Public summary
Seeking an experienced GRC Program Manager to oversee compliance, risk, and security operations frameworks, focusing on strategic design and stakeholder coordination rather than routine audit tasks. The role includes end-to-end ownership of frameworks such as SOC 2, ISO 27001, GDPR, and emerging AI regulations, managing auditor relationships, and driving continuous improvements in security operations processes. Opportunity to work in a fast-growing AI-first SaaS scale-up with flexible remote options.
Location and work setup
- Location
- Munich
- Remote status
- Unknown
- German requirement signal
- No German Required Detected
- Detected job language
- English
Responsibilities
Own assigned compliance frameworks end-to-end, including interpretation, control mapping, audit readiness, and managing external auditor relationships. Coordinate cross-functional teams to embed controls into workflows. Define and govern security operations processes including detection and incident response. Design policies, assessment methodologies, and organizational frameworks. Enable control owners with clear expectations. Oversee automation and AI tools to replace routine compliance tasks, focusing human effort on complex judgment calls.
Qualifications
Minimum 4 years experience in GRC, compliance, security operations or audit roles with proven ownership of compliance frameworks or security programs. Deep knowledge of ISO 27001, SOC 2, GDPR, CCPA and experience managing audits independently. Strong stakeholder management and ability to design custom control mappings. Experience with GRC platforms and automation workflows. Comfortable with ambiguity and regulatory interpretation in cloud-native environments, preferably AWS. Excellent written communication skills. AI-first mindset using AI tools to optimize workflows. Certifications like CISA, CRISC, CIPP/E or ISO 27001 Lead Auditor are a plus. Experience in SaaS and security operations frameworks desirable.