Search all jobs
Browse jobsSan Francisco, CA › Governance, Risk & Compliance (GRC) Manager

Governance, Risk & Compliance (GRC) Manager

Sigmacomputing · San francisco, CA · Posted Jun 10, 2026

Apply on company site   Track it in JobSkout

Governance, Risk Compliance (GRC) Manager

Sigma is seeking an experienced GRC Manager to lead and scale our governance, risk, and compliance programs. This role is based in our San Francisco office or upcoming New York office and reports to the General Counsel. You'll have the opportunity to build a strategic, enterprise-wide GRC function that enables business growth while managing organizational risk.

As our GRC Manager, you'll partner with Legal, Engineering, Product, Sales, Operations, and leadership to develop a comprehensive GRC framework that protects Sigma's interests, supports our strategic objectives, and builds stakeholder trust. You'll mature our governance structures, implement scalable risk management processes, and ensure compliance with applicable regulatory requirements—all while enabling the business to move quickly and confidently.

What You'll Do

Governance

Design and implement governance frameworks, including reporting, policy governance, and control oversight

Establish and maintain enterprise policies, standards, and procedures across technology, security, privacy, and operational functions

Build and lead a governance committee structure that provides appropriate oversight and decision-making

Create governance dashboards and metrics to provide visibility into program maturity and effectiveness

Partner with leadership to align governance activities with business strategy and risk appetite

Risk Management

Develop and operate a comprehensive Enterprise Risk Management (ERM) program

Conduct regular enterprise-wide risk assessments and maintain a dynamic risk register

Build and maintain business continuity and disaster recovery programs, including regular testing and tabletop exercises

Implement third-party risk management processes, including vendor risk assessments, contract reviews, and ongoing monitoring

Create risk treatment plans and track remediation activities across the organization

Facilitate risk-informed decision-making at all levels of the organization

Coordinate with functional leaders to ensure risks across all business areas are identified and managed appropriately

Compliance

Own audit and certification programs including SOC 2, ISO 27001, HIPAA, and other relevant standards

Develop and maintain compliance monitoring programs to track regulatory changes and work with the legal team to assess impact

Partner with HR and Legal to support labor employment compliance programs, including workplace safety, anti-discrimination, wage and hour requirements, and multi-jurisdictional employment regulations

Monitor and ensure adherence to industry-specific regulatory requirements relevant to Sigma's business operations

Manage security awareness training programs enterprise-wide

Conduct internal audits and assessments to validate control effectiveness

Coordinate external audits and assessments with third-party auditors

Business Enablement

Support sales and customer success teams with compliance documentation and security inquiries

Develop customer-facing materials that articulate Sigma's risk management and compliance posture

Complete and manage responses to customer security questionnaires and assessments (VSAs, SIGs, custom questionnaires)

Enable efficient deal cycles by maintaining ready-to-use compliance artifacts, trust center content, and documentation

Partner with Sales Engineering and Solutions teams to address prospect security and compliance requirements

What You Bring

Required

4+ years of experience in governance, risk management, and/or compliance roles, preferably in SaaS or technology companies

Demonstrated experience building or significantly maturing a GRC program from the ground up

Track record of successfully leading certification audits (SOC 2, ISO 27001, HIPAA, or similar)

Experience implementing risk management frameworks (COSO, ISO 31000, NIST RMF, or similar)

Strong knowledge of data privacy regulations and their practical application (GDPR, CCPA, etc.)

Experience developing and maintaining information security and privacy policies, procedures, and control frameworks

Strong business acumen with ability to translate risk and compliance requirements into business value

Excellent communication skills with ability to influence stakeholders at all levels, including leadership

Proven ability to manage multiple priorities and stakeholders in a fast-paced, high-growth environment

Collaborative mindset and commitment to enabling business success while managing risk

Preferred

Experience with GRC platforms (ServiceNow GRC, Archer, LogicGate, or similar)

Hands-on experience with cloud environments (GCP, AWS, Azure) from a compliance and security perspective

Experience with labor employment compliance or cross-functional collaboration with HR on regulatory matters

Familiarity with multi-state or international employment regulations

Experience with continuous compliance automation tools (Vanta, Drata, Secureframe, Tugboat, or simila…

Apply on company site