GRC Manager
Job Description
Job Description
About the Role
CloudZero is growing fast. Our customer base is expanding, the regulatory and risk landscape is getting more complex, and the business needs a GRC function that can keep pace. As the GRC Manager at CloudZero, you’ll own and scale our governance, risk, and compliance programs across the organization.
Reporting to the Sr. Director of IT & Security within the Office of the CTO organization, you’ll partner closely with Legal, Engineering, Product, Sales, and G&A to build a GRC function that protects CloudZero’s interests, earns customer trust, and gives the business the confidence to move quickly.
This is a high-impact, highly cross-functional role. You’ll be as comfortable presenting a risk register to leadership as you are helping a sales team close a deal with the right compliance documentation. This is a hybrid role with an expectation of in-office presence 2–3 days per week.
What You’ll Do Design and Operate the GRC FrameworkDesign and operate a comprehensive GRC framework spanning governance structures, enterprise risk management, and compliance programs that grows alongside CloudZero’s business
Own audit and certification programs including SOC 2 and other relevant standards, coordinating across internal teams and third-party auditors to drive successful outcomes
Own the development, maintenance, and ongoing improvement of CloudZero’s security and privacy policies and procedures, ensuring they’re current, practical, and embedded into how teams actually operate
Lead regular enterprise risk assessments, maintain a living risk register, and create an environment where risk-informed decision-making happens at every level of the organization
Serve as a key stakeholder in building CloudZero’s AI Governance & Strategic Risk strategy
Take full ownership of business continuity and disaster recovery programs, including program design, documentation, regular testing cycles, and tabletop exercises — ensuring operational preparedness when it matters most
Build and manage third-party risk management processes, including vendor due diligence, contract reviews, and ongoing monitoring throughout the vendor lifecycle
Track regulatory developments alongside the Legal team, ensuring CloudZero meets its obligations under GDPR, CCPA, and other applicable requirements
Manage the company’s security awareness training program and run internal audits to validate that controls are working as intended
Own the security questionnaire and assessment process — including VSAs, SIGs, and custom customer requests — with a primary focus on building and scaling tooling and automation that makes high-quality responses fast and repeatable
Review and redline security and data privacy language in customer and prospect contracts, working closely with Legal to protect CloudZero’s interests while keeping deals on track
Build and maintain a library of pre-approved security responses, compliance artifacts, and contract language so the team isn’t starting from scratch on every deal
Actively identify and implement tooling to automate questionnaire responses and security review workflows, reducing manual effort and accelerating deal cycles without sacrificing quality
Maintain and continuously improve CloudZero’s trust center, ensuring prospective customers have ready access to up-to-date security and compliance documentation
Partner with Sales Engineering and Solutions teams to address security and compliance requirements early in the sales cycle, removing friction before it becomes a blocker
5+ years of experience in governance, risk, and/or compliance roles, ideally within a SaaS or cloud technology company
Proven experience building or significantly maturing a GRC program, with direct, hands-on involvement in SOC 2 or similar certification audits
Working knowledge of established risk management frameworks such as COSO, ISO 31000, or NIST RMF
Solid understanding of GDPR, CCPA, and how data privacy obligations translate into practical controls and policies
Strong communicator who can make risk and compliance topics accessible and actionable for technical teams, business partners, and senior leadership alike
Ability to drive initiatives from scoping through completion while keeping multiple workstreams moving in a fast-paced environment
A business-enabling mindset — you treat compliance as something that creates competitive advantage, not just something that checks boxes
Prior experience at a SaaS technology startup
Hands-on technical experience with GCP, AWS, or Azure from a security and compliance lens
Experience working with Vanta or Drata for continuous compliance monitoring and automation
Experience with security questionnaire automation tools such as Loopio, Iris, or similar solutions
Professional certifications such as CRISC, CISA, CISM, CISSP, or CIPP
Familiarity with security frameworks including NIST CSF, CIS Controls, or OWASP
Proven ability to partner cross-functionally across departments to drive compliance goals and outcomes
Curiosity and enthusiasm for leveraging AI tools (such as Claude, Claude Code, or similar) to work smarter, automate repetitive tasks, and continuously find new ways to drive efficiency across the GRC function
Cloud cost management is one of the biggest challenges organizations face today. As cloud adoption continues to accelerate, so do the complexities and costs associated with it, and macroeconomic conditions only increase pressure to prove cloud efficiency.
CloudZero is a SaaS platform at the intersection of next-generation cloud cost management and FinOps. We ingest billing and usage data from all cloud, SaaS, and PaaS providers, organize it in real time according to our customers’ business structures, and empower organizations to make more informed business decisions.
Since our founding in 2016, our mission has been to make efficient innovation a reality for every cloud-driven organization. We believe every engineering decision is a buying decision, and we’re applying proven reliability engineering principles to financial efficiency.
We believe the best AI empowers users with clear insights and confident decisions, transforming complex cloud cost data into actionable intelligence that drives meaningful business outcomes.
To date, we’ve raised over $56 million from leading venture capital firms. We’re solving problems of massive scale, business importance, and complexity in a space that needs it more than ever.
Equal Opportunity EmployerCloudZero is an equal opportunity employer and values diversity. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status or disability status. All job offers are contingent upon the candidate passing background and reference checks.
Compensation Range: $150K - $190K
Recommended Jobs
Preschool Teacher Assistant
Job Description Job Description Overview What You’ll Do Support a positive and respectful classroom environment , ensuring each child is treated with care, dignity, and respect. Greet …
Junior Pastry Sous Chef
We are looking for a skilled and passionate Junior Pastry Sous Chef to join the opening pastry team at La Petite Maison (LPM) in Boston. LPM is a globally recognized French-Mediterranean restauran…
HOUSEKEEPER (FULL TIME)
Job Description Job Description We are hiring immediately for full time HOUSEKEEPER positions. Location : Metrowest Medical Center Leonard - 67 Union Street, Natick, MA 01760. Note: onl…
Caregivers with Office Skills
Job Description Job Description Guardian Angel Senior Services are looking for compassionate, dependable individuals to join our team as Caregivers with Office Support Skills . who also have st…
Staff Machine Learning Engineer, ML Infrastructure
Job Description Job Description About SimpliSafe We're a high-tech home security company that's passionate about protecting the life you've built and our mission of keeping Every Home Secure. An…
Project Manager
Job Description Job Description Salary: $60,000.00 - $110,000.00 total potential compensation + benefit package POSITION SUMMARY Egan Landscape Group offers competitive compensation, strong…
Associate Director, Technical Operations - MFG Test
As the Associate Director, Technical Operations - MFG Test, you will define and execute the strategic roadmap for providing world-class manufacturing test solutions for the production of robotics syst…
Automotive Sales Professional - Ira Acura of Westwood
Job Description Job Description Overview Ira Acura of Westwood is part of fast growing Group 1 Automotive , a leader in automotive retail and we are looking to add a qualified Automotive S…
Earn $6,000-$12,000+ Per Month | Freight Dispatchers Wanted (Experienced & Entry-Level)
Earn $6,000–$12,000+ Per Month | Freight Dispatchers Wanted (Experienced & Entry-Level) Truck Driver Nation is expanding and we are hiring both experienced and entry-level freight dispatchers who a…
General Manager(03763) - 933 Pleasant st
Job Description Job Description Job Description ABOUT THE JOB You were born to be the boss. We know. You get up in the morning and you make sure everyone else in the house is doing what they …