At Vanta, our mission is to help businesses earn and prove trust. We believe that security should be monitored and verified continuously, and we empower companies to practice better security and prove it with ease. Vanta has a kind and talented team, and while some have prior security experience, many have been successful at Vanta without it.
Vanta is growing quickly and we're continually moving upmarket, dealing with sophisticated customers with complex security and compliance environments and needs. Our Security team uses our own Vanta product to power our security program and functions as an innovative and forward thinking GRC team.
As a Senior Director of GRC, you will be a highly visible leader within Vanta’s Security team, responsible for running our Governance, Risk, and Compliance efforts.
If this sounds like you, and you're excited to use your capabilities to power the next evolution of the Vanta GRC team, we’d love to hear from you.
What you’ll do as a Senior Director of GRC Engineering at Vanta:
Oversee the work of our governance, risk, and compliance functions that include Vendor Risk Management, Risk Management, Policy Management, Training and Awareness, and Customer Trust.
Ensure ongoing compliance to our SOC II and ISO certifications.
Drive the next evolution of our program to meet FedRAMP Authorization (Moderate 20x and Moderate Rev 5).
Lead and grow a team of the best security professionals in the world, with a view of security that is forward thinking, human-centric, and trust-based.
Drive concepts of GRC Engineering throughout your organization and lean into automated compliance strategies to show ongoing commitment to security.
Shape the next evolution of internal GRC strategy internally and be an active voice externally.
Provide, both individually and through your teams, expert feedback to Vanta’s Engineering, Product and Design teams on our product offerings and serve as a strong customer voice in product development.
Represent Vanta’s products, vision, and voice as a trusted security thought leader in public security forums.
Participate within the CISO leadership team and collaborate extensively with other leaders within the Security Engineering and Operations teams.
Track the team’s performance and report goals and objectives to leaders outside of the security team
Partner with the Vanta's Sales and Customer Success teams to represent Vanta’s Trust Management Platform to prospects and customers
Become an expert on the security features available for customers to deploy within Vanta, including best practices for implementation.
Serve as Vanta customer zero by testing and implementing all Vanta capabilities within our own GRC program.
Coordinate with cross-functional teams to provide customers with meaningful updates on features and programs
How to be successful in this role:
10+ years of experience working in the Governance, Risk, and Compliance industry
Strong leadership experience and an ability to lead a team from a foundation of transparency and trust
Experience working with security and privacy frameworks, including SOC II, ISO 27001, ISO 27701, and FedRAMP.
Demonstrable expertise in SOC II, ISO 27001, NIST 800-53 at minimum
Experience managing a large team of people (10+)
Experience working and interfacing with C-level customer contacts
Technical expertise to understand and explain security and GRC concepts
Familiarity with Cloud Infrastructure, Risk Management, Policy Management, Security Training and Awareness, Vendor Risk Management, Vulnerabilities Management, and their related security processes
Experience in building productive relationships and driving collaboration with both technical and non-technical teams
Knowledge of the audit process and experience owning SOC2, ISO, and FedRAMP audits.
Security compliance management experience within a SaaS environment preferred, but not required
Professional customer facing experience preferred, but not required
Security certifications (e.g. CISA, CISSP) and/or formal education strongly preferred, but not required
What you can expect as a Vantan:
Industry-competitive compensation
100% covered medical, dental, and vision benefits with dependents coverage
16 weeks fully-paid parental Leave for all new parents
Health & wellness and remote workplace stipends
Family planning benefits through Carrot Fertility
401(k) matching
Flexible work hours and location
Open PTO policy
11 paid holidays in the US
Offices in SF, NYC, London, Dublin, and Sydney
To provide greater transparency to candidates, we share base pay ranges for all US-based job postings regardless of state. We set standard base pay ranges for all roles based on function, level, and country location, benchmarked against similar-stage growth companies. Final offer amounts are determined by multiple factors and may vary based on candidate location, skills, depth of work experience, and relevant licenses/credentials.
#LI-remote
At Vanta, we are committed to hiring diverse talent of different backgrounds and as such, it is important to us to provide an inclusive work environment for all. We do not discriminate on the basis of race, gender identity, age, religion, sexual orientation, veteran or disability status, or any other protected class. As an equal opportunity employer, we encourage and welcome people of all backgrounds to apply.
About Vanta
We started in 2018, in the wake of several high-profile data breaches. Online security was only becoming more important, but we knew firsthand how hard it could be for fast-growing companies to invest the time and manpower it takes to build a solid security foundation. Vanta was inspired by a vision to restore trust in internet businesses by enabling companies to improve and prove their security. From our early days automating security monitoring for compliance standards like SOC 2, HIPAA and ISO 27001 to creating the world's leading Trust Management Platform, our vision remains unchanged.
Now more than ever, making security continuous—not just a point-in-time check— is essential. Thousands of companies rely on Vanta to build, maintain and demonstrate their trust— all in a way that's real-time and transparent.
