Posted Jul 9, 2026

GRC Manager

Apply for this Position →
About the position Mattermost is seeking a GRC Manager to lead and modernize its governance, risk, and compliance program for both federal and commercial markets. This role involves a modern, engineering-led approach to compliance, utilizing GRC engineering and AI to reduce manual effort and scale programs. The GRC Manager will be responsible for the end-to-end compliance posture, including federal readiness and commercial certifications, aiming for automated, continuously monitored, and AI-native processes. The position requires hands-on compliance work, coordination with internal stakeholders (engineering, infrastructure, IT), external auditors, and customers. As the program grows, the role will involve building and leading a team. Responsibilities • Own and modernize Mattermost's compliance programs across federal and commercial markets • Lead readiness, certification, and surveillance cycles across both programs • Operate the risk management program end to end — from identification and assessment through treatment and acceptance • Own the third-party and vendor risk management program, including security assessments and supply chain risk • Apply GRC engineering and automation to replace manual evidence collection with continuous controls monitoring • Build AI-native workflows to accelerate and improve the quality of recurring compliance work • Maintain the control library, system security plans, POA&Ms, and policies • Coordinate external audits from scoping through remediation • Accelerate deal cycles by owning customer security questionnaires, trust center content, and reusable compliance artifacts • Grow and lead the GRC team as the program scales Requirements • Bachelor's degree in computer science, information security, or related field — or significant professional GRC and compliance experience • Proven senior-level experience in governance, risk, and compliance, security compliance, or IT audit, including direct ownership of a certification or authorization program • Experience with U.S. Federal standards including CMMC and NIST series (800-171 / 800-53) • Experience with ISO 27001 and SOC 2 Type II • Experience operating a formal risk management program • Experience running a third-party and vendor risk management program • Experience owning customer-facing security assurance, including security questionnaires and trust center content • Working knowledge of security controls for cloud environments (AWS, GCP, and/or Azure) • Excellent written and verbal communication skills • U.S. citizenship • Located in the United States and eligible to obtain and maintain a U.S. government security clearance • Meet eligibility requirements for access to export-controlled information as defined by U.S. export control laws, including EAR and ITAR Nice-to-haves • Professional GRC certifications such as CISA, CRISC, CISM, CISSP, or CIPP • Experience working with AI platforms such as Claude, OpenAI, or Gemini • Experience with compliance automation tooling such as Vanta or Drata, and continuous controls monitoring • Direct experience applying AI or LLM-based workflows to GRC tasks • Proficiency in no-code automation or scripting languages • Past success in critical infrastructure industries including defense, cybersecurity, communications, or manufacturing Benefits • Mission-driven work • Remote-first culture • Open source at the core • AI-forward environment • Unique scope