Bumble
Inclusion at Bumble Inc.
Bumble Inc. is an equal opportunity employer and we strongly encourage people of all ages, colour, lesbian, gay, bisexual, transgender, queer and non-binary people, veterans, parents, people with disabilities, and neurodivergent people to apply. We're happy to make any reasonable adjustments that will help you feel more confident throughout the process, please don't hesitate to let us know how we can help.
In your application, please feel free to note which pronouns you use (For example: she/her, he/him, they/them, etc).
About Bumble
At Bumble, we're building secure, AI-driven systems that empower connection and trust globally. Security and privacy are at the heart of that mission.
We're looking for a
Senior Security GRC Program Manager
to lead our PCI, SOX, ITGC, and GDPR programs - driving audit excellence, automation maturity, and cross-functional compliance alignment across Bumble's products and infrastructure.
This role is ideal for someone who thrives in fast-moving environments and knows how to transform compliance from a checkpoint into a scalable, automated enabler of trust.
Please note: We are unable to offer Visa transfers or Visa sponsorship
What You'll Do Own Bumble's Core Compliance Programs: Lead end-to-end management of
PCI, SOX, ITGC, and GDPR
frameworks - from annual audit planning through evidence collection, remediation, and executive reporting. Drive Audit Efficiency & Automation: Partner with Security Engineering, Finance IT, and Product teams to automate evidence workflows, control attestations, and testing pipelines via tools such as
Drata, Vanta, or ServiceNow GRC . Lead SOX & ITGC Program Delivery: Co-own SOX ITGC compliance with Finance IT, directly manage external audit partners, and maintain strong control hygiene across identity, change management, and infrastructure layers. Oversee PCI Compliance Operations: Maintain Bumble's PCI program scope, manage annual assessments, and coordinate with payments and infrastructure teams to ensure ongoing adherence and minimal audit fatigue. Steward GDPR Alignment: Partner with Legal, Privacy, and Data Engineering to operationalize GDPR requirements, ensuring data protection principles and privacy-by-design controls are consistently validated. Report Risk & Remediation Metrics: Build dashboards and KPI reports that provide visibility into audit readiness, control performance, and remediation progress for executive stakeholders. Must-Haves
Program Leadership Experience: 6+ years
of experience in Security GRC, audit, or compliance within a
cloud-native or technology-driven environment . Proven ownership of
PCI, SOX, ITGC, and GDPR
compliance programs - from planning through audit closure. Demonstrated success driving measurable improvements in audit efficiency, control maturity, or automation adoption. Technical Acumen: Strong working knowledge of
cloud architectures
(AWS, GCP) and
common ITGC control areas
- including access management, change management, and incident response. Experience
integrating GRC tools
with engineering systems (e.g., CI/CD pipelines, Jira, Slack, or identity platforms like Okta). Ability to
design or refine control automation workflows
and collaborate with engineers on technical control implementation. Practical understanding of
data flow mapping
and
system-of-record validation
to support GDPR evidence and privacy controls. Execution & Communication: Track record of
leading multi-stakeholder audits
(Finance, Legal, Engineering, Privacy) and aligning diverse teams on deadlines and deliverables. Skilled at presenting complex audit or risk topics to
executive leadership
using concise, data-driven insights. Capable of drafting
clear, audit-ready documentation
and control narratives without excessive bureaucracy. Mindset & Operating Style: Automation-first:
Seeks opportunities to replace manual audit processes with system-driven controls. Business-aligned:
Understands how to balance compliance requirements with engineering velocity. Outcome-driven:
Measures success through reduced audit fatigue, improved evidence hygiene, and faster remediation cycles. Collaborative:
Builds trust with auditors and internal stakeholders through transparency and consistency. Nice-to-Haves
Hands-on experience automating evidence collection or audit testing workflows. Familiarity with
data protection impact assessments (DPIAs)
and GDPR privacy operations. Experience building or maintaining
risk registers ,
executive dashboards , or
compliance OKRs/KPIs . Certifications such as
CISA, CISM, CISSP, CRISC , or
ISO Lead Auditor . Background in
payments, fintech, or regulated SaaS
environments.
$119,000 - $147,000 a year
Please note: We are unable to offer Visa transfers or Visa sponsorship
Location
This role is based in Austin, and we ask that you're within a commutable distance to this office, so that you're able to come onsite regularly to collaborate across engineering teams, Monday - Wednesday.
We have a hybrid work style and ask that all Engineers be onsite Monday - Wednesday.
Please note: We are unable to offer Visa sponsorship at this time
Global benefits
Maven Fertility
We offer a $10,000 lifetime benefit opportunity to all employees and their partners around the world. This benefit can be used to support your reproductive journey - from abortion care and related travel costs to fertility treatment, egg-freezing, adoption, surrogacy, and more.
Family & compassionate paid leave
Family leave to support you and your loved ones when needed (including victims of domestic abuse or violent crime).
26 weeks parental leave
26 weeks paid leave for the primary caregiver following the birth, adoption, surrogacy or foster care of a child. The secondary caregiver will also receive 26 weeks paid leave after 1 year of employment.
Unlimited paid time off
Take the time you need when you need it.
Company-wide week off
Once a year, we have a company-wide week off (it's essential for some teams to continue working and they will be offered alternative time off instead).
Focus Fridays
Every Friday we try to have a no meeting, no deadline, no email and no Slack rule on a Friday so you can focus without distraction.
Check out more of our local benefits here
About Us
Bumble Inc. is the parent company of Bumble Date, BFF, and Badoo. The Bumble platform enables people to build healthy and equitable relationships, through Kind Connections. Founded by Whitney Wolfe Herd in 2014, Bumble was one of the first dating apps built with women at the center and connects people across dating (Bumble Date) and friendship (BFF). BFF is a friendship app where people in all stages of life can meet people nearby and create meaningful platonic connections and community based on shared interests. Badoo, which was founded in 2006, is one of the pioneers of web and mobile dating products.
AI in Bumble Inc. Hiring
At Bumble, we may use AI tools to support parts of our recruitment process - such as helping us record, transcribe, and summarize conversations, and supporting job alignment by comparing resumes and job descriptions to highlight skills and potential roles that may be a good match. These tools help us work more efficiently and stay focused on you during our conversations. Importantly, all hiring decisions are made by people. AI is used only to support our team's efficiency and improve the candidate experience - not to evaluate or decide on your candidacy. Participation in AI-supported interviews and conversations is completely voluntary and will not impact your candidacy. If you'd prefer to opt out, simply let your recruiter or interviewer know at the start of a call, or anytime during the interview or conversation. Summaries and related data are retained only as long as needed in line with our internal data retention policies. If at any point you'd like a transcription or summary deleted, please contact your recruiter directly.
For further information on how we hold and manage your data, please refer to our Privacy Policy.
Bumble Inc. is an equal opportunity employer and we strongly encourage people of all ages, colour, lesbian, gay, bisexual, transgender, queer and non-binary people, veterans, parents, people with disabilities, and neurodivergent people to apply. We're happy to make any reasonable adjustments that will help you feel more confident throughout the process, please don't hesitate to let us know how we can help.
In your application, please feel free to note which pronouns you use (For example: she/her, he/him, they/them, etc).
About Bumble
At Bumble, we're building secure, AI-driven systems that empower connection and trust globally. Security and privacy are at the heart of that mission.
We're looking for a
Senior Security GRC Program Manager
to lead our PCI, SOX, ITGC, and GDPR programs - driving audit excellence, automation maturity, and cross-functional compliance alignment across Bumble's products and infrastructure.
This role is ideal for someone who thrives in fast-moving environments and knows how to transform compliance from a checkpoint into a scalable, automated enabler of trust.
Please note: We are unable to offer Visa transfers or Visa sponsorship
What You'll Do Own Bumble's Core Compliance Programs: Lead end-to-end management of
PCI, SOX, ITGC, and GDPR
frameworks - from annual audit planning through evidence collection, remediation, and executive reporting. Drive Audit Efficiency & Automation: Partner with Security Engineering, Finance IT, and Product teams to automate evidence workflows, control attestations, and testing pipelines via tools such as
Drata, Vanta, or ServiceNow GRC . Lead SOX & ITGC Program Delivery: Co-own SOX ITGC compliance with Finance IT, directly manage external audit partners, and maintain strong control hygiene across identity, change management, and infrastructure layers. Oversee PCI Compliance Operations: Maintain Bumble's PCI program scope, manage annual assessments, and coordinate with payments and infrastructure teams to ensure ongoing adherence and minimal audit fatigue. Steward GDPR Alignment: Partner with Legal, Privacy, and Data Engineering to operationalize GDPR requirements, ensuring data protection principles and privacy-by-design controls are consistently validated. Report Risk & Remediation Metrics: Build dashboards and KPI reports that provide visibility into audit readiness, control performance, and remediation progress for executive stakeholders. Must-Haves
Program Leadership Experience: 6+ years
of experience in Security GRC, audit, or compliance within a
cloud-native or technology-driven environment . Proven ownership of
PCI, SOX, ITGC, and GDPR
compliance programs - from planning through audit closure. Demonstrated success driving measurable improvements in audit efficiency, control maturity, or automation adoption. Technical Acumen: Strong working knowledge of
cloud architectures
(AWS, GCP) and
common ITGC control areas
- including access management, change management, and incident response. Experience
integrating GRC tools
with engineering systems (e.g., CI/CD pipelines, Jira, Slack, or identity platforms like Okta). Ability to
design or refine control automation workflows
and collaborate with engineers on technical control implementation. Practical understanding of
data flow mapping
and
system-of-record validation
to support GDPR evidence and privacy controls. Execution & Communication: Track record of
leading multi-stakeholder audits
(Finance, Legal, Engineering, Privacy) and aligning diverse teams on deadlines and deliverables. Skilled at presenting complex audit or risk topics to
executive leadership
using concise, data-driven insights. Capable of drafting
clear, audit-ready documentation
and control narratives without excessive bureaucracy. Mindset & Operating Style: Automation-first:
Seeks opportunities to replace manual audit processes with system-driven controls. Business-aligned:
Understands how to balance compliance requirements with engineering velocity. Outcome-driven:
Measures success through reduced audit fatigue, improved evidence hygiene, and faster remediation cycles. Collaborative:
Builds trust with auditors and internal stakeholders through transparency and consistency. Nice-to-Haves
Hands-on experience automating evidence collection or audit testing workflows. Familiarity with
data protection impact assessments (DPIAs)
and GDPR privacy operations. Experience building or maintaining
risk registers ,
executive dashboards , or
compliance OKRs/KPIs . Certifications such as
CISA, CISM, CISSP, CRISC , or
ISO Lead Auditor . Background in
payments, fintech, or regulated SaaS
environments.
$119,000 - $147,000 a year
Please note: We are unable to offer Visa transfers or Visa sponsorship
Location
This role is based in Austin, and we ask that you're within a commutable distance to this office, so that you're able to come onsite regularly to collaborate across engineering teams, Monday - Wednesday.
We have a hybrid work style and ask that all Engineers be onsite Monday - Wednesday.
Please note: We are unable to offer Visa sponsorship at this time
Global benefits
Maven Fertility
We offer a $10,000 lifetime benefit opportunity to all employees and their partners around the world. This benefit can be used to support your reproductive journey - from abortion care and related travel costs to fertility treatment, egg-freezing, adoption, surrogacy, and more.
Family & compassionate paid leave
Family leave to support you and your loved ones when needed (including victims of domestic abuse or violent crime).
26 weeks parental leave
26 weeks paid leave for the primary caregiver following the birth, adoption, surrogacy or foster care of a child. The secondary caregiver will also receive 26 weeks paid leave after 1 year of employment.
Unlimited paid time off
Take the time you need when you need it.
Company-wide week off
Once a year, we have a company-wide week off (it's essential for some teams to continue working and they will be offered alternative time off instead).
Focus Fridays
Every Friday we try to have a no meeting, no deadline, no email and no Slack rule on a Friday so you can focus without distraction.
Check out more of our local benefits here
About Us
Bumble Inc. is the parent company of Bumble Date, BFF, and Badoo. The Bumble platform enables people to build healthy and equitable relationships, through Kind Connections. Founded by Whitney Wolfe Herd in 2014, Bumble was one of the first dating apps built with women at the center and connects people across dating (Bumble Date) and friendship (BFF). BFF is a friendship app where people in all stages of life can meet people nearby and create meaningful platonic connections and community based on shared interests. Badoo, which was founded in 2006, is one of the pioneers of web and mobile dating products.
AI in Bumble Inc. Hiring
At Bumble, we may use AI tools to support parts of our recruitment process - such as helping us record, transcribe, and summarize conversations, and supporting job alignment by comparing resumes and job descriptions to highlight skills and potential roles that may be a good match. These tools help us work more efficiently and stay focused on you during our conversations. Importantly, all hiring decisions are made by people. AI is used only to support our team's efficiency and improve the candidate experience - not to evaluate or decide on your candidacy. Participation in AI-supported interviews and conversations is completely voluntary and will not impact your candidacy. If you'd prefer to opt out, simply let your recruiter or interviewer know at the start of a call, or anytime during the interview or conversation. Summaries and related data are retained only as long as needed in line with our internal data retention policies. If at any point you'd like a transcription or summary deleted, please contact your recruiter directly.
For further information on how we hold and manage your data, please refer to our Privacy Policy.