Search all jobs
Browse jobs › GRC Manager

GRC Manager

Mattermost · United States · Posted Jul 2, 2026

Apply on company site   Track it in JobSkout

Mattermost is the leading collaborative workflow platform for defense, intelligence, security, and critical infrastructure. Trusted by the U.S. Department of War and Fortune 500s, our platform runs on-premises and in private clouds, delivering secure messaging, file sharing, workflow automation, audio/screenshare, and project management—all with full data and operational control. Mattermost powers high-stakes workflows across mission planning, real-time, real-world operations, DevSecOps, incident response, and cyber defense—enabling secure collaboration from tactical edge and DDIL environments to enterprise HQ. Teams operate across web, desktop, and mobile, with embedded interoperability for Microsoft Teams, Outlook, and Microsoft 365.

To learn more, visit www.mattermost.com

Mattermost is hiring a GRC Manager to own and modernize our governance, risk, and compliance program across both federal and commercial markets.

This is a program-ownership role for someone who brings a modern, engineering-led approach to compliance — harnessing GRC engineering and AI to reduce manual effort and scale our programs. You will own Mattermost's compliance posture end to end, accountable for our federal readiness and commercial certifications, and you will modernize how we run them: automated, continuously monitored, and AI-native.

You will do the hands-on compliance work while coordinating across internal stakeholders in engineering, infrastructure, and IT who implement controls, the external auditors who assess them, and the customers whose trust rests on the outcome. As the program scales, you will grow and lead the team behind it.

What You'll Do

Own and modernize Mattermost's compliance programs across federal and commercial markets

Lead readiness, certification, and surveillance cycles across both programs

Operate the risk management program end to end — from identification and assessment through treatment and acceptance

Own the third-party and vendor risk management program, including security assessments and supply chain risk

Apply GRC engineering and automation to replace manual evidence collection with continuous controls monitoring

Build AI-native workflows to accelerate and improve the quality of recurring compliance work

Maintain the control library, system security plans, POA Ms, and policies

Coordinate external audits from scoping through remediation

Accelerate deal cycles by owning customer security questionnaires, trust center content, and reusable compliance artifacts

Grow and lead the GRC team as the program scales

What We're Looking For

Bachelor's degree in computer science, information security, or related field — or significant professional GRC and compliance experience

Proven senior-level experience in governance, risk, and compliance, security compliance, or IT audit, including direct ownership of a certification or authorization program

Experience with U.S. Federal standards including CMMC and NIST series (800-171 / 800-53)

Experience with ISO 27001 and SOC 2 Type II

Experience operating a formal risk management program

Experience running a third-party and vendor risk management program

Experience owning customer-facing security assurance, including security questionnaires and trust center content

Working knowledge of security controls for cloud environments (AWS, GCP, and/or Azure)

Excellent written and verbal communication skills

Nice to Have

Professional GRC certifications such as CISA, CRISC, CISM, CISSP, or CIPP

Experience working with AI platforms such as Claude, OpenAI, or Gemini

Experience with compliance automation tooling such as Vanta or Drata, and continuous controls monitoring

Direct experience applying AI or LLM-based workflows to GRC tasks

Proficiency in no-code automation or scripting languages

Past success in critical infrastructure industries including defense, cybersecurity, communications, or manufacturing

How Success Is Measured

CMMC Level 2 gap assessment and readiness roadmap delivered within first 90 days

SOC 2 Type II and ISO 27001 audit cycles completed on time without slippage

Manual evidence collection replaced with automated, continuously monitored controls

Customer security questionnaires and trust center content maintained to unblock deal cycles

GRC team grown and operating as a scalable, program-driven function

Why Mattermost

Mission-driven work: Your contributions directly support the organizations and missions that depend on secure, reliable collaboration

Remote-first culture: Work from anywhere with a globally distributed, high-trust team built for autonomy and ownership

Open source at the core: Be part of a vibrant developer community shaping the future of secure collaboration

AI-forward environment: We actively adopt and build AI-enabled workflows — you'll work with and on cutting-edge tooling

Unique scope: Own the compliance program end to end across both federal and commercial markets at a high-growth Series B company

Apply on company site