Swimlane
We are looking for a mid- to senior-level Governance, Risk and Compliance (GRC) Lead to own, scale, and continuously improve our security compliance program. This role will manage all security audits, compliance certifications, and customer assurance activities, while working closely with Security, Engineering, Legal, Sales, and Customer Success. You will be the primary driver of our compliance roadmap, ensuring we meet global regulatory standards and deliver exceptional trust assurance to customers.
The core responsibilities for the job include the following:
Compliance Management:
Lead external audits for SOC 2 Type II, ISO 27001 ISO 27701 ISO 42001 CSA STAR, and more. Manage relationships with external auditors and certification bodies. Build and execute Swimlane's compliance maturity roadmap, including future programs such as Fed RAMP, CMMC, EU AI Act, IRAP, etc. Track emerging regulations and global standards across security, privacy, and AI governance. Governance and Policy Management:
Own and improve policies, procedures, and plans across the integrated management system (Security, Privacy, AI Governance). Manage annual policy reviews and maintain alignment with audit timelines. Assign control ownership across functions and enforce accountability. Provide expert guidance to ensure processes remain compliant. Define and track key GRC KPIs/KRIs(exceptions, audit readiness, control health, etc. ). Risk Management:
Lead enterprise-wide annual risk assessments aligned with ISO standards. Conduct targeted risk and gap assessments for new initiatives. Continuously improve risk processes and coordinate risk ownership across teams. Embed risk management practices into engineering and product roadmaps. Internal Audit Program:
Run full lifecycle internal auditsplanning, execution, reporting, and remediation. Manage internal audits tied to ISO 27001 ISO 27701 and ISO 42001 certifications. Implement automation tools for continuous control monitoring. Third-Party Risk Management:
Conduct due diligence and risk assessments for all vendors and technology partners. Maintain third-party inventory and ongoing monitoring processes. Ensure vendor risk practices align with company-wide compliance obligations. Trust and Customer Assurance:
Maintain the external Trust Center with accurate, up-to-date documentation. Lead completion of customer security questionnaires, RFPs/RFIs, and due diligence workflows. Maintain a structured repository of GRC documentation. Act as the SME for GRC, security controls, and AI governance. Business Continuity and Disaster Recovery:
Update Business Continuity (BC) and Disaster Recovery (DR) plans annually. Conduct tabletop exercises and ensure alignment with audit expectations. Support validation of cloud resiliency, backups, and incident response processes. Security Awareness and Training:
Deliver and track company-wide security awareness initiatives. Develop role-specific training programs, including secure development and responsible AI usage. Requirements:
10+ years in GRC, security compliance, or risk management. Strong hands-on experience with SOC 2 ISO 27001 and related frameworks. Deep understanding of security controls and compliance best practices. Experience handling security questionnaires, RFP/RFI processes, and customer assurance workflows. Strong project management skills with the ability to handle competing priorities. Excellent communication skills, comfortable working with internal teams and external auditors. Experience with compliance automation or RFP tools is a plus.
#J-18808-Ljbffr
Lead external audits for SOC 2 Type II, ISO 27001 ISO 27701 ISO 42001 CSA STAR, and more. Manage relationships with external auditors and certification bodies. Build and execute Swimlane's compliance maturity roadmap, including future programs such as Fed RAMP, CMMC, EU AI Act, IRAP, etc. Track emerging regulations and global standards across security, privacy, and AI governance. Governance and Policy Management:
Own and improve policies, procedures, and plans across the integrated management system (Security, Privacy, AI Governance). Manage annual policy reviews and maintain alignment with audit timelines. Assign control ownership across functions and enforce accountability. Provide expert guidance to ensure processes remain compliant. Define and track key GRC KPIs/KRIs(exceptions, audit readiness, control health, etc. ). Risk Management:
Lead enterprise-wide annual risk assessments aligned with ISO standards. Conduct targeted risk and gap assessments for new initiatives. Continuously improve risk processes and coordinate risk ownership across teams. Embed risk management practices into engineering and product roadmaps. Internal Audit Program:
Run full lifecycle internal auditsplanning, execution, reporting, and remediation. Manage internal audits tied to ISO 27001 ISO 27701 and ISO 42001 certifications. Implement automation tools for continuous control monitoring. Third-Party Risk Management:
Conduct due diligence and risk assessments for all vendors and technology partners. Maintain third-party inventory and ongoing monitoring processes. Ensure vendor risk practices align with company-wide compliance obligations. Trust and Customer Assurance:
Maintain the external Trust Center with accurate, up-to-date documentation. Lead completion of customer security questionnaires, RFPs/RFIs, and due diligence workflows. Maintain a structured repository of GRC documentation. Act as the SME for GRC, security controls, and AI governance. Business Continuity and Disaster Recovery:
Update Business Continuity (BC) and Disaster Recovery (DR) plans annually. Conduct tabletop exercises and ensure alignment with audit expectations. Support validation of cloud resiliency, backups, and incident response processes. Security Awareness and Training:
Deliver and track company-wide security awareness initiatives. Develop role-specific training programs, including secure development and responsible AI usage. Requirements:
10+ years in GRC, security compliance, or risk management. Strong hands-on experience with SOC 2 ISO 27001 and related frameworks. Deep understanding of security controls and compliance best practices. Experience handling security questionnaires, RFP/RFI processes, and customer assurance workflows. Strong project management skills with the ability to handle competing priorities. Excellent communication skills, comfortable working with internal teams and external auditors. Experience with compliance automation or RFP tools is a plus.
#J-18808-Ljbffr