Apply

Ready to go for it?

AI Apply speeds things up—apply directly if you prefer.

FREE ACCESS
5,000–10,000 jobs/day
JobTailor Logo

See all jobs on JobTailor

Search thousands of fresh jobs every day.

Discover
  • Fresh listings
  • Fast filters
  • No subscription required
Create a free account and start exploring right away.
CloudZero

GRC Manager

CloudZero

GRC Manager responsible for governance, risk, and compliance at CloudZero, a cloud cost management platform. Collaborating across teams and ensuring regulatory alignment for business success.

Posted 5/12/2026full-timeBoston • California, Massachusetts • 🇺🇸 United StatesMid-LevelSeniorWebsite

Tech Stack

Tools & technologies
Cloud

About the role

Key responsibilities & impact
  • Design and operate a comprehensive GRC framework spanning governance structures, enterprise risk management, and compliance programs that grows alongside CloudZero’s business
  • Own audit and certification programs including SOC 2 and other relevant standards, coordinating across internal teams and third-party auditors to drive successful outcomes
  • Own the development, maintenance, and ongoing improvement of CloudZero’s security and privacy policies and procedures, ensuring they’re current, practical, and embedded into how teams actually operate
  • Lead regular enterprise risk assessments, maintain a living risk register, and create an environment where risk-informed decision-making happens at every level of the organization
  • Serve as a key stakeholder in building CloudZero’s AI Governance & Strategic Risk strategy
  • Take full ownership of business continuity and disaster recovery programs, including program design, documentation, regular testing cycles, and tabletop exercises — ensuring operational preparedness when it matters most
  • Build and manage third-party risk management processes, including vendor due diligence, contract reviews, and ongoing monitoring throughout the vendor lifecycle
  • Track regulatory developments alongside the Legal team, ensuring CloudZero meets its obligations under GDPR, CCPA, and other applicable requirements
  • Manage the company’s security awareness training program and run internal audits to validate that controls are working as intended
  • Own the security questionnaire and assessment process — including VSAs, SIGs, and custom customer requests — with a primary focus on building and scaling tooling and automation that makes high-quality responses fast and repeatable
  • Review and redline security and data privacy language in customer and prospect contracts, working closely with Legal to protect CloudZero’s interests while keeping deals on track
  • Build and maintain a library of pre-approved security responses, compliance artifacts, and contract language so the team isn’t starting from scratch on every deal
  • Actively identify and implement tooling to automate questionnaire responses and security review workflows, reducing manual effort and accelerating deal cycles without sacrificing quality
  • Maintain and continuously improve CloudZero’s trust center, ensuring prospective customers have ready access to up-to-date security and compliance documentation
  • Partner with Sales Engineering and Solutions teams to address security and compliance requirements early in the sales cycle, removing friction before it becomes a blocker

Requirements

What you’ll need
  • 5+ years of experience in governance, risk, and/or compliance roles, ideally within a SaaS or cloud technology company
  • Proven experience building or significantly maturing a GRC program, with direct, hands-on involvement in SOC 2 or similar certification audits
  • Working knowledge of established risk management frameworks such as COSO, ISO 31000, or NIST RMF
  • Solid understanding of GDPR, CCPA, and how data privacy obligations translate into practical controls and policies

Benefits

Comp & perks
  • Health insurance
  • Flexible working arrangements
  • Professional development opportunities

ATS Keywords

✓ Tailor your resume
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
GRC framework designenterprise risk managementcompliance programsSOC 2risk assessmentsbusiness continuitydisaster recoveryvendor due diligencesecurity awareness trainingautomation of security workflows
Soft Skills
leadershipstakeholder managementcommunicationorganizational skillsdecision-making
Certifications
SOC 2 certificationISO 31000NIST RMF