Senior Security GRC Lead
$121k - $185kGong
Company Overview Gong harnesses the power of AI to transform how revenue teams win. The Gong Revenue AI Operating System unifies data, insights, and workflows into a single, trusted system that observes, guides, and acts alongside the world’s most successful revenue teams. Powered by the Gong Revenue Graph, AI‑powered intelligence, specialized agents, and trusted applications, Gong helps more than 5,000 companies around the world deeply understand their teams and customers, automate critical sales workflows, and close more deals with less effort. For more information, visit At Gong, you will join a company built on innovative products, ambitious goals, and passionate people. We are shaping the future of revenue intelligence and we want people who are excited to build what comes next. You will work with a team that dreams big, moves fast, and cares deeply about the craft and about each other. Here, transparency and trust are core to how we operate, and every person has the opportunity to make a visible impact. If you want to grow, stretch, and do work that truly matters, Gong is the place to do the best work of your career. Role Summary This is a high‑visibility, high‑impact role at the center of Gong’s security and compliance story. As our Senior GRC Security Lead, you will be the architect of foundational programs we are building — Gong’s first‑ever Common Controls Framework, standing up a formal risk process and register, implementing a GRC tooling ecosystem, and owning the full policy, standards, and exceptions management lifecycle. It’s a role for a builder — someone who thrives in ambiguity, operates with urgency, and finds energy in creating order from complexity. You will work directly with Legal, Sales, Engineering, Customer Audit teams, and executive stakeholders, and your fingerprints will be visible across everything Gong builds for compliance and trust for years to come. Responsibilities Design and implement Gong’s Common Controls Framework, mapping controls across SOC 2, ISO 27001, 27017, 27701, 27018, HIPAA, PCI, and other applicable frameworks. Rationalize overlapping requirements across frameworks to reduce compliance burden and create a single source of truth for control ownership. Partner with Engineering, Infrastructure, and Product Security to embed controls at the architecture level, not just as audit checkboxes. Establish control testing methodology, evidence collection standards, and continuous control monitoring processes. Serve as the subject‑matter expert on control mapping during customer and external audits, RFPs, and enterprise sales engagements. Build Gong’s product & enterprise risk register from the ground up—defining risk taxonomy, scoring methodology, risk appetite thresholds, and ownership models. Implementation of a GRC platform and system of record, and ability to build executive‑level dashboards to track vulnerability, risk, and control remediation. Create and maintain risk treatment plans in partnership with risk owners across the business, tracking remediation milestones and escalating blockers. Develop executive‑level risk reporting cadences and dashboards for the Head of GRC and senior leadership. Own the complete lifecycle of Gong’s information security policy suite—creation, review cycles, version control, and employee acknowledgment tracking. Establish and operate a formal exceptions management program, including intake, risk assessment, approval workflows, compensating controls, and periodic review. Ensure policies remain aligned with evolving regulatory requirements, industry frameworks, and Gong’s rapidly changing technology environment. Drive policy adoption through clear communication, training support, and cross‑functional partnership. Liaise with external auditors and certification bodies for SOC 2, ISO, and other certifications. Qualifications 7+ years of progressive experience in GRC, Information Security, or a closely related function— with meaningful time spent building or scaling programs, not just running them. Demonstrated hands‑on experience building a GRC program at scale—ideally in a high‑growth SaaS or technology company. Deep expertise across multiple compliance and security frameworks, including SOC 2 Type II, ISO 27001, NIST CSF, and at least one regulatory framework (GDPR, CCPA, HIPAA, or equivalent). Experience creating and implementing GRC record of truth/tooling. Strong policy and standards writing ability—capable of translating complex regulatory language into clear, actionable documentation. Experience conducting and managing product & enterprise risk assessments, with a working knowledge of risk quantification methodologies. Proven ability to manage and communicate with senior stakeholders, including Legal, Engineering, and executive audiences. Bachelor’s degree in Information Security, Computer Science, Business, or a related field; equivalent practical experience considered. Relevant certifications strongly preferred: CISSP, CISM, CRISC, CISA, CCSP, or comparable credentials. Benefits Medical, dental, and vision plans designed to fit you and your family’s needs. Wellbeing Fund—flexible wellness stipend to support a healthy lifestyle. Mental health benefits with covered therapy and coaching. 401(k) program to help you invest in your future. Education & learning stipend for personal growth and development. Flexible vacation time to promote a healthy work‑life blend. Paid parental leave to support you and your family. Company‑wide recharge days each quarter. Work‑from‑home stipend to help you succeed in a remote environment. Compensation The annual salary hiring range for this position is $121,000 - $185,000 USD. Compensation is based on factors unique to each candidate, including, but not limited to, job‑related skills, qualification, education, experience, and location. At Gong, we have a location‑based compensation structure, which means there may be a different range for candidates in other locations. The total compensation package for this position, in addition to base compensation, may include incentive compensation, bonus, equity, and benefits. Important Notice We have noticed a rise in recruiting impersonations across the industry, where scammers attempt to access candidates' personal and financial information through fake interviews and offers. All Gong recruiting email communications will always come from the @gong.io domain. Any outreach claiming to be from Gong via other sources should be ignored. Equal‑Opportunity Employer Statement Gong is an equal‑opportunity employer. We believe that diversity is integral to our success, and do not discriminate based on race, color, religion, age, sex, sexual orientation, gender identity, national origin, disability, military status, genetic information, or any other basis protected by applicable law. Privacy Policy To review Gong's privacy policy, visit for more details. #J-18808-Ljbffr Gong
$121k - $185k
...work of your career. Role Summary This is a high‑visibility, high‑impact role at the center of Gong’s security and compliance story. As our Senior GRC Security Lead, you will be the architect of foundational programs we are building — Gong’s first‑ever Common Controls...SeniorRemote workWork from homeFlexible hours$193.8k - $228k
A leading technology company in San Francisco seeks a Senior GRC Analyst II. In this role, you will manage the Governance, Risk, and Compliance program, ensuring it aligns with security strategies. Candidates should have a strong knowledge of information security frameworks...Senior- Gong is seeking a Senior GRC Security Lead to architect foundational security programs as part of their compliance and trust initiatives. This role involves designing and implementing Gong's Common Controls Framework and working closely with engineering, legal, and audit...Senior
- ...seeking a governance, risk, and compliance analyst to shape and lead our program. You will drive frameworks like SOC2, ISO 27001 and... .... The role emphasizes cross-functional collaboration across IT, Security, GTM, and Engineering in a data‑driven environment. #J-18808-Ljbffr...Senior
$153.6k - $192k
...intention. Our teams span Software, Data, Security, and IT, and operate with high autonomy... ...with technical execution. As a Senior GRC Engineer, you will drive critical GRC processes... ...partners by producing documentation and leading training sessions Evangelize best practices...SeniorWork at officeImmediate startRemote workWork from home- Responsibilities Pallet is hiring its first dedicated GRC leader to own how we earn and keep trust:... ...deals at Pallet increasingly hinge on security posture. You’ll sit in on customer... ...seat with a clear path to building and leading a team Run SOC 1 and SOC 2 Type II audit...Temporary workLive inWork at officeRemote workFlexible hours
- Figma Job is looking for compliance and risk management professionals to join their GRC team. The ideal candidate will lead compliance programs across security frameworks like SOC2 and manage audits. The position offers the opportunity to improve processes and enhance organizational...Remote jobFull time
- Salesforce is seeking a Manager of Governance, Risk, and Compliance Security Automation to lead compliance automation capabilities. This role requires 8+ years of experience in GRC, Cybersecurity, or Software Engineering. You will design automated solutions, lead a team...
- Brex LLC is seeking a Senior GRC Engineer based in San Francisco to drive critical Governance, Risk, and Compliance processes. This role emphasizes automating security controls and integrating security tools, ensuring compliance as the company expands. Candidates should...Senior
- Postman is seeking a Senior GRC Engineer to design and operate automation for governance, risk, and compliance across our security program. You will partner with Security, Engineering, IT, Legal, and Sales to drive continuous controls and scalable solutions. The role focuses...Senior
- ...Nscale Ltd. is seeking a Senior Workday Analyst to own Workday across Europe, North America... ...You’ll set direction for configuration, security, and usage, reporting to the Director,... ...compliance as we scale. The role includes leading platform stability, release management, and...Senior
$161.6k - $202k
Headway in San Francisco is seeking a Senior Governance, Risk, Compliance (GRC) Analyst to join their Security team. This role focuses on handling sensitive health data and supporting security certifications like HITRUST and SOC 2. Candidates should have over 5 years of...SeniorFlexible hours- ...seeking a Sr Manager for InfoSec Governance Risk and Compliance (GRC) in San Francisco, California. The role involves managing a... ...compliance efforts, while serving as a subject matter expert on security frameworks. The ideal candidate will have over 7 years managing...
$150.9k - $226.3k
jobr.pro is seeking an Incident Response Technical Program Manager in San Francisco, CA, to lead security incident responses and develop coordination processes. This senior role demands collaboration across engineering, security, and customer teams to ensure effective...Senior- ...Controls Specialist responsible for managing cybersecurity risks and controls. In this role, you will work closely with information security teams, oversee risk and compliance policies, and promote security risk awareness activities. The ideal candidate has at least 7...Senior
$127k - $249k
Insider, Inc. is seeking an experienced Senior or Staff Engineer for their SRE, InfraSec team based in San Francisco. This role involves guiding the security of cloud infrastructure, leading teams, and implementing security solutions across AWS, Azure, and GCP. Candidates...SeniorFlexible hours- ...of technology risk management activities across infrastructure, security, product, and data domains. You will challenge first‑line risk... ...decisions, assess control design, and report on risk indicators to senior leadership. Ideal candidates have extensive experience in...Senior
- Aurora is seeking a Staff Technical Program Manager, Vehicle Security to lead cross-team security programs spanning vehicle and platform security. You will own program governance and drive end-to-end execution for the Aurora Driver platform, coordinating across hardware...Senior
- # Senior Offensive Security ManagerSenior Offensive Security Manager at Postman. Who Are We? Postman is the world’s leading API platform, used by more than 45 million+ developers and 500,000 organizations, including 98% of the Fortune 500. Postman is helping developers...Senior
- Vapi Inc. is seeking a DevSecOps Lead based in San Francisco, CA. This pivotal role involves enhancing the security posture for our Fortune 500 clients, ensuring compliance, and building robust security automation systems. The ideal candidate has 5-10 years of experience...Senior
- A leading blockchain and AI platform in San Francisco is seeking a Senior Site Reliability Engineer to ensure the reliability and security of their production infrastructure. You will maintain blockchain infrastructure, build automation, and collaborate with teams to embed...SeniorRemote work
$232k - $290k
Ripple is seeking a Senior Staff Security Engineer in San Francisco, focusing on AI Security and contributing to the company’s security posture. The role involves driving AI security strategy, implementing controls, and engaging in regulatory discussions. With a competitive...Senior- ...schedule Position Summary We are seeking a highly experienced Senior Event Center Lead to provide strategic and operational leadership for a high-... ...venue logistics, including vendor coordination, catering, security, facilities, and overall event readiness Navigate...SeniorWork at office
- ...privacy by design and customer trust. You will implement frameworks like SOC 2, ISO 27001 and HIPAA, ensure GDPR/CCPA/CPRA compliance, design scalable audit processes and a robust GRC platform, and help lead regulatory strategy for AI safety. #J-18808-Ljbffr Perplexity
$193.8k - $228k
Senior GRC Analyst II job at Carta. San Francisco, CA. The Problems You'll Solve As a Senior... ...risk frameworks. You will build and run security compliance programs to measure and... ...business objectives. Develop, maintain, and lead the adoption of security policies,...SeniorFull time- Gravity Engineering Services Pvt Ltd. is seeking a seasoned security engineer in San Francisco to lead the product security strategy. Your role will focus on defining secure design principles, conducting threat modeling, and managing security processes across cross-functional...Senior
- The Bay Area Air Quality Management District is seeking a Senior Systems Analyst to lead technology initiatives that support public health and environmental goals. This role offers opportunities in operations, cybersecurity, and business analysis. As a key member of the...SeniorFull time
- A leading gaming platform is seeking a Senior Enterprise Security Engineer to enhance the security of its enterprise environment. The candidate will design security measures, deploy tools, ensure compliance with policies, and foster a culture of security awareness. Ideal...SeniorWork at office
- ...shape and run our compliance and risk management program. You will lead the implementation of frameworks, oversee data privacy... ...audit/compliance, automation using AI, and collaboration across IT, Security, GTM, and Engineering. You will help drive customer trust by staying...Senior
- A leading cloud security firm is seeking a Senior Cloud Security Engineer to ensure the security and compliance of their cloud infrastructure. The role involves developing security policies, mentoring teams, and conducting audits for compliance with industry standards....SeniorRemote jobFlexible hours
Do you want to receive more vacancies?
Subscribe and receive similar vacancies to Senior Security GRC Lead. Be the first to apply!
- senior trade analyst San Francisco, CA
- senior app developer San Francisco, CA
- senior customer service advisor San Francisco, CA
- senior international account manager San Francisco, CA
- senior product manager mobile San Francisco, CA
- senior magento developer San Francisco, CA
- senior quantitative risk analyst San Francisco, CA
- senior business development director San Francisco, CA
- sr marketing manager San Francisco, CA
- sr technical product manager San Francisco, CA

