, as well as the needs of Cyera’s business and other operational considerations.

Final compensation will vary based on seniority and relevance of experience, location, and position requirements.

This role may be eligible for potential merit increases based on factors such as individual or company performance, time in role, and other discretionary factors.

BENEFITS - Why Cyera? 

• Ability to work remotely, with office setup reimbursement
• Competitive salary
• Unlimited PTO
• Paid holidays and sick time
• Health, vision, and dental insurance
• Life, short and long-term disability insurance

Location Requirements