GRC Manager

A high-growth technology startup in Vienna, VA is seeking a GRC Manager to build and lead its compliance program end-to-end. They are looking for someone who can work onsite in Vienna., The GRC Manager will operate at the intersection of engineering, infrastructure, legal, and operations, ensuring that compliance programs are not only audit-ready but deeply embedded into how the organization operates. This person will be responsible for owning Compliance, building foundations for scalable frameworks such as SOC 2, ISO 27001, GDPR and Fedramp, owning SOC 2 Audits, and maintaining the IT risk register..

• 3-5 years of experience in GRC, compliance, or IT audit, ideally within a SaaS or highly technical environment
• Proven, hands-on experience leading SOC 2 audits (direct ownership, not advisory roles)
• Strong ability to understand and engage with complex technical architecture, including non-standard environments
• Background in SRE, security engineering, engineering, or a related technical field (education and/or experience)
• Experience working with AWS and/or Google Cloud Platform, as well as Infrastructure as Code (IaC) environments
• Strong written communication skills, including the ability to author policies and customer-facing documentation
• Ability to operate effectively in fast-paced, high-growth environments
• Familiarity with ISO 27001, GDPR, and/or FedRAMP frameworks
• Experience supporting Legal in security-related contract negotiations and DPAs
• Professional certifications such as CISA, CISSP, CISM, CCSK, or similar)