Senior Security GRC Lead
$121k - $185kGong.io
Gong harnesses the power of AI to transform how revenue teams win. The Gong Revenue AI Operating System unifies data, insights, and workflows into a single, trusted system that observes, guides, and acts alongside the world's most successful revenue teams. Powered by the Gong Revenue Graph, AI-powered intelligence, specialized agents, and trusted applications, Gong helps more than 5,000 companies around the world deeply understand their teams and customers, automate critical sales workflows, and close more deals with less effort. For more information, visit
At Gong, you will join a company built on innovative products, ambitious goals, and passionate people. We are shaping the future of revenue intelligence and we want people who are excited to build what comes next. You will work with a team that dreams big, moves fast, and cares deeply about the craft and about each other. Here, transparency and trust are core to how we operate, and every person has the opportunity to make a visible impact. If you want to grow, stretch, and do work that truly matters, Gong is the place to do the best work of your career. This is a high-visibility, high-impact role at the center of Gong's security and compliance story. As our Senior GRC Security Lead, you will be the architect of foundational programs we are building - Gong's first-ever Common Controls Framework, standing up a formal risk process and register, implementing a GRC tooling ecosystem, and owning the full policy, standards, and exceptions management lifecycle. This is not a role for someone looking to inherit a mature program. It's a role for a builder - someone who thrives in ambiguity, operates with urgency, and finds energy in creating order from complexity. You will work directly with Legal, Sales, Engineering, Customer Audit teams, and executive stakeholders, and your fingerprints will be visible across everything Gong builds for compliance and trust for years to come. RESPONSIBILITIES- Design and implement Gong's Common Controls Framework, mapping controls across SOC 2, ISO 27001, 27017, 27701, 27018, HIPAA, PCI, and other applicable frameworks.
- Rationalize overlapping requirements across frameworks to reduce compliance burden and create a single source of truth for control ownership.
- Partner with Engineering, Infrastructure, and Product Security to embed controls at the architecture level, not just as audit checkboxes.
- Establish control testing methodology, evidence collection standards, and continuous control monitoring processes.
- Serve as the subject-matter expert on control mapping during customer and external audits, RFPs, and enterprise sales engagements.
- Build Gong's product & enterprise risk register from the ground up - defining risk taxonomy, scoring methodology, risk appetite thresholds, and ownership models.
- Implementation of a GRC platform and system of record, and ability to build executive level dashboards to track vulnerability, risk, and control remediation.
- Create and maintain risk treatment plans in partnership with risk owners across the business, tracking remediation milestones and escalating blockers.
- Develop executive-level risk reporting cadences and dashboards for the Head of GRC and senior leadership.
- Own the complete lifecycle of Gong's information security policy suite - creation, review cycles, version control, and employee acknowledgment tracking.
- Establish and operate a formal exceptions management program, including intake, risk assessment, approval workflows, compensating controls, and periodic review.
- Ensure policies remain aligned with evolving regulatory requirements, industry frameworks, and Gong's rapidly changing technology environment.
- Drive policy adoption through clear communication, training support, and cross-functional partnership.
- Liaise with external auditors and certification bodies for SOC 2, ISO, and other certifications
- 7+ years of progressive experience in GRC, Information Security, or a closely related function - with meaningful time spent building or scaling programs, not just running them.
- Demonstrated hands-on experience building a GRC program at scale - ideally in a high-growth SaaS or technology company.
- Deep expertise across multiple compliance and security frameworks, including SOC 2 Type II, ISO 27001, NIST CSF, and at least one regulatory framework (GDPR, CCPA, HIPAA, or equivalent).
- Experience creating and implementing GRC Record of Truth/Tooling.
- Strong policy and standards writing ability - capable of translating complex regulatory language into clear, actionable documentation.
- Experience conducting and managing product & enterprise risk assessments, with a working knowledge of risk quantification methodologies.
- Proven ability to manage and communicate with senior stakeholders, including Legal, Engineering, and executive audiences.
- Bachelor's degree in Information Security, Computer Science, Business, or a related field; equivalent practical experience considered.
- Relevant certifications strongly preferred: CISSP, CISM, CRISC, CISA, CCSP, or comparable credentials.
- We offer Gongsters a variety of medical, dental, and vision plans, designed to fit you and your family's needs.
- Wellbeing Fund - flexible wellness stipend to support a healthy lifestyle.
- Mental Health benefits with covered therapy and coaching.
- 401(k) program to help you invest in your future.
- Education & learning stipend for personal growth and development.
- Flexible vacation time to promote a healthy work-life blend.
- Paid parental leave to support you and your family.
- Company-wide recharge days each quarter.
- Work from home stipend to help you succeed in a remote environment.
The annual salary hiring range for this position is $121,000 - $185,000 USD. Compensation is based on factors unique to each candidate, including, but not limited to, job-related skills, qualification, education, experience, and location. At Gong, we have a location-based compensation structure, which means there may be a different range for candidates in other locations. The total compensation package for this position, in addition to base compensation, may include incentive compensation, bonus, equity, and benefits. Some of our sales compensation programs also offer the potential to achieve above targeted earnings for those who exceed their sales targets.
We are always looking for outstanding Gongsters! So if this sounds like something that interests you regardless of compensation, please reach out. We may have more roles for you to consider and would love to connect. We have noticed a rise in recruiting impersonations across the industry, where scammers attempt to access candidates' personal and financial information through fake interviews and offers. All Gong recruiting email communications will always come from the @gong.io domain. Any outreach claiming to be from Gong via other sources should be ignored. Gong is an equal-opportunity employer. We believe that diversity is integral to our success, and do not discriminate based on race, color, religion, age, sex, sexual orientation, gender identity, national origin, disability, military status, genetic information, or any other basis protected by applicable law. To review Gong's privacy policy, visit for more details. #LI-SM1
- ManpowerGroup Global, Inc. is seeking a Sr Cybersecurity GRC Associate to support cybersecurity governance, risk management, and compliance... ...maintaining and enhancing the organization’s Information Security Framework, executing GRC platforms, and conducting risk assessments...Senior
- Kirkland & Ellis in Chicago is seeking a Security GRC Specialist II to lead governance, risk, and compliance efforts. This role requires a strong background in Information Security, technical writing, and risk management. The ideal candidate will have at least five years...SuggestedFlexible hours
- Medium is hiring a Security Consultant in Chicago, Illinois, to assess and manage security compliance across client firms. This role requires deep knowledge of cybersecurity frameworks, government compliance (like FISMA and FedRAMP), and significant consulting experience...SeniorRemote jobWork experience placement
- Evolve Security is looking for a Senior Application Security Tester & AI Red Team Subject Matter Expert in Chicago, IL. In this senior-level role, you will lead application penetration tests and be a key authority in AI-enabled security practices. Candidates should have...SeniorFlexible hours
$125k - $160k
...Business Continuity and Disaster Recovery (BC/DR) initiatives. The role involves an emphasis on compliance, risk management, and security awareness, ensuring continuous improvement of enterprise processes. Candidates should possess a Bachelor's degree, relevant cybersecurity...Senior$70k - $94k
Strata Decision Technology is looking for a Senior Compliance Associate to join their IT team in Chicago, IL. The role requires expertise in IT governance, risk, and compliance, with a focus on achieving HITRUST and SOC compliance. Candidates should have 4+ years of experience...SeniorWork from home£65k - £134k per year
Coalfire is looking for a Senior Consultant in Chicago to lead projects involving application security assessments. You will perform comprehensive penetration testing, manage client engagements, and mentor junior staff. Ideal candidates have a solid background in application...SeniorFlexible hours- Keeper Security is seeking a motivated Senior Distribution Account Manager to support the MSP team remotely. This role involves managing relationships with MSP distributors, such as Pax8, and driving revenue growth in the MSP ecosystem. Successful candidates will have...SeniorRemote job
- A leading food retailer is seeking an ADUSA Security Manager to oversee the Security Patching team and protect the environment from cyber risks. The ideal candidate will have over 10 years of experience in IT security patching and strong leadership skills. Responsibilities...Senior
- Corient Services LLC in Chicago, Illinois is looking for a qualified professional to lead the Business Continuity and Disaster Recovery (BC/DR) program, enhance information security governance, and manage compliance and risk. The ideal candidate will have a Bachelor's...Senior
- TREW LLC is seeking a Senior Salesforce Administrator based in Chicago, Illinois. This role... ...to our growth strategy and involves leading the creation of Trew’s Salesforce environment... .... You will oversee user management, security protocols, and coordinate integrations with...Senior
- Griffith Foods Limited is seeking a Senior Microsoft 365 and Power Platform Solutions Analyst in Alsip. This hybrid position focuses... ...effectively utilize Microsoft 365 and Power Platform, ensuring security and compliance are maintained. Key responsibilities include platform...SeniorFlexible hours
- Reverb is seeking a security professional to join our team in Chicago, focusing on comprehensive security strategies that protect our systems and clients from threats. The ideal candidate will have extensive experience in security domains and collaborate across teams to...SeniorFull time
- Itlearn360 is seeking a Senior Physical Security Consultant in Chicago, IL, responsible for identifying security risks and coordinating security-related activities. The ideal candidate will have 4-7 years of physical security experience, preferably with a bachelor’s degree...Senior
$130k - $160k
Medium is seeking a Senior Microsoft Engineer in Chicago, Illinois. You will be responsible for managing and supporting clients' Microsoft‑based IT infrastructure, requiring expertise in various Microsoft technologies. In this role, you will provide technical leadership...Senior- Independence Pet Holdings is seeking a Lead Cybersecurity Engineer in Chicago, Illinois. This role involves implementing strong cloud security standards across multiple environments, ensuring compliance with security frameworks, and supporting a unified enterprise security...Senior
- Northern Trust Corp is looking for a Sr Lead, Cloud Security Engineer to ensure the security and compliance of cloud environments in Chicago, IL. This individual will focus on implementing security controls and collaborating with development teams. The ideal candidate...Senior
$150k - $180k
Benchmark Analytics is hiring a Senior DevSecOps Engineer to enhance security practices within their AWS and Kubernetes environments. This role involves designing secure cloud infrastructure, automating deployment pipelines, and managing IAM strategies. Candidates should...SeniorRemote job$96.7k - $148.1k
Constellation Brands seeks a Sr. Information Security Analyst in Chicago, IL, responsible for monitoring cybersecurity threats, providing escalation support, and mentoring SOC analysts. The ideal candidate has a Bachelor's in Cybersecurity or related field, at least 5...SeniorFull time- The Senior Application Security Tester & AI Red Team Subject Matter Expert is a senior-level offensive security role for a tester who has mastered... ...produces publication-quality reports with no editorial rework, leads CISO and engineering-leader briefings, and de-escalates...SeniorWork experience placementLocal areaFlexible hours
$164.6k - $288k
Northern Trust Corp is seeking a Senior Principal Engineer in Chicago to deliver innovative financial solutions. In this role, you will... ...ServiceNow solutions that drive measurable business outcomes in the GRC/IRM domains. The ideal candidate will possess strong expertise...Senior- ...Managing Principal with extensive consulting experience in information security. This role requires leadership in client delivery engagements... .... The ideal candidate will facilitate strategy sessions, lead engagement teams, and maintain expertise in security domains. A...Senior
- PwC South Africa in Chicago is seeking an SAP Business Process & IT Controls Manager to lead consulting services focused on SAP compliance and security. In this role, you will mentor team members and drive strategic initiatives while ensuring operational efficiency. The...Senior
- A leading digital security firm is seeking a Senior Marketing Manager who will develop and execute comprehensive marketing strategies aimed at enhancing brand visibility and accelerating revenue growth. The ideal candidate should possess extensive experience in B2B marketing...SeniorRemote job
$96k - $181k
A leading security firm seeks a Senior Cybersecurity Risk Oversight Professional in Chicago to provide independent oversight and manage operational risks in technology and information security. The ideal candidate will have a Bachelor’s degree in a relevant field, at least...Senior- Trustpoint.One is searching for an experienced Securities & Capital Markets Senior Associate or Junior Partner to join their thriving practice in Chicago. The role involves advising clients on SEC filings, counseling on compliance matters, and supporting M&A transactions...Senior
$132.5k - $218.3k
...will not be considered for employment. What You’ll Do The Lead Associate Principal, Security Assurance is responsible for leading the scoping,... ...etc. Experience working in ServiceNow, Tableau, Archer GRC, Jira, and Confluence Education and/or Experience 5 years...Local areaRemote work2 days per week- A technology solutions provider in Chicago is looking for a Senior Solution Architect to lead the design and implementation of ServiceNow Integrated Risk Management and Governance, Risk, and Compliance solutions. The ideal candidate will have over 10 years of experience...Senior
- ...Compliance Officer to join our Information Security - Risk & Compliance team, so that we can... ...serve as the dedicated compliance delivery lead for our 18-month authorization program and... ...years' experience in security compliance or GRC roles within CSPs, SaaS vendors, or...Local areaRemote workWorldwide
$83.1k - $141.3k
...most sophisticated clients using leading technology and exceptional... ...Governance, Risk and Compliance (GRC) team within Northern Trust ’s... ...compliant manner. Engage with senior stakeholders across Lines of... ...Master’s degree in Information Security, Computer Science, or a related...Visa sponsorshipWork visa
Do you want to receive more vacancies?
Subscribe and receive similar vacancies to Senior Security GRC Lead. Be the first to apply!
- senior cloud service delivery manager Chicago, IL
- senior business analyst contract Chicago, IL
- senior product design engineer Chicago, IL
- senior game producer Chicago, IL
- senior software manager Chicago, IL
- senior creative strategist Chicago, IL
- senior manager business analytics Chicago, IL
- senior marketing account manager Chicago, IL
- senior marketing manager Chicago, IL
- senior contracts analyst Chicago, IL

