Nooks

Governance, Risk and Compliance Lead

Nooks

full-time

Posted on:

Location Type: Remote

Location: Remote • 🌎 Anywhere in the World

Visit company website
AI Apply
Apply

Job Level

Senior

About the role

  • Maintain and update information security, privacy, and compliance policies
  • Assist policy governance and internal control documentation
  • Administer and improve customer-facing GRC tools
  • Lead and execute risk assessments, control testing, and remediation tracking across security, privacy, and operational domains
  • Manage adherence to regulatory standards such as ISO 27001, SOC 2, GDPR, CCPA and other emerging frameworks
  • Oversee internal and external audits, evidence collection, and gap remediation
  • Lead and improve the process for responding to customer security questionnaires and RFPs; develop templates and knowledge base for consistent responses
  • Conduct and oversee vendor and partner risk assessments; monitor subprocessor obligations and maintain third-party risk dashboards
  • Develop and present dashboards and executive reports on enterprise risk, compliance health, and audit readiness
  • Assist with the design, rollout, and tracking of security awareness and compliance training initiatives

Requirements

  • Bachelor’s degree in Information Security, Risk Management, Business, or a related field (or equivalent experience)
  • Minimum of 5 years of experience in GRC, information security, risk management, or compliance roles
  • Familiarity with industry frameworks and standards such as ISO 27001, SOC 2, GDPR, CCPA
  • Hands-on experience supporting audits and certifications against frameworks such as ISO 27001, SOC 2, GDPR, CCPA
  • Familiarity with compliance automation and customer trust platforms (e.g., Drata, Vanta, Safebase) and/or enterprise GRC platforms
  • Strong analytical, organizational, and problem-solving skills
  • Excellent written and verbal communication abilities for policy documentation and audit interactions
  • Preferred: Professional certifications such as CISA, CRISC, ISO 27001 Lead Implementer
  • Preferred: Strong understanding of global privacy regulations (CCPA, GDPR)
  • Preferred: Experience supporting compliance reviews or audits of AI-enabled products, including data governance, bias/risk assessments, or model transparency requirements
  • Preferred: Familiarity with AI governance frameworks (e.g., EU AI Act, NIST AI Risk Management Framework, ISO/IEC 42001) and experience assessing risks related to AI/ML systems
Benefits
  • Competitive salary and benefits package
  • Opportunity to work with cutting-edge technologies in a fast-growing organization
  • A collaborative and security-first culture

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard skills
information securityrisk managementcomplianceGRCauditscontrol testingrisk assessmentscompliance automationdata governanceAI/ML risk assessment
Soft skills
analytical skillsorganizational skillsproblem-solving skillswritten communicationverbal communication
Certifications
CISACRISCISO 27001 Lead Implementer