GRC Jobs in Canada.
All active GRC roles based in Canada.
Pick a job to read the details
Tap any role on the left — its description and apply link will open here.
Affirm is reinventing credit to make it more honest and friendly, giving consumers the flexibility to buy now and pay later without any hidden fees or compounding interest.
We’re hiring a Senior Manager to lead Security Governance and the Security Third-Party Risk Management (TPRM) function. This role owns program strategy, operational maturity, and stakeholder alignment for security governance, vendor risk, and third-party integration risk. The manager will drive policy and control frameworks, remediate audit findings, deliver measurable program KPIs, and grow a high-performing team that executes vendor diligence, monitoring, and governance at scale.
Our Security Governance and TPRM programs must move from tactical firefighting to predictable, measurable operations that scale with the business. This leader will set the security risk posture, tighten governance and fourth-party oversight, improve tooling and automation adoption, and ensure timely, actionable escalations so senior leadership can make the right business decisions.
What You'll Do
Program strategy & governance
- Own Security Governance: maintain and evolve security policies, standards, and control frameworks (e.g., NIST CSF, ISO 27001), including mapping to controls and compliance requirements (SOC2, PCI, applicable regulations).
- Lead program maturity planning, roadmaps, and cross-functional governance forums (e.g., security steering committee, risk council).
- Define and enforce security risk appetite and decision criteria for third-party relationships and integrations.
Third-party risk management
- Lead the Security TPRM function across vendor lifecycle: intake/onboarding, due diligence (IRQ/DDQ/SME reviews), contracting handoffs, ongoing monitoring, periodic reviews, and offboarding.
- Ensure robust fourth-party oversight, including subprocessors, and manage remediation/QA cycles driven by Internal Audit and regulators.
- Oversee high-risk vendor decisions and escalations; establish clear RACI for partnership contracts and security acceptance criteria.
Operational excellence & tooling
- Own program KPIs, dashboards, and reporting (Jira STPRM Ops, AuditBoard, Sigma/BI, MetricStream). Drive improvements in throughput, turnaround, backlog age, and remediation velocity.
- Partner with Automation/TPRM Ops to operationalize threat-modeling outputs, integration inventories, pre-integration gates, and CI/CD checks; prioritize automations that reduce manual work and surface strategic escalations.
- Implement and maintain QA processes (quarterly QA), runbooks, SOPs for ticket ownership, and evidence standards.
People & stakeholder leadership
- Build, coach, and scale the Governance and TPRM teams: hiring, performance management, career development, and team morale.
- Act as the primary security contact for Legal, Procurement, Privacy, Product, and Engineering on vendor risk and governance matters.
- Represent Security in executive forums, audit meetings, and regulatory engagements; own remediation commitments and timelines.
Audit, compliance & risk reporting
- Serve as the security liaison for Internal Audit and external assessments; ensure timely remediation of findings and demonstrable progress.
- Produce regular program health reporting for senior leadership and Board-level stakeholders.
Success metrics (examples)
- Vendors reviewed per month and % critical vendors reviewed on schedule
- Average review turnaround time and backlog age distribution
- % tickets with clear owner and SLA met
- Time to remediate Internal Audit findings and completion rate
- Implementation count of automated checks/runbooks and pre-integration gates
- Team engagement / retention and time-to-productivity for new hires
What We Look For
- 7+ years in information security, risk management, or GRC roles, with a minimum of 3 years managing teams (or equivalent leadership experience).
- Demonstrated ownership of a TPRM program or security governance program in a regulated or high-growth technology environment (fintech preferred).
- Strong knowledge of security frameworks (NIST, ISO), compliance standards (SOC2, PCI), and vendor risk processes (IRQ/DDQ/SME assessments).
- Hands-on familiarity with TPRM/GRC tooling and observability: AuditBoard (or equivalent), Jira, BI tools (Sigma/Tableau/Looker), and experience with integrations/APIs.
- Excellent stakeholder management across legal, procurement, engineering, product, and executive leadership.
- Proven experience translating audit findings into operational remediation plans and measurable outcomes.
- Strong communication skills — able to present risk to technical and non-technical audiences and to influence decisions.
- Certifications such as CISSP, CISM, CRISC, or similar.
- Practical experience with threat-modeling approaches and third-party integration security (API, SSO/OAuth/SAML, TLS).
- Experience scaling automation for GRC/TPRM programs and integrating security checks into CI/CD pipelines.
- Prior experience in fintech or highly regulated industries.
This posting is for an existing vacancy.
Pay Grade - Q
Equity Grade - 6
Employees new to Affirm typically come in at the start of the pay range. Affirm focuses on providing a simple and transparent pay structure which is based on a variety of factors, including location, experience and job-related skills.
Base pay is part of a total compensation package that may include equity rewards, monthly stipends for health, wellness and tech spending, and benefits (including 100% subsidized medical coverage, dental and vision for you and your dependents.)
CAN base pay range per year: $198,000 - $248,000
#LI-Remote
Affirm is proud to be a remote-first company! The majority of our roles are remote and you can work almost anywhere within the country of employment. Affirmers in proximal roles have the flexibility to work remotely, but will occasionally be required to work out of their assigned Affirm office. A limited number of roles remain office-based due to the nature of their job responsibilities.
We’re extremely proud to offer competitive benefits that are anchored to our core value of people come first. Some key highlights of our benefits package include:
- Health care coverage - Affirm covers all premiums for all levels of coverage for you and your dependents
- Flexible Spending Wallets - generous stipends for spending on Technology, Food, various Lifestyle needs, and family forming expenses
- Time off - competitive vacation and holiday schedules allowing you to take time off to rest and recharge
- ESPP - An employee stock purchase plan enabling you to buy shares of Affirm at a discount
We believe It’s On Us to provide an inclusive interview experience for all, including people with disabilities. We are happy to provide reasonable accommodations to candidates in need of individualized support during the hiring process.
[For U.S. positions that could be performed in Los Angeles or San Francisco] Pursuant to the San Francisco Fair Chance Ordinance and Los Angeles Fair Chance Initiative for Hiring Ordinance, Affirm will consider for employment qualified applicants with arrest and conviction records.
By clicking "Submit Application," you acknowledge that you have read Affirm's Global Candidate Privacy Notice and hereby freely and unambiguously give informed consent to the collection, processing, use, and storage of your personal information as described therein.
Ready to apply?
Apply to Affirm
Why join us
Brex is the intelligent finance platform that enables companies to spend smarter and move faster in more than 200 markets. By combining global corporate cards and banking with intuitive spend management, bill pay, and travel software, Brex enables founders and finance teams to accelerate operations, gain real-time visibility, and control spend effortlessly. Brex’s AI-native automation and world-class service eliminate manual expense and accounting tasks for customers so they can focus on what matters most. Tens of thousands of the world's best companies run on Brex, including DoorDash, Coinbase, Robinhood, Zoom, Plaid, Reddit, and SeatGeek.
Working at Brex allows you to push your limits, challenge the status quo, and collaborate with some of the brightest minds in the industry. We’re committed to building a diverse team and inclusive culture and believe your potential should only be limited by how big you can dream. We make this a reality by empowering you with the tools, resources, and support you need to grow your career.
Engineering
Engineering at Brex is about building systems that scale with speed and intention. Our teams span Software, Data, Security, and IT, and operate with high autonomy and deep collaboration. We tackle hard technical problems, own our outcomes, and push for excellence at every level — from architecture to deployment. It’s an environment where engineering is a craft, and builders become leaders.
What you’ll do
Brex’s Governance, Risk, and Compliance function is at an exciting and pivotal point in our maturity journey and we’re seeking a team member who can seamlessly bridge compliance expertise with technical execution. As a Senior GRC Engineer, you will drive critical GRC processes that mitigate risk, keep us compliant, and build trust with our customers and partners. You'll evolve the technical foundation of our Trust program by automating security controls, building integrations between security tools and GRC platforms, and creating scalable processes that enable Brex to maintain compliance efficiently as we expand into new markets. You'll work at the intersection of security, engineering, and compliance — translating regulatory requirements into technical solutions and building automation that eliminates manual toil.
You'll leverage your deep understanding of SOC 2, PCI DSS, ISO 27001, AI governance frameworks, and others to both design controls for emerging compliance requirements and mature existing programs through automation and continuous monitoring. You’ll support Trust Assurance, Third Party Risk Management, and other Security Risk Management initiatives. Working with our Engineering, Infrastructure, and Product teams, you'll translate compliance frameworks into technical controls and build automated systems that help us achieve world-class security as Brex expands.
Your contributions will directly accelerate Brex's maturity. You'll design workflows using Tines, build integrations between security and GRC systems, and create dashboards for security metrics. You'll implement controls across the technology stack, support multiple audits (SOC 2, PCI DSS, SOX/ITGC, FINRA, ISO), and contribute to AI governance framework implementation (ISO 42001, NIST AI RMF, EU AI Act).
You'll have autonomy to build innovative solutions, collaborating cross-functionally to implement controls that enable growth while communicating technical concepts effectively across the organization.
Where you’ll work
This role will be based in our Vancouver office. We are a hybrid environment that combines the energy and connections of being in the office with the benefits and flexibility of working from home. We currently require a minimum of three coordinated days in the office per week, Monday, Wednesday and Thursday. As a perk, we also have up to four weeks per year of fully remote work!
Responsibilities
- Manage and scale IT infrastructure, services and tooling
- Work with a diverse group of IT partners to optimize our provided services
- Implement new services in support of Information Technologies vision
- Scale our services by implementing configuration as code via Terraform providers or APIs
- Operationalize and upskill IT and its partners by producing documentation and leading training sessions
- Evangelize best practices both internally and externally facing
Requirements
- 5+ years of experience in GRC, IT Governance, or Security Engineering with a strong track record of automating manual compliance workflows.
- Deep experience with security frameworks such as SOC 2, PCI DSS, ISO 27001, and NIST CSF, specifically within cloud-native environments.
- Technical proficiency in Python (or similar scripting languages) and experience building integrations using APIs to connect security tools with GRC systems. You can read code, design integrations, and understand technical implementations.
- Builder mindset with the ability to design and implement automated control testing, continuous monitoring, and data-driven security metrics. You see manual processes and immediately think about how to automate them.
- Exceptional cross-functional collaboration and communication skills. You can translate complex compliance requirements into technical specifications that engineering teams can actually implement and influence stakeholders across technical and non-technical domains.
- Strong systems thinking. You have the ability to design scalable GRC architectures that grow with the company, rather than just solving for the immediate audit.
- Bias for action. You’re a self-starter who ships solutions quickly and iterates based on feedback.
Bonus points
- Previous experience in Fintech or banking environments navigating complex regulatory landscapes.
- Hands-on experience with Tines or other SOAR platforms to automate security operations.
- Familiarity with AI/ML governance frameworks (NIST AI RMF, ISO 42001) or securing agentic systems.
- Deep knowledge of Cloud Security (AWS/GCP), infrastructure-as-code (Terraform), or DevSecOps practices.
- Relevant industry certifications such as CISSP, CISA, or CCSP.
- Experience building metrics dashboards for security visualization and reporting.
- Active contributions to the GRC or Security community through open-source projects or public research.
Compensation
The expected salary range for this role is $153,600 - $192,000 CAD. However, the starting base pay will depend on a number of factors including the candidate’s location, skills, experience, market demands, and internal pay parity. Depending on the position offered, equity and other forms of compensation may be provided as part of a total compensation package.
Brex LLC is a wholly owned subsidiary of Capital One, N.A.
Please be aware, job-seekers may be at risk of targeting by malicious actors looking for personal data. Brex recruiters will only reach out via LinkedIn or email with a brex.com domain. Any outreach claiming to be from Brex via other sources should be ignored.
Ready to apply?
Apply to Brex
Who we are
At Twilio, we’re shaping the future of communications, all from the comfort of our homes. We deliver innovative solutions to hundreds of thousands of businesses and empower millions of developers worldwide to craft personalized customer experiences.
Our dedication to remote-first work, and strong culture of connection and global inclusion means that no matter your location, you’re part of a vibrant team with diverse experiences making a global impact each day. As we continue to revolutionize how the world interacts, we’re acquiring new skills and experiences that make work feel truly rewarding. Your career at Twilio is in your hands.
We use Artificial Intelligence (AI) to help make our hiring process efficient. That said, every hiring decision is made by real Twilions!
.
See yourself at Twilio
Join the team as Twilio’s next Security Compliance & Regulatory Affairs Analyst
About the job
We are actively recruiting for this role to support Twilio’s global security regulatory program and directly support the SCRA Lead in executing and scaling the company’s regulatory strategy.
This position is responsible for independently owning delegated components of regulatory analysis, triage, normalization, and operationalization of global cybersecurity and telecom regulatory obligations (e.g., NIS 2, TSA UK, Singapore IMDA), while contributing to broader program-level initiatives led by the SCRA Lead.
The role operates with high autonomy and is expected to take ownership of assigned workstreams end-to-end, requiring strong critical thinking, defensible regulatory interpretation, designing and executing cross-functional initiatives, and the ability to operate without detailed instruction.
Responsibilities
In this role, you’ll:
- Support the SCRA Lead in executing Twilio’s global security regulatory strategy, including contributing to program design, prioritization, and long-term regulatory planning
- Independently interpret complex and ambiguous regulatory frameworks (e.g., NIS 2, EU transpositions, TSA UK) and provide structured outputs that support Lead-level strategy and decision-making
- Support the development and maintenance of regulatory repositories and systems of record, ensuring accuracy, traceability, and audit readiness
- Execute and continuously improve the Cyber Regulation Intake & Triage process in partnership with Legal, ensuring consistent classification, routing, and lifecycle tracking of regulatory obligations
- Map regulatory requirements to internal control frameworks (e.g., UCF, ISO 27001, internal standards), identifying gaps and supporting Lead-driven control strategy decisions
- Develop regulator-ready and high-quality artifacts, including evidence mappings, control narratives, risk statements, and audit support documentation
- Identify, analyze, and escalate regulatory risks and audit obligations, supporting proactive planning and risk visibility at the program level
- Partner cross-functionally with Legal, Public Policy, R&D, Security, Product, Sales, and Risk teams, supporting the Lead in aligning regulatory interpretation with technical and business implementation
- Drive execution of process improvements, tooling enhancements, and automation initiatives defined by the SCRA program
- Operate with high ownership and accountability, executing work independently while aligning to strategic direction set by the SCRA Lead
Qualifications
Twilio values diverse experiences from all kinds of industries, and we encourage everyone who meets the required qualifications to apply. If your career is just starting or hasn't followed a traditional path, don't let that stop you from considering Twilio. We are always looking for people who will bring something new to the table!
*Required
- Experience: 5–8+ years of experience in security compliance, telecom compliance, regulatory affairs, GRC, or related domain within a global technology, cloud, or telecom environment
- Experience: Experience interpreting and operationalizing security frameworks and regulations (e.g., NIS 2, ISO 27001, SOC 2, telecom regulatory regimes)
- Experience: Experience mapping regulatory requirements to control frameworks, policies, and technical implementations
- Technical Domain Expertise: Broad understanding of security architecture, networking, access control, software development, cryptography, and operations. You should be fluent in how security controls are implemented across applications, systems, and cloud platforms to reduce inherent risk.
- Technical Domain Expertise: Ability to analyze ambiguous regulations / regulatory requirements and produce defensible interpretations to support leadership decision-making
- Communication: Strong written communication skills with ability to produce audit-ready and regulator-defensible documentation
- Stakeholder Partnership: Proven ability to collaborate across Legal, Engineering, Security, Product, Sales, and Risk teams in support of program objectives
- Strategic Mindset: High level of self-sufficiency, critical thinking, and ownership, with ability to execute without detailed instruction
- Adaptability: Demonstrated ability to independently execute and deliver complex workstreams end-to-end, while operating under high-level guidance
- Adaptability: Ability to manage multiple concurrent priorities in a global, fast-evolving regulatory landscape
*Desired:
- Technical Domain Expertise: Deep understanding of hybrid cloud environments (AWS/GCP), on-premise infrastructure, APIs, and microservices architectures. Experience in the Telecommunications sector (e.g. telecommunications or CPaaS environments involving messaging, voice, network security) highly preferred.
- Familiarity with primary global regulatory regimes (EU, UK, APAC, LATAM)
- Experience working with regulatory repositories, intake/triage workflows, or compliance automation systems
- Experience supporting external audits or regulator engagements
- High-Octane Individual Contributor: You are a self-starter who takes pride in being a "force multiplier." You have a proven ability to produce high-quality, audit-ready deliverables with minimal oversight.
- Master of Multi-Tasking: Exceptional organizational skills with the ability to context-switch effectively, managing a high volume of concurrent projects and emerging regulations without sacrificing depth or accuracy.
- Collaborative Partner: You don't work in a silo. You are skilled at building bridges across Legal, R&D, Security, and IT, ensuring that Security Regulatory Affairs is integrated as a seamless partner
- Efficiency Expert: You are constantly looking for ways to optimize your own output and team processes, turning manual, repetitive tasks into streamlined, automated successes.
- Executive Presence: Ability to distill granular technical findings into concise, high-level summaries that drive decision-making at the leadership level.
Location
This role will be remote and based in Ontario, British Columbia or Alberta, Canada.
Travel
We prioritize connection and opportunities to build relationships with our customers and each other. For this role, you may be required to travel occasionally to participate in project or team in-person meetings.
What We Offer
Working at Twilio offers many benefits, including competitive pay, generous time off, ample parental and wellness leave, healthcare, a retirement savings program, and much more. Offerings vary by location. Based on role, employees may also be eligible for additional compensation and benefits, including but not limited to incentive programs, commissions, equity grants, health and wellness benefits, retirement contributions, and paid time off.
The estimated pay ranges for this role are as follows:
- $120,640 - 150,800 CAD
- Target Bonus Percentage: 15%
The successful candidate’s starting salary will be determined based on permissible, non-discriminatory factors such as skills, experience, and geographic location.
Twilio thinks big. Do you?
We like to solve problems, take initiative, pitch in when needed, and are always up for trying new things. That's why we seek out colleagues who embody our values — something we call Twilio Magic. Additionally, we empower employees to build positive change in their communities by supporting their volunteering and donation efforts.
So, if you're ready to unleash your full potential, do your best work, and be the best version of yourself, apply now! If this role isn't what you're looking for, please consider other open positions.
Twilio is proud to be an equal opportunity employer. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, reproductive health decisions, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, genetic information, political views or activity, or other applicable legally protected characteristics. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law. Qualified applicants with arrest or conviction records will be considered for employment in accordance with the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act. Additionally, Twilio participates in the E-Verify program in certain locations, as required by law.
Ready to apply?
Apply to Twilio
Meet Benevity
Benevity is the way the world does good, providing companies (and their employees) with technology to take social action on the issues they care about. Through giving, volunteering, grantmaking, employee resource groups and micro-actions, we help most of the Fortune 100 brands build better cultures and use their power for good. We’re also one of the first B Corporations in Canada, meaning we’re as committed to purpose as we are to profits. We have people working all over the world, including Canada, Spain, Switzerland, the United Kingdom, the United States and more!
High-Level Overview
Benevity is seeking a Governance, Risk & Compliance (GRC) Analyst to support and grow our security governance, risk, privacy, and regulatory program. In this role, you will contribute to the execution of Benevity’s GRC program by supporting compliance activities, assisting with risk assessments, contributing to third-party risk management, responding to client due diligence requests, and helping maintain the policies and controls that strengthen trust with our clients, partners, and stakeholders.
Working alongside experienced GRC professionals, you will build your skills in information security, compliance, and risk management while helping ensure Benevity aligns with leading standards, privacy laws, and regulatory requirements. This is a hands-on role with significant learning and growth opportunities across governance, risk, audit, and privacy domains.
What you'll do:
Governance & Policy
- Assist in maintaining and rolling out security and privacy policies, standards, and control frameworks aligned to ISO 27001, SOC 2, NIST, PCI DSS, GDPR, PIPEDA, FINTRAC, and other global regulations.
- Support policy exception management, attestation processes, and identify opportunities for process improvement.
Risk Management
- Assist with enterprise risk assessments, including vendor and process-level reviews.
- Support maintenance of the risk register, track remediation activities, and assist with risk treatment planning.
- Contribute to Benevity’s Third-Party Risk Management (TPRM) program, including vendor onboarding assessments, ongoing monitoring, and remediation tracking.
Compliance & Audit
- Support audit readiness and response efforts for ISO 27001, SOC 2, PCI DSS, GDPR, PIPEDA, FINTRAC, and other frameworks.
- Assist with evidence gathering, control validation, and auditor engagement.
- Leverage GRC platforms to support audit, privacy, and compliance workflows.
Client Support & Sales Enablement
- Support the sales process by responding to client inquiries related to security, privacy, and compliance.
- Complete customer security questionnaires, RFPs, and third-party risk management (TPRM) requests.
- Partner with sales and client success teams to provide timely, accurate responses that build client trust.
Privacy and Regulatory
- Support privacy-related initiatives across jurisdictions (GDPR, PIPEDA, CCPA/CPRA, and others).
- Collaborate with legal and data governance teams to help ensure compliance with data protection and financial crime regulations.
- Assist with FINTRAC-related compliance requirements, including reporting and risk assessments related to AML/ATF obligations.
- Monitor regulatory changes (privacy, AML, financial crime) and help align internal processes accordingly.
Advisory & Awareness
- Partner with business and technical teams to support the embedding of risk and compliance into projects and initiatives.
- Assist in delivering reporting and insights (dashboards, risk metrics, summaries) for leadership.
- Contribute to Benevity’s Security Awareness & Training program, including awareness campaigns, training modules, and phishing simulations.
- Contribute to training, documentation, and awareness activities that strengthen Benevity’s security, privacy, and compliance culture.
What you'll bring:
- 2–4 years of experience in cybersecurity, governance, risk, compliance, or privacy, ideally in a SaaS or technology-driven environment. (For a Junior GRC Analyst, we welcome candidates with 0–2 years of experience, including relevant internship, co-op, or academic project experience.)
- Working knowledge of security, privacy, and regulatory frameworks including ISO 27001, NIST, SOC 2, PCI DSS, GDPR, PIPEDA, FINTRAC, and/or CCPA/CPRA.
- Exposure to or experience with GRC tooling (e.g., OneTrust, Hyperproof, SecurityPal, AuditBoard, Drata) to support policy, risk, audit, privacy, and vendor risk workflows.
- Familiarity with risk assessment methodologies, vendor risk concepts, and compliance evidence gathering.
- Experience or willingness to support client due diligence processes (security questionnaires, RFPs, TPRM).
- Ability to communicate risk, security, privacy, and regulatory concepts clearly to both technical and non-technical stakeholders.
- Strong organizational skills, attention to detail, and a proactive approach to learning and problem-solving.
- An interest in leveraging automation and AI to streamline GRC processes and enhance efficiency is a plus.
- Certifications such as Security+, CISM, CISA, CRISC, or CIPM/CIPP are valued; candidates actively pursuing certification are encouraged to apply.
Discover your purpose at work
We’re not employees, we’re Benevity-ites. From all locations, backgrounds and walks of life, who deserve more …
Innovative work. Growth opportunities. Caring co-workers. And a chance to do work that fills us with a sense of purpose.
If the idea of working on tech that helps people do good in the world lights you up ... If you want a career where you’re valued for who you are and challenged to see who you can become …
It’s time to join Benevity. We’re so excited to meet you.
Where We Work
At Benevity, we embrace a flexible hybrid approach to where we work that empowers our people in a way that supports great work, strong relationships, and personal well-being. For those located near one of our offices, while there’s no set requirement for in-office time, we do value the moments when coming together in person helps us build connection and collaboration. Whether it’s for onboarding, project work, or a chance to align and bond as a team, we trust our people to make thoughtful decisions about when showing up in person matters most.
Join a company where DEIB isn’t a buzzword
Diversity, equity, inclusion and belonging are part of Benevity’s DNA. You’ll see the impact of our massive investment in DEIB daily — from our well-supported employee resources groups to the exceptional diversity on our leadership and tech teams.
We know that diverse backgrounds, experiences, skills and passions are what move our business and our people forward, so we're committed to creating a culture of belonging with equal opportunities for everyone to shine.
That starts with a fair and accessible hiring process. If you want to feel seen, heard and celebrated, you belong at Benevity.
Candidates with disabilities who may require accommodations throughout the hiring or assessment process are encouraged to reach out to accommodations@benevity.com.
Ready to apply?
Apply to Benevity
Meet Benevity
Benevity is the way the world does good, providing companies (and their employees) with technology to take social action on the issues they care about. Through giving, volunteering, grantmaking, employee resource groups and micro-actions, we help most of the Fortune 100 brands build better cultures and use their power for good. We’re also one of the first B Corporations in Canada, meaning we’re as committed to purpose as we are to profits. We have people working all over the world, including Canada, Spain, Switzerland, the United Kingdom, the United States and more!
High-Level Overview
Benevity is seeking a Governance, Risk & Compliance (GRC) Analyst to support and grow our security governance, risk, privacy, and regulatory program. In this role, you will contribute to the execution of Benevity’s GRC program by supporting compliance activities, assisting with risk assessments, contributing to third-party risk management, responding to client due diligence requests, and helping maintain the policies and controls that strengthen trust with our clients, partners, and stakeholders.
Working alongside experienced GRC professionals, you will build your skills in information security, compliance, and risk management while helping ensure Benevity aligns with leading standards, privacy laws, and regulatory requirements. This is a hands-on role with significant learning and growth opportunities across governance, risk, audit, and privacy domains.
What you'll do:
Governance & Policy
- Assist in maintaining and rolling out security and privacy policies, standards, and control frameworks aligned to ISO 27001, SOC 2, NIST, PCI DSS, GDPR, PIPEDA, FINTRAC, and other global regulations.
- Support policy exception management, attestation processes, and identify opportunities for process improvement.
Risk Management
- Assist with enterprise risk assessments, including vendor and process-level reviews.
- Support maintenance of the risk register, track remediation activities, and assist with risk treatment planning.
- Contribute to Benevity’s Third-Party Risk Management (TPRM) program, including vendor onboarding assessments, ongoing monitoring, and remediation tracking.
Compliance & Audit
- Support audit readiness and response efforts for ISO 27001, SOC 2, PCI DSS, GDPR, PIPEDA, FINTRAC, and other frameworks.
- Assist with evidence gathering, control validation, and auditor engagement.
- Leverage GRC platforms to support audit, privacy, and compliance workflows.
Client Support & Sales Enablement
- Support the sales process by responding to client inquiries related to security, privacy, and compliance.
- Complete customer security questionnaires, RFPs, and third-party risk management (TPRM) requests.
- Partner with sales and client success teams to provide timely, accurate responses that build client trust.
Privacy and Regulatory
- Support privacy-related initiatives across jurisdictions (GDPR, PIPEDA, CCPA/CPRA, and others).
- Collaborate with legal and data governance teams to help ensure compliance with data protection and financial crime regulations.
- Assist with FINTRAC-related compliance requirements, including reporting and risk assessments related to AML/ATF obligations.
- Monitor regulatory changes (privacy, AML, financial crime) and help align internal processes accordingly.
Advisory & Awareness
- Partner with business and technical teams to support the embedding of risk and compliance into projects and initiatives.
- Assist in delivering reporting and insights (dashboards, risk metrics, summaries) for leadership.
- Contribute to Benevity’s Security Awareness & Training program, including awareness campaigns, training modules, and phishing simulations.
- Contribute to training, documentation, and awareness activities that strengthen Benevity’s security, privacy, and compliance culture.
What you'll bring:
- 2–4 years of experience in cybersecurity, governance, risk, compliance, or privacy, ideally in a SaaS or technology-driven environment. (For a Junior GRC Analyst, we welcome candidates with 0–2 years of experience, including relevant internship, co-op, or academic project experience.)
- Working knowledge of security, privacy, and regulatory frameworks including ISO 27001, NIST, SOC 2, PCI DSS, GDPR, PIPEDA, FINTRAC, and/or CCPA/CPRA.
- Exposure to or experience with GRC tooling (e.g., OneTrust, Hyperproof, SecurityPal, AuditBoard, Drata) to support policy, risk, audit, privacy, and vendor risk workflows.
- Familiarity with risk assessment methodologies, vendor risk concepts, and compliance evidence gathering.
- Experience or willingness to support client due diligence processes (security questionnaires, RFPs, TPRM).
- Ability to communicate risk, security, privacy, and regulatory concepts clearly to both technical and non-technical stakeholders.
- Strong organizational skills, attention to detail, and a proactive approach to learning and problem-solving.
- An interest in leveraging automation and AI to streamline GRC processes and enhance efficiency is a plus.
- Certifications such as Security+, CISM, CISA, CRISC, or CIPM/CIPP are valued; candidates actively pursuing certification are encouraged to apply.
Discover your purpose at work
We’re not employees, we’re Benevity-ites. From all locations, backgrounds and walks of life, who deserve more …
Innovative work. Growth opportunities. Caring co-workers. And a chance to do work that fills us with a sense of purpose.
If the idea of working on tech that helps people do good in the world lights you up ... If you want a career where you’re valued for who you are and challenged to see who you can become …
It’s time to join Benevity. We’re so excited to meet you.
Where We Work
At Benevity, we embrace a flexible hybrid approach to where we work that empowers our people in a way that supports great work, strong relationships, and personal well-being. For those located near one of our offices, while there’s no set requirement for in-office time, we do value the moments when coming together in person helps us build connection and collaboration. Whether it’s for onboarding, project work, or a chance to align and bond as a team, we trust our people to make thoughtful decisions about when showing up in person matters most.
Join a company where DEIB isn’t a buzzword
Diversity, equity, inclusion and belonging are part of Benevity’s DNA. You’ll see the impact of our massive investment in DEIB daily — from our well-supported employee resources groups to the exceptional diversity on our leadership and tech teams.
We know that diverse backgrounds, experiences, skills and passions are what move our business and our people forward, so we're committed to creating a culture of belonging with equal opportunities for everyone to shine.
That starts with a fair and accessible hiring process. If you want to feel seen, heard and celebrated, you belong at Benevity.
Candidates with disabilities who may require accommodations throughout the hiring or assessment process are encouraged to reach out to accommodations@benevity.com.
Ready to apply?
Apply to Benevity
Meet Benevity
Benevity is the way the world does good, providing companies (and their employees) with technology to take social action on the issues they care about. Through giving, volunteering, grantmaking, employee resource groups and micro-actions, we help most of the Fortune 100 brands build better cultures and use their power for good. We’re also one of the first B Corporations in Canada, meaning we’re as committed to purpose as we are to profits. We have people working all over the world, including Canada, Spain, Switzerland, the United Kingdom, the United States and more!
High-Level Overview
Benevity is seeking a Governance, Risk & Compliance (GRC) Analyst to support and grow our security governance, risk, privacy, and regulatory program. In this role, you will contribute to the execution of Benevity’s GRC program by supporting compliance activities, assisting with risk assessments, contributing to third-party risk management, responding to client due diligence requests, and helping maintain the policies and controls that strengthen trust with our clients, partners, and stakeholders.
Working alongside experienced GRC professionals, you will build your skills in information security, compliance, and risk management while helping ensure Benevity aligns with leading standards, privacy laws, and regulatory requirements. This is a hands-on role with significant learning and growth opportunities across governance, risk, audit, and privacy domains.
What you'll do:
Governance & Policy
- Assist in maintaining and rolling out security and privacy policies, standards, and control frameworks aligned to ISO 27001, SOC 2, NIST, PCI DSS, GDPR, PIPEDA, FINTRAC, and other global regulations.
- Support policy exception management, attestation processes, and identify opportunities for process improvement.
Risk Management
- Assist with enterprise risk assessments, including vendor and process-level reviews.
- Support maintenance of the risk register, track remediation activities, and assist with risk treatment planning.
- Contribute to Benevity’s Third-Party Risk Management (TPRM) program, including vendor onboarding assessments, ongoing monitoring, and remediation tracking.
Compliance & Audit
- Support audit readiness and response efforts for ISO 27001, SOC 2, PCI DSS, GDPR, PIPEDA, FINTRAC, and other frameworks.
- Assist with evidence gathering, control validation, and auditor engagement.
- Leverage GRC platforms to support audit, privacy, and compliance workflows.
Client Support & Sales Enablement
- Support the sales process by responding to client inquiries related to security, privacy, and compliance.
- Complete customer security questionnaires, RFPs, and third-party risk management (TPRM) requests.
- Partner with sales and client success teams to provide timely, accurate responses that build client trust.
Privacy and Regulatory
- Support privacy-related initiatives across jurisdictions (GDPR, PIPEDA, CCPA/CPRA, and others).
- Collaborate with legal and data governance teams to help ensure compliance with data protection and financial crime regulations.
- Assist with FINTRAC-related compliance requirements, including reporting and risk assessments related to AML/ATF obligations.
- Monitor regulatory changes (privacy, AML, financial crime) and help align internal processes accordingly.
Advisory & Awareness
- Partner with business and technical teams to support the embedding of risk and compliance into projects and initiatives.
- Assist in delivering reporting and insights (dashboards, risk metrics, summaries) for leadership.
- Contribute to Benevity’s Security Awareness & Training program, including awareness campaigns, training modules, and phishing simulations.
- Contribute to training, documentation, and awareness activities that strengthen Benevity’s security, privacy, and compliance culture.
What you'll bring:
- 2–4 years of experience in cybersecurity, governance, risk, compliance, or privacy, ideally in a SaaS or technology-driven environment. (For a Junior GRC Analyst, we welcome candidates with 0–2 years of experience, including relevant internship, co-op, or academic project experience.)
- Working knowledge of security, privacy, and regulatory frameworks including ISO 27001, NIST, SOC 2, PCI DSS, GDPR, PIPEDA, FINTRAC, and/or CCPA/CPRA.
- Exposure to or experience with GRC tooling (e.g., OneTrust, Hyperproof, SecurityPal, AuditBoard, Drata) to support policy, risk, audit, privacy, and vendor risk workflows.
- Familiarity with risk assessment methodologies, vendor risk concepts, and compliance evidence gathering.
- Experience or willingness to support client due diligence processes (security questionnaires, RFPs, TPRM).
- Ability to communicate risk, security, privacy, and regulatory concepts clearly to both technical and non-technical stakeholders.
- Strong organizational skills, attention to detail, and a proactive approach to learning and problem-solving.
- An interest in leveraging automation and AI to streamline GRC processes and enhance efficiency is a plus.
- Certifications such as Security+, CISM, CISA, CRISC, or CIPM/CIPP are valued; candidates actively pursuing certification are encouraged to apply.
Discover your purpose at work
We’re not employees, we’re Benevity-ites. From all locations, backgrounds and walks of life, who deserve more …
Innovative work. Growth opportunities. Caring co-workers. And a chance to do work that fills us with a sense of purpose.
If the idea of working on tech that helps people do good in the world lights you up ... If you want a career where you’re valued for who you are and challenged to see who you can become …
It’s time to join Benevity. We’re so excited to meet you.
Where We Work
At Benevity, we embrace a flexible hybrid approach to where we work that empowers our people in a way that supports great work, strong relationships, and personal well-being. For those located near one of our offices, while there’s no set requirement for in-office time, we do value the moments when coming together in person helps us build connection and collaboration. Whether it’s for onboarding, project work, or a chance to align and bond as a team, we trust our people to make thoughtful decisions about when showing up in person matters most.
Join a company where DEIB isn’t a buzzword
Diversity, equity, inclusion and belonging are part of Benevity’s DNA. You’ll see the impact of our massive investment in DEIB daily — from our well-supported employee resources groups to the exceptional diversity on our leadership and tech teams.
We know that diverse backgrounds, experiences, skills and passions are what move our business and our people forward, so we're committed to creating a culture of belonging with equal opportunities for everyone to shine.
That starts with a fair and accessible hiring process. If you want to feel seen, heard and celebrated, you belong at Benevity.
Candidates with disabilities who may require accommodations throughout the hiring or assessment process are encouraged to reach out to accommodations@benevity.com.
Ready to apply?
Apply to Benevity
Meet Benevity
Benevity is the way the world does good, providing companies (and their employees) with technology to take social action on the issues they care about. Through giving, volunteering, grantmaking, employee resource groups and micro-actions, we help most of the Fortune 100 brands build better cultures and use their power for good. We’re also one of the first B Corporations in Canada, meaning we’re as committed to purpose as we are to profits. We have people working all over the world, including Canada, Spain, Switzerland, the United Kingdom, the United States and more!
High-Level Overview
Benevity is seeking a Governance, Risk & Compliance (GRC) Analyst to support and grow our security governance, risk, privacy, and regulatory program. In this role, you will contribute to the execution of Benevity’s GRC program by supporting compliance activities, assisting with risk assessments, contributing to third-party risk management, responding to client due diligence requests, and helping maintain the policies and controls that strengthen trust with our clients, partners, and stakeholders.
Working alongside experienced GRC professionals, you will build your skills in information security, compliance, and risk management while helping ensure Benevity aligns with leading standards, privacy laws, and regulatory requirements. This is a hands-on role with significant learning and growth opportunities across governance, risk, audit, and privacy domains.
What you'll do:
Governance & Policy
- Assist in maintaining and rolling out security and privacy policies, standards, and control frameworks aligned to ISO 27001, SOC 2, NIST, PCI DSS, GDPR, PIPEDA, FINTRAC, and other global regulations.
- Support policy exception management, attestation processes, and identify opportunities for process improvement.
Risk Management
- Assist with enterprise risk assessments, including vendor and process-level reviews.
- Support maintenance of the risk register, track remediation activities, and assist with risk treatment planning.
- Contribute to Benevity’s Third-Party Risk Management (TPRM) program, including vendor onboarding assessments, ongoing monitoring, and remediation tracking.
Compliance & Audit
- Support audit readiness and response efforts for ISO 27001, SOC 2, PCI DSS, GDPR, PIPEDA, FINTRAC, and other frameworks.
- Assist with evidence gathering, control validation, and auditor engagement.
- Leverage GRC platforms to support audit, privacy, and compliance workflows.
Client Support & Sales Enablement
- Support the sales process by responding to client inquiries related to security, privacy, and compliance.
- Complete customer security questionnaires, RFPs, and third-party risk management (TPRM) requests.
- Partner with sales and client success teams to provide timely, accurate responses that build client trust.
Privacy and Regulatory
- Support privacy-related initiatives across jurisdictions (GDPR, PIPEDA, CCPA/CPRA, and others).
- Collaborate with legal and data governance teams to help ensure compliance with data protection and financial crime regulations.
- Assist with FINTRAC-related compliance requirements, including reporting and risk assessments related to AML/ATF obligations.
- Monitor regulatory changes (privacy, AML, financial crime) and help align internal processes accordingly.
Advisory & Awareness
- Partner with business and technical teams to support the embedding of risk and compliance into projects and initiatives.
- Assist in delivering reporting and insights (dashboards, risk metrics, summaries) for leadership.
- Contribute to Benevity’s Security Awareness & Training program, including awareness campaigns, training modules, and phishing simulations.
- Contribute to training, documentation, and awareness activities that strengthen Benevity’s security, privacy, and compliance culture.
What you'll bring:
- 2–4 years of experience in cybersecurity, governance, risk, compliance, or privacy, ideally in a SaaS or technology-driven environment. (For a Junior GRC Analyst, we welcome candidates with 0–2 years of experience, including relevant internship, co-op, or academic project experience.)
- Working knowledge of security, privacy, and regulatory frameworks including ISO 27001, NIST, SOC 2, PCI DSS, GDPR, PIPEDA, FINTRAC, and/or CCPA/CPRA.
- Exposure to or experience with GRC tooling (e.g., OneTrust, Hyperproof, SecurityPal, AuditBoard, Drata) to support policy, risk, audit, privacy, and vendor risk workflows.
- Familiarity with risk assessment methodologies, vendor risk concepts, and compliance evidence gathering.
- Experience or willingness to support client due diligence processes (security questionnaires, RFPs, TPRM).
- Ability to communicate risk, security, privacy, and regulatory concepts clearly to both technical and non-technical stakeholders.
- Strong organizational skills, attention to detail, and a proactive approach to learning and problem-solving.
- An interest in leveraging automation and AI to streamline GRC processes and enhance efficiency is a plus.
- Certifications such as Security+, CISM, CISA, CRISC, or CIPM/CIPP are valued; candidates actively pursuing certification are encouraged to apply.
Discover your purpose at work
We’re not employees, we’re Benevity-ites. From all locations, backgrounds and walks of life, who deserve more …
Innovative work. Growth opportunities. Caring co-workers. And a chance to do work that fills us with a sense of purpose.
If the idea of working on tech that helps people do good in the world lights you up ... If you want a career where you’re valued for who you are and challenged to see who you can become …
It’s time to join Benevity. We’re so excited to meet you.
Where We Work
At Benevity, we embrace a flexible hybrid approach to where we work that empowers our people in a way that supports great work, strong relationships, and personal well-being. For those located near one of our offices, while there’s no set requirement for in-office time, we do value the moments when coming together in person helps us build connection and collaboration. Whether it’s for onboarding, project work, or a chance to align and bond as a team, we trust our people to make thoughtful decisions about when showing up in person matters most.
Join a company where DEIB isn’t a buzzword
Diversity, equity, inclusion and belonging are part of Benevity’s DNA. You’ll see the impact of our massive investment in DEIB daily — from our well-supported employee resources groups to the exceptional diversity on our leadership and tech teams.
We know that diverse backgrounds, experiences, skills and passions are what move our business and our people forward, so we're committed to creating a culture of belonging with equal opportunities for everyone to shine.
That starts with a fair and accessible hiring process. If you want to feel seen, heard and celebrated, you belong at Benevity.
Candidates with disabilities who may require accommodations throughout the hiring or assessment process are encouraged to reach out to accommodations@benevity.com.
Ready to apply?
Apply to Benevity
Role Description
As a Risk & Governance Manager at Dropbox, you will join the Governance, Risk, & Compliance (GRC) team, you will help mature and scale programs that enable Dropbox to make thoughtful, risk-informed decisions. This is a broad, cross-functional role supporting multiple areas of the GRC program, including enterprise risk management, AI governance, business resilience, third-party risk, internal controls, audit readiness, and risk reduction initiatives.
You will partner closely with teams across Security, Privacy, Engineering, Product, Legal, and Compliance to identify, assess, prioritize, and reduce risk across Dropbox’s products, services, and operations. This role is ideal for someone who enjoys working across domains, can bring structure to ambiguous problems, and is comfortable translating complex technical, regulatory, and business considerations into practical governance programs.
Additionally, you will be responsible for implementing programs and controls to help us maintain user trust and adhere to Dropbox’s AI principles and trust policies. You will help both Dropbox and our customers make informed decisions about the use of AI products and services.
Responsibilities
Governance Program Management
- Support the design, implementation, and continuous improvement of Dropbox’s Governance, Risk, and Compliance programs, including quantitative risk management (FAIR), governance, controls, compliance readiness, issue management, and risk reporting.
- Plan and execute risk assessments, gap analyses, certification readiness activities, compliance reviews, and audit support processes across areas such as security, privacy, AI, reliability, third-party services, and operational risk.
- Partner with cross-functional stakeholders to identify risks, assess impact and likelihood, define mitigation plans, assign owners, and track risk reduction efforts through completion.
- Drive risk reduction projects that strengthen Dropbox’s control environment, improve operational maturity, and help teams make risk-informed decisions.
- Coordinate improvements to internal risk management systems, workflows, documentation, reporting, and policies to increase consistency, transparency, and program effectiveness.
- Collaborate with internal and external auditors throughout compliance engagements, including evidence collection, stakeholder coordination, gap remediation, and management reporting.
- Support risk reviews of third-party service providers and help connect third-party findings to broader enterprise risk, compliance, and customer trust objectives.
- Lead or support complex, cross-functional governance initiatives, such as software asset management, control rationalization, audit readiness, or risk remediation programs.
- Play an active role in risk incident readiness and response by helping teams prepare for, mitigate, respond to, recover from, and learn from risk events.
AI Governance
- Help implement, maintain, and mature programs that support Dropbox’s AI governance framework, company AI Principles, legal and regulatory obligations, and customer trust commitments.
- Partner with Product, Engineering, Security, Privacy, Legal, Compliance, and business teams to assess AI use cases and define practical governance requirements for intake, documentation, review, approval, monitoring, and issue remediation.
- Support AI risk assessments that consider security, privacy, transparency, reliability, misuse, bias and fairness, data governance, compliance, and operational risk.
- Translate emerging AI regulatory, ethical, and industry expectations into scalable internal policies, standards, controls, and operating practices.
- Develop metrics, KPIs, dashboards, and reporting to communicate AI governance maturity, risk posture, compliance status, and remediation progress to stakeholders and leadership.
- Provide risk-informed guidance to stakeholders and leadership on AI governance decisions, policy updates, regulatory developments, and responsible AI practices.
Business Resilience and Operational Risk
- Support Dropbox’s business resilience program, including business continuity planning, business impact assessments, tabletop exercises, incident readiness, recovery planning, and after-action reviews.
- Partner with key teams to identify critical services, dependencies, operational risks, continuity requirements, and resilience gaps.
- Drive or support tabletop exercises and scenario-based reviews for key teams, helping document lessons learned, owners, timelines, and follow-up actions.
- Track resilience risks and remediation activities, escalating themes, blockers, and emerging risks to appropriate stakeholders or governance forums.
- Help connect business resilience work to broader risk management, compliance, customer trust, audit readiness, and incident response objectives.
Requirements
- 7+ years of experience building or maintaining risk, governance, compliance, audit, business resilience, security, privacy, or related programs
- Experience at a publicly traded, fast paced SaaS company
- Experience managing and reducing AI, security, privacy, or reliability risks
- Knowledge of FAIR quantitative risk methodologies
- Familiarity with a broad range of technical concepts relevant to cloud computing and SaaS environments: logical access, agile development process, security architecture, information security, network security, and privacy
- Strong project management and organizational skills
- Collaborative working style and strong relationship-building skills, with the ability to work effectively with both technical and non-technical teams
- Excellent writing, communication, organizational skills, and strong attention to detail
- Ability to confidently convey nuanced information to senior leaders
- Related professional certifications such as AIGP (AI Governance Professional) or CIPP (Certified Information Privacy Professional) preferred
Preferred Qualifications
- Deep subject matter knowledge in AI governance, security, privacy, or reliability risk, i.e. sufficient technical knowledge to have effective conversations with Dropbox engineers
- Self starter and ability to navigate ambiguity, proven history of owning and delivering a project end-to-end, has strong Executive presence
- Experience completing complex cross-functional projects that can turn into self-sustaining programs as part of a risk team
Compensation
US Zone 1
This role is not available in Zone 1
Ready to apply?
Apply to Dropbox
Role Description
As a Risk & Governance Manager at Dropbox, you will join the Governance, Risk, & Compliance (GRC) team, you will help mature and scale programs that enable Dropbox to make thoughtful, risk-informed decisions. This is a broad, cross-functional role supporting multiple areas of the GRC program, including enterprise risk management, AI governance, business resilience, third-party risk, internal controls, audit readiness, and risk reduction initiatives.
You will partner closely with teams across Security, Privacy, Engineering, Product, Legal, and Compliance to identify, assess, prioritize, and reduce risk across Dropbox’s products, services, and operations. This role is ideal for someone who enjoys working across domains, can bring structure to ambiguous problems, and is comfortable translating complex technical, regulatory, and business considerations into practical governance programs.
Additionally, you will be responsible for implementing programs and controls to help us maintain user trust and adhere to Dropbox’s AI principles and trust policies. You will help both Dropbox and our customers make informed decisions about the use of AI products and services.
Responsibilities
Governance Program Management
- Support the design, implementation, and continuous improvement of Dropbox’s Governance, Risk, and Compliance programs, including quantitative risk management (FAIR), governance, controls, compliance readiness, issue management, and risk reporting.
- Plan and execute risk assessments, gap analyses, certification readiness activities, compliance reviews, and audit support processes across areas such as security, privacy, AI, reliability, third-party services, and operational risk.
- Partner with cross-functional stakeholders to identify risks, assess impact and likelihood, define mitigation plans, assign owners, and track risk reduction efforts through completion.
- Drive risk reduction projects that strengthen Dropbox’s control environment, improve operational maturity, and help teams make risk-informed decisions.
- Coordinate improvements to internal risk management systems, workflows, documentation, reporting, and policies to increase consistency, transparency, and program effectiveness.
- Collaborate with internal and external auditors throughout compliance engagements, including evidence collection, stakeholder coordination, gap remediation, and management reporting.
- Support risk reviews of third-party service providers and help connect third-party findings to broader enterprise risk, compliance, and customer trust objectives.
- Lead or support complex, cross-functional governance initiatives, such as software asset management, control rationalization, audit readiness, or risk remediation programs.
- Play an active role in risk incident readiness and response by helping teams prepare for, mitigate, respond to, recover from, and learn from risk events.
AI Governance
- Help implement, maintain, and mature programs that support Dropbox’s AI governance framework, company AI Principles, legal and regulatory obligations, and customer trust commitments.
- Partner with Product, Engineering, Security, Privacy, Legal, Compliance, and business teams to assess AI use cases and define practical governance requirements for intake, documentation, review, approval, monitoring, and issue remediation.
- Support AI risk assessments that consider security, privacy, transparency, reliability, misuse, bias and fairness, data governance, compliance, and operational risk.
- Translate emerging AI regulatory, ethical, and industry expectations into scalable internal policies, standards, controls, and operating practices.
- Develop metrics, KPIs, dashboards, and reporting to communicate AI governance maturity, risk posture, compliance status, and remediation progress to stakeholders and leadership.
- Provide risk-informed guidance to stakeholders and leadership on AI governance decisions, policy updates, regulatory developments, and responsible AI practices.
Business Resilience and Operational Risk
- Support Dropbox’s business resilience program, including business continuity planning, business impact assessments, tabletop exercises, incident readiness, recovery planning, and after-action reviews.
- Partner with key teams to identify critical services, dependencies, operational risks, continuity requirements, and resilience gaps.
- Drive or support tabletop exercises and scenario-based reviews for key teams, helping document lessons learned, owners, timelines, and follow-up actions.
- Track resilience risks and remediation activities, escalating themes, blockers, and emerging risks to appropriate stakeholders or governance forums.
- Help connect business resilience work to broader risk management, compliance, customer trust, audit readiness, and incident response objectives.
Requirements
- 7+ years of experience building or maintaining risk, governance, compliance, audit, business resilience, security, privacy, or related programs
- Experience at a publicly traded, fast paced SaaS company
- Experience managing and reducing AI, security, privacy, or reliability risks
- Knowledge of FAIR quantitative risk methodologies
- Familiarity with a broad range of technical concepts relevant to cloud computing and SaaS environments: logical access, agile development process, security architecture, information security, network security, and privacy
- Strong project management and organizational skills
- Collaborative working style and strong relationship-building skills, with the ability to work effectively with both technical and non-technical teams
- Excellent writing, communication, organizational skills, and strong attention to detail
- Ability to confidently convey nuanced information to senior leaders
- Related professional certifications such as AIGP (AI Governance Professional) or CIPP (Certified Information Privacy Professional) preferred
Preferred Qualifications
- Deep subject matter knowledge in AI governance, security, privacy, or reliability risk, i.e. sufficient technical knowledge to have effective conversations with Dropbox engineers
- Self starter and ability to navigate ambiguity, proven history of owning and delivering a project end-to-end, has strong Executive presence
- Experience completing complex cross-functional projects that can turn into self-sustaining programs as part of a risk team
Compensation
Ready to apply?
Apply to Dropbox
Toast creates technology to help restaurants and local businesses succeed in a digital world, helping business owners operate, increase sales, engage customers, and keep employees happy.
We are seeking a Principal Technical Risk Analyst to lead and mature Toast’s Technical Risk Program. This role will report to the Sr. Director of Technical Governance, Risk, & Compliance and is part of the Information Security Organization. This is a high-impact, senior individual contributor role responsible for owning the end-to-end cyber risk management program, including risk identification, assessment, reporting, and integration into enterprise risk and leadership decision-making. This role is not about maintaining a process — it is about building, operationalizing, and leading a program that drives real business decisions and outcomes.
You will partner closely with:
- Enterprise Risk Management (ERM)
- Security Engineering, Infrastructure, and Product teams
- Technical Compliance and Governance teams
- Senior leadership and executive forums
You will play a key role in advancing and scaling our Technical Risk program, further strengthening our data-driven approach to risk management and enabling informed, timely decision-making across the business.
A day in the life (Responsibilities)
Own and Lead the Technical Risk Program
- Own the end-to-end cyber risk lifecycle: risk identification, assessment, prioritization, mitigation tracking, and reporting
- Establish and operationalize a scalable risk operating model (risk discovery → intake → assessment → reporting → monitoring)
- Ensure the program operates with a predictable cadence, clear ownership, and strong execution rigor
- Drive adoption of the program across Security, Product, Engineering, and Infrastructure teams
Lead Technical Risk Management Across the Lifecycle
- Lead the end-to-end technical risk management lifecycle through close partnership with cross-functional stakeholders
- Establish and scale risk discovery mechanisms, including:
- Stakeholder engagement across Engineering, Product, Infrastructure, and Security
- Inputs from audits, incidents, assessments, and external signals
- Ensure continuous identification and prioritization of emerging and high-impact risks
- Translate technical issues into clear, business-relevant risk narratives
- Act as a trusted partner and challenger, influencing stakeholders to drive timely risk mitigation and resolution
Drive Risk Program Maturity and Transformation
- Lead the evolution of the technical risk program to support scale, consistency, and improved visibility In partnership with ERM, operate within, suggest enhancements to, and manage the following:
- Risk taxonomy and classification models
- Risk assessment and prioritization frameworks
- Risk-to-control mapping (linking risks to the controls and a Common Controls Framework)
- Own and evolve the use of Optro (fka AuditBoard) RiskOversight as the system of record
- Improve data quality, reporting capabilities, and workflow scalability
- Operationalize the program within AuditBoard RiskOversight (Optro) as the system of record
- Build scalable processes that enable automation, reporting, and AI use cases
Enable Risk Governance and Decision Making Through Risk Insights
- Develop and deliver clear, executive-ready risk reporting and dashboards
- Manage and lead the Technical Risk Subcommittee and related governance forums:
- Prepare committee materials to ensure meetings are structured, actionable, and decision-oriented
- Clearly articulate risks, impacts, and recommended actions
- Provide leadership with:
- Visibility into top risks, mitigation plan progress, and trends
- Clear trade-offs and prioritization inputs
- Partner with Enterprise Risk Management (ERM) to align on risk taxonomy, reporting, and governance
Communicate, report, and escalate upward to the Enterprise Risk and Compliance Committee (ERCC)
What you'll need to thrive (Requirements)
Core Experience
- 8–12+ years of experience in Technical Risk, Security GRC, ERM, or related fields
- Proven experience owning and leading a technical/cyber risk program
- Strong understanding of:
- Cybersecurity domains (cloud, infrastructure, IAM, application security)
- Risk frameworks (NIST CSF, ISO 27001, etc.)
- Experience operating in high-growth, complex, cloud-based environments
Program Leadership & Execution
- Demonstrated ability to:
- Build and operationalize programs from 0 → 1 and 1 → scale
- Drive predictable execution cadence and rigor
- Translate ambiguity into structured, executable plans
- Strong program management discipline (planning, tracking, follow-through)
Risk & Analytical Thinking
- Ability to:
- Translate technical issues into clear risk narratives and business impact
- Prioritize risks based on impact and likelihood
- Drive data-informed decision-making
Communication & Influence
- Exceptional communication skills:
- Executive-ready written and verbal communication
- Ability to structure updates: What / So What / Now What / Decision Needed
- Proven ability to influence:
- Senior stakeholders
- Cross-functional teams without direct authority
Tooling & Systems
- Experience with GRC tools such as:
- Optro (fka AuditBoard-preferred), ServiceNow GRC, Workiva, etc.
- Ability to:
- Drive tool adoption and configuration
- Translate business processes into scalable system workflows
Special Sauce or Bonus Ingredients (Nice-to-Haves)
- Experience integrating technical risk into ERM programs
- Experience building risk dashboards, metrics, and reporting frameworks
- Familiarity with automation, AI, or data-driven GRC approaches
- Relevant certifications (CISSP, CISM, CISA, CRISC)
AI at Toast
At Toast, one of our company values is that we're hungry to build and learn. We believe learning new AI tools empowers us to build for our customers faster, more independently, and with higher quality. We provide these tools across all disciplines, from Engineering and Product to Sales and Support, and are inspired by how our Toasters are already driving real value with them. The people who thrive here are those who embrace changes that let us build more for our customers; it’s a core part of our culture.
Our Total Rewards Philosophy
We strive to provide competitive compensation and benefits programs that help to attract, retain, and motivate the best and brightest people in our industry. Our total rewards package goes beyond great earnings potential and provides the means to a healthy lifestyle with the flexibility to meet Toasters’ changing needs. Learn more about our benefits at https://careers.toasttab.com/toast-benefits.
#LI-Remote
The base salary range for this role is listed below. The starting salary will be determined based on skills, experience, and geographic location. In addition to base salary, our total rewards components include cash compensation (overtime, bonus/commissions if eligible), equity, and benefits.
How Toast Uses AI in its Hiring Process
Throughout the hiring process, our goal is to get to know you. We use AI tools to support our recruiters and interviewers with tasks like note-taking, summarization, and documentation of interviews to ensure they can be fully focused on your conversation. All hiring decisions are made by people. To learn more: https://careers.toasttab.com/ai-in-hiring
Diversity, Equity, and Inclusion is Baked into our Recipe for Success
At Toast, our employees are our secret ingredient—when they thrive, we thrive. The restaurant industry is one of the most diverse, and we embrace that diversity with authenticity, inclusivity, respect, and humility. By embedding these principles into our culture and design, we create equitable opportunities for all and raise the bar in delivering exceptional experiences.
We Thrive Together
We embrace a hybrid work model that fosters in-person collaboration while valuing individual needs. Our goal is to build a strong culture of connection as we work together to empower the restaurant community. To learn more about how we work globally and regionally, check out: https://careers.toasttab.com/locations-toast.
Apply today!
Toast is committed to creating an accessible and inclusive hiring process. As part of this commitment, we strive to provide reasonable accommodations for persons with disabilities to enable them to access the hiring process. If you need an accommodation to access the job application or interview process, please contact candidateaccommodations@toasttab.com.
------
For roles in the United States, it is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.
Ready to apply?
Apply to Toast
Toast creates technology to help restaurants and local businesses succeed in a digital world, helping business owners operate, increase sales, engage customers, and keep employees happy.
We are seeking a Principal Technical Risk Analyst to lead and mature Toast’s Technical Risk Program. This role will report to the Sr. Director of Technical Governance, Risk, & Compliance and is part of the Information Security Organization. This is a high-impact, senior individual contributor role responsible for owning the end-to-end cyber risk management program, including risk identification, assessment, reporting, and integration into enterprise risk and leadership decision-making. This role is not about maintaining a process — it is about building, operationalizing, and leading a program that drives real business decisions and outcomes.
You will partner closely with:
- Enterprise Risk Management (ERM)
- Security Engineering, Infrastructure, and Product teams
- Technical Compliance and Governance teams
- Senior leadership and executive forums
You will play a key role in advancing and scaling our Technical Risk program, further strengthening our data-driven approach to risk management and enabling informed, timely decision-making across the business.
A day in the life (Responsibilities)
Own and Lead the Technical Risk Program
- Own the end-to-end cyber risk lifecycle: risk identification, assessment, prioritization, mitigation tracking, and reporting
- Establish and operationalize a scalable risk operating model (risk discovery → intake → assessment → reporting → monitoring)
- Ensure the program operates with a predictable cadence, clear ownership, and strong execution rigor
- Drive adoption of the program across Security, Product, Engineering, and Infrastructure teams
Lead Technical Risk Management Across the Lifecycle
- Lead the end-to-end technical risk management lifecycle through close partnership with cross-functional stakeholders
- Establish and scale risk discovery mechanisms, including:
- Stakeholder engagement across Engineering, Product, Infrastructure, and Security
- Inputs from audits, incidents, assessments, and external signals
- Ensure continuous identification and prioritization of emerging and high-impact risks
- Translate technical issues into clear, business-relevant risk narratives
- Act as a trusted partner and challenger, influencing stakeholders to drive timely risk mitigation and resolution
Drive Risk Program Maturity and Transformation
- Lead the evolution of the technical risk program to support scale, consistency, and improved visibility In partnership with ERM, operate within, suggest enhancements to, and manage the following:
- Risk taxonomy and classification models
- Risk assessment and prioritization frameworks
- Risk-to-control mapping (linking risks to the controls and a Common Controls Framework)
- Own and evolve the use of Optro (fka AuditBoard) RiskOversight as the system of record
- Improve data quality, reporting capabilities, and workflow scalability
- Operationalize the program within AuditBoard RiskOversight (Optro) as the system of record
- Build scalable processes that enable automation, reporting, and AI use cases
Enable Risk Governance and Decision Making Through Risk Insights
- Develop and deliver clear, executive-ready risk reporting and dashboards
- Manage and lead the Technical Risk Subcommittee and related governance forums:
- Prepare committee materials to ensure meetings are structured, actionable, and decision-oriented
- Clearly articulate risks, impacts, and recommended actions
- Provide leadership with:
- Visibility into top risks, mitigation plan progress, and trends
- Clear trade-offs and prioritization inputs
- Partner with Enterprise Risk Management (ERM) to align on risk taxonomy, reporting, and governance
Communicate, report, and escalate upward to the Enterprise Risk and Compliance Committee (ERCC)
What you'll need to thrive (Requirements)
Core Experience
- 8–12+ years of experience in Technical Risk, Security GRC, ERM, or related fields
- Proven experience owning and leading a technical/cyber risk program
- Strong understanding of:
- Cybersecurity domains (cloud, infrastructure, IAM, application security)
- Risk frameworks (NIST CSF, ISO 27001, etc.)
- Experience operating in high-growth, complex, cloud-based environments
Program Leadership & Execution
- Demonstrated ability to:
- Build and operationalize programs from 0 → 1 and 1 → scale
- Drive predictable execution cadence and rigor
- Translate ambiguity into structured, executable plans
- Strong program management discipline (planning, tracking, follow-through)
Risk & Analytical Thinking
- Ability to:
- Translate technical issues into clear risk narratives and business impact
- Prioritize risks based on impact and likelihood
- Drive data-informed decision-making
Communication & Influence
- Exceptional communication skills:
- Executive-ready written and verbal communication
- Ability to structure updates: What / So What / Now What / Decision Needed
- Proven ability to influence:
- Senior stakeholders
- Cross-functional teams without direct authority
Tooling & Systems
- Experience with GRC tools such as:
- Optro (fka AuditBoard-preferred), ServiceNow GRC, Workiva, etc.
- Ability to:
- Drive tool adoption and configuration
- Translate business processes into scalable system workflows
Special Sauce or Bonus Ingredients (Nice-to-Haves)
- Experience integrating technical risk into ERM programs
- Experience building risk dashboards, metrics, and reporting frameworks
- Familiarity with automation, AI, or data-driven GRC approaches
- Relevant certifications (CISSP, CISM, CISA, CRISC)
AI at Toast
At Toast, one of our company values is that we're hungry to build and learn. We believe learning new AI tools empowers us to build for our customers faster, more independently, and with higher quality. We provide these tools across all disciplines, from Engineering and Product to Sales and Support, and are inspired by how our Toasters are already driving real value with them. The people who thrive here are those who embrace changes that let us build more for our customers; it’s a core part of our culture.
Our Total Rewards Philosophy
We strive to provide competitive compensation and benefits programs that help to attract, retain, and motivate the best and brightest people in our industry. Our total rewards package goes beyond great earnings potential and provides the means to a healthy lifestyle with the flexibility to meet Toasters’ changing needs. Learn more about our benefits at https://careers.toasttab.com/toast-benefits.
#LI-Remote
The base salary range for this role is listed below. The starting salary will be determined based on skills, experience, and geographic location. In addition to base salary, our total rewards components include cash compensation (overtime, bonus/commissions if eligible), equity, and benefits. You can learn more about how we align pay with local labor markets in our Geographic Pay Zone Philosophy.
How Toast Uses AI in its Hiring Process
Throughout the hiring process, our goal is to get to know you. We use AI tools to support our recruiters and interviewers with tasks like note-taking, summarization, and documentation of interviews to ensure they can be fully focused on your conversation. All hiring decisions are made by people. To learn more: https://careers.toasttab.com/ai-in-hiring
Diversity, Equity, and Inclusion is Baked into our Recipe for Success
At Toast, our employees are our secret ingredient—when they thrive, we thrive. The restaurant industry is one of the most diverse, and we embrace that diversity with authenticity, inclusivity, respect, and humility. By embedding these principles into our culture and design, we create equitable opportunities for all and raise the bar in delivering exceptional experiences.
We Thrive Together
We embrace a hybrid work model that fosters in-person collaboration while valuing individual needs. Our goal is to build a strong culture of connection as we work together to empower the restaurant community. To learn more about how we work globally and regionally, check out: https://careers.toasttab.com/locations-toast.
Apply today!
Toast is committed to creating an accessible and inclusive hiring process. As part of this commitment, we strive to provide reasonable accommodations for persons with disabilities to enable them to access the hiring process. If you need an accommodation to access the job application or interview process, please contact candidateaccommodations@toasttab.com.
------
For roles in the United States, it is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.
Ready to apply?
Apply to Toast
Senior GRC Analyst
Share this job
Meet Benevity
Benevity is the way the world does good, providing companies (and their employees) with technology to take social action on the issues they care about. Through giving, volunteering, grantmaking, employee resource groups and micro-actions, we help most of the Fortune 100 brands build better cultures and use their power for good. We’re also one of the first B Corporations in Canada, meaning we’re as committed to purpose as we are to profits. We have people working all over the world, including Canada, Spain, Switzerland, the United Kingdom, the United States and more!
High-Level Overview
Benevity is seeking a Senior Governance, Risk & Compliance (GRC) Analyst to elevate our security governance, risk, privacy, and regulatory posture. In this senior role, you will drive the execution, innovation, and continuous improvement of Benevity’s GRC program. You will lead compliance activities, conduct risk assessments, contribute to third-party risk management, respond to client due diligence requests, support FINTRAC/AML obligations, and influence policies and controls that strengthen trust with our clients, partners, and stakeholders.
As a trusted advisor across teams, you will help ensure Benevity aligns with leading standards, privacy laws, and regulatory requirements while fostering a culture of security, compliance, and accountability. You’ll also mentor junior members of the team, helping to grow Benevity’s next generation of security and compliance professionals, with a focus on developing proactive and innovative approaches to GRC challenges.
What you'll do:
Governance & Policy
- Contribute to the development, maintenance, and rollout of security and privacy policies, standards, and control frameworks aligned to ISO 27001, SOC 2, NIST, PCI DSS, GDPR, PIPEDA, FINTRAC, and other global regulations.
- Support policy approval, exception management, and attestation processes, actively seeking opportunities for process improvement and automation
Risk Management
- Lead and execute enterprise-wide risk assessments, including vendor and process-level reviews.
- Maintain and improve the risk register, track remediation activities, and support risk treatment planning.
- Contribute to Benevity’s Third-Party Risk Management (TPRM) program, including vendor onboarding assessments, ongoing monitoring, and remediation tracking.
Compliance & Audit
- Lead audit readiness and response efforts for ISO 27001, SOC 2, PCI DSS, GDPR, PIPEDA, FINTRAC, and other frameworks.
- Coordinate evidence gathering, control validation, and auditor engagement.
- Leverage GRC platforms to streamline audit, privacy, and compliance workflows.
Client Support & Sales Enablement
- Support the sales process by responding to client inquiries related to security, privacy, and compliance.
- Complete customer security questionnaires, RFPs, and third-party risk management (TPRM) requests.
- Partner with sales and client success teams to provide timely, accurate responses that build client trust.
Privacy and Regulatory
- Support privacy-related initiatives across jurisdictions (GDPR, PIPEDA, CCPA/CPRA, and others).
- Collaborate with legal and data governance teams to ensure compliance with data protection and financial crime regulations.
- Assist with FINTRAC-related compliance requirements, including reporting and risk assessments related to AML/ATF obligations.
- Monitor regulatory changes (privacy, AML, financial crime) and help align internal processes accordingly.
Advisory, Awareness & Mentorship
- Partner with business and technical teams to embed risk and compliance into projects and initiatives.
- Deliver reporting and insights (dashboards, risk metrics, executive summaries) for leadership.
- Lead Benevity’s Security Awareness & Training program, including the design, delivery, and continuous improvement of awareness campaigns, training modules, and phishing simulations.
- Contribute to training, documentation, and awareness activities that strengthen Benevity’s security, privacy, and compliance culture.
- Mentor and coach junior team members, providing guidance, feedback, and knowledge sharing to support their growth and development.
What you'll bring:
- 5+ years of experience in cybersecurity, governance, risk, compliance, or privacy, ideally in a SaaS or high-growth environment.
- Strong knowledge of security, privacy, and regulatory frameworks including ISO 27001, NIST, SOC 2, PCI DSS, GDPR, PIPEDA, FINTRAC, and CCPA/CPRA.
- Hands-on experience with GRC tooling (e.g., OneTrust, Hyperproof, SecurityPal, AuditBoard, Drata) to manage policies, risks, audits, privacy, and vendor risk workflows.
- Proven success in conducting risk assessments, managing vendor risk/TPRM, maintaining risk registers, and driving remediation.
- Experience supporting client due diligence processes (security questionnaires, RFPs, TPRM).
- Ability to clearly communicate risk, security, privacy, and regulatory concepts to both technical and non-technical stakeholders.
- Strong organizational and project management skills with experience leading cross-functional initiatives.
- A demonstrated interest and track record in leveraging automation and AI to streamline GRC processes and enhance efficiency.
- Certifications such as CISM, CRISC, CISSP, CISA, or CIPM/CIPP are highly valued.
Discover your purpose at work
We’re not employees, we’re Benevity-ites. From all locations, backgrounds and walks of life, who deserve more …
Innovative work. Growth opportunities. Caring co-workers. And a chance to do work that fills us with a sense of purpose.
If the idea of working on tech that helps people do good in the world lights you up ... If you want a career where you’re valued for who you are and challenged to see who you can become …
It’s time to join Benevity. We’re so excited to meet you.
Where We Work
At Benevity, we embrace a flexible hybrid approach to where we work that empowers our people in a way that supports great work, strong relationships, and personal well-being. For those located near one of our offices, while there’s no set requirement for in-office time, we do value the moments when coming together in person helps us build connection and collaboration. Whether it’s for onboarding, project work, or a chance to align and bond as a team, we trust our people to make thoughtful decisions about when showing up in person matters most.
Join a company where DEIB isn’t a buzzword
Diversity, equity, inclusion and belonging are part of Benevity’s DNA. You’ll see the impact of our massive investment in DEIB daily — from our well-supported employee resources groups to the exceptional diversity on our leadership and tech teams.
We know that diverse backgrounds, experiences, skills and passions are what move our business and our people forward, so we're committed to creating a culture of belonging with equal opportunities for everyone to shine.
That starts with a fair and accessible hiring process. If you want to feel seen, heard and celebrated, you belong at Benevity.
Candidates with disabilities who may require accommodations throughout the hiring or assessment process are encouraged to reach out to accommodations@benevity.com.
Ready to apply?
Apply to Benevity
Principal Information Security Analyst
Share this job
Meet Benevity
Benevity is the way the world does good, providing companies (and their employees) with technology to take social action on the issues they care about. Through giving, volunteering, grantmaking, employee resource groups and micro-actions, we help most of the Fortune 100 brands build better cultures and use their power for good. We’re also one of the first B Corporations in Canada, meaning we’re as committed to purpose as we are to profits. We have people working all over the world, including Canada, Spain, Switzerland, the United Kingdom, the United States and more!
High Level Role Overview
Benevity is looking for a Principal Information Security Analyst to join our Security Operations team. In this senior-level role, you will provide technical leadership and operational oversight across a team of analysts responsible for threat detection, alert triage, incident response, and vulnerability management.
This role is ideal for someone with deep hands-on experience in security operations who is also energized by the opportunity to work alongside AI. We are actively integrating AI tools into our SecOps practice to accelerate triage, investigation, detection engineering, and analyst productivity, and this role will play a meaningful part in shaping how we do that. You should be comfortable navigating AI tools, building your own skills with them, identifying practical use cases, and partnering with the team to put them into production.
You will serve as both a senior escalation point and a coach, helping elevate the team's ability to respond to threats in a cloud-native environment while modernizing how the work gets done.
What you'll do:
- Lead daily Security Operations workflows, including triage, escalation, and resolution of alerts from core security tooling such as EDR, WAF, CSPM, SIEM, and cloud-native platforms
- Lead and coordinate security incident response across the full lifecycle, from detection and containment through eradication, recovery, and lessons learned, serving as incident commander for significant events
- Drive and oversee the triage, investigation, and resolution of alerts generated across all security tooling, not just those escalated by the MDR provider
- Act as the technical lead and escalation point for Managed Detection and Response (MDR) activities, ensuring timely review and validation of escalated alerts
- Identify, evaluate, and operationalize AI-assisted approaches to SecOps work, including AI-augmented triage, investigation, summarization, detection engineering, and reporting
- Build your own fluency with AI tooling and help the broader team develop the same skills, sharing patterns that work and being honest about ones that don't
- Apply a healthy degree of skepticism to AI outputs, validating findings and helping the team understand where AI assists the work and where human judgment still owns the decision
- Develop and continuously refine incident response processes, detection logic, and triage playbooks to improve clarity and effectiveness
- Oversee the vulnerability management lifecycle, ensuring timely identification, prioritization, remediation tracking, and stakeholder coordination
- Collaborate with GRC, Product Security, DevOps, and Infrastructure teams to improve detection coverage, alert fidelity, and log quality
- Partner with our Senior Fraud Analyst on cross-functional investigations where fraud and cyber threats intersect, contributing SecOps expertise without owning the fraud function day-to-day
- Serve as a subject matter expert in cloud-native security operations with strong understanding of containerized and API-driven environments
- Support the development, tracking, and reporting of KPIs and metrics to measure and improve team performance
- Conduct post-incident reviews and root-cause analysis, driving preventive control enhancements
- Mentor junior and mid-level analysts, providing feedback, coaching, and opportunities for growth
What you'll bring:
- 7+ years of experience in information security or security operations, with at least 2 years in a team lead or senior analyst capacity
- Proven experience triaging and responding to alerts across a broad suite of tools including CSPM, WAF, EDR, SIEM, and cloud-native logging platforms
- Familiarity with MDR service models and hands-on experience validating escalated alerts
- Hands-on experience leading security incident response, including acting as incident commander, coordinating cross-functional responders, managing communications, and producing post-incident artifacts
- Practical experience using AI tools in a security or technical context, with a clear point of view on where they add value, where they fall short, and how to get them production-ready
- Curiosity and willingness to keep building AI skills as the tooling evolves, and an interest in helping teammates do the same
- Awareness of the security considerations that come with using AI tools in a SecOps environment (data handling, prompt hygiene, output validation)
- Demonstrated ability to work independently, while recognizing when to seek input or escalate appropriately
- Strong critical thinking and communication skills with the ability to analyze complex data, challenge assumptions, and drive resolution
- Experience developing or refining operational playbooks, triage guides, and incident workflows
- Deep understanding of cloud security best practices, threat detection, and modern attacker tactics, techniques, and procedures
- Familiarity with common security frameworks such as NIST CSF, CIS Controls, and ISO 27001
- A strong sense of ownership and accountability, with the ability to act as a self-starter who can lead initiatives from concept to completion
- Demonstrated ability to collaborate across technical and non-technical teams to drive effective outcomes
- Experience fostering a positive and inclusive team environment, with a focus on team building, talent development, and shared success
- A passion for teaching and mentoring others, helping team members grow their skills and confidence
- Preferred certifications include GCIH, GCFA, OSCP, or CISSP
Discover your purpose at work
We’re not employees, we’re Benevity-ites. From all locations, backgrounds and walks of life, who deserve more …
Innovative work. Growth opportunities. Caring co-workers. And a chance to do work that fills us with a sense of purpose.
If the idea of working on tech that helps people do good in the world lights you up ... If you want a career where you’re valued for who you are and challenged to see who you can become …
It’s time to join Benevity. We’re so excited to meet you.
Where We Work
At Benevity, we embrace a flexible hybrid approach to where we work that empowers our people in a way that supports great work, strong relationships, and personal well-being. For those located near one of our offices, while there’s no set requirement for in-office time, we do value the moments when coming together in person helps us build connection and collaboration. Whether it’s for onboarding, project work, or a chance to align and bond as a team, we trust our people to make thoughtful decisions about when showing up in person matters most.
Join a company where DEIB isn’t a buzzword
Diversity, equity, inclusion and belonging are part of Benevity’s DNA. You’ll see the impact of our massive investment in DEIB daily — from our well-supported employee resources groups to the exceptional diversity on our leadership and tech teams.
We know that diverse backgrounds, experiences, skills and passions are what move our business and our people forward, so we're committed to creating a culture of belonging with equal opportunities for everyone to shine.
That starts with a fair and accessible hiring process. If you want to feel seen, heard and celebrated, you belong at Benevity.
Candidates with disabilities who may require accommodations throughout the hiring or assessment process are encouraged to reach out to accommodations@benevity.com.
Ready to apply?
Apply to Benevity
Meet Benevity
Benevity is the way the world does good, providing companies (and their employees) with technology to take social action on the issues they care about. Through giving, volunteering, grantmaking, employee resource groups and micro-actions, we help most of the Fortune 100 brands build better cultures and use their power for good. We’re also one of the first B Corporations in Canada, meaning we’re as committed to purpose as we are to profits. We have people working all over the world, including Canada, Spain, Switzerland, the United Kingdom, the United States and more!
High Level Role Overview
Benevity is looking for a Principal Information Security Analyst to join our Security Operations team. In this senior-level role, you will provide technical leadership and operational oversight across a team of analysts responsible for threat detection, alert triage, incident response, and vulnerability management.
This role is ideal for someone with deep hands-on experience in security operations who is also energized by the opportunity to work alongside AI. We are actively integrating AI tools into our SecOps practice to accelerate triage, investigation, detection engineering, and analyst productivity, and this role will play a meaningful part in shaping how we do that. You should be comfortable navigating AI tools, building your own skills with them, identifying practical use cases, and partnering with the team to put them into production.
You will serve as both a senior escalation point and a coach, helping elevate the team's ability to respond to threats in a cloud-native environment while modernizing how the work gets done.
What you'll do:
- Lead daily Security Operations workflows, including triage, escalation, and resolution of alerts from core security tooling such as EDR, WAF, CSPM, SIEM, and cloud-native platforms
- Lead and coordinate security incident response across the full lifecycle, from detection and containment through eradication, recovery, and lessons learned, serving as incident commander for significant events
- Drive and oversee the triage, investigation, and resolution of alerts generated across all security tooling, not just those escalated by the MDR provider
- Act as the technical lead and escalation point for Managed Detection and Response (MDR) activities, ensuring timely review and validation of escalated alerts
- Identify, evaluate, and operationalize AI-assisted approaches to SecOps work, including AI-augmented triage, investigation, summarization, detection engineering, and reporting
- Build your own fluency with AI tooling and help the broader team develop the same skills, sharing patterns that work and being honest about ones that don't
- Apply a healthy degree of skepticism to AI outputs, validating findings and helping the team understand where AI assists the work and where human judgment still owns the decision
- Develop and continuously refine incident response processes, detection logic, and triage playbooks to improve clarity and effectiveness
- Oversee the vulnerability management lifecycle, ensuring timely identification, prioritization, remediation tracking, and stakeholder coordination
- Collaborate with GRC, Product Security, DevOps, and Infrastructure teams to improve detection coverage, alert fidelity, and log quality
- Partner with our Senior Fraud Analyst on cross-functional investigations where fraud and cyber threats intersect, contributing SecOps expertise without owning the fraud function day-to-day
- Serve as a subject matter expert in cloud-native security operations with strong understanding of containerized and API-driven environments
- Support the development, tracking, and reporting of KPIs and metrics to measure and improve team performance
- Conduct post-incident reviews and root-cause analysis, driving preventive control enhancements
- Mentor junior and mid-level analysts, providing feedback, coaching, and opportunities for growth
What you'll bring:
- 7+ years of experience in information security or security operations, with at least 2 years in a team lead or senior analyst capacity
- Proven experience triaging and responding to alerts across a broad suite of tools including CSPM, WAF, EDR, SIEM, and cloud-native logging platforms
- Familiarity with MDR service models and hands-on experience validating escalated alerts
- Hands-on experience leading security incident response, including acting as incident commander, coordinating cross-functional responders, managing communications, and producing post-incident artifacts
- Practical experience using AI tools in a security or technical context, with a clear point of view on where they add value, where they fall short, and how to get them production-ready
- Curiosity and willingness to keep building AI skills as the tooling evolves, and an interest in helping teammates do the same
- Awareness of the security considerations that come with using AI tools in a SecOps environment (data handling, prompt hygiene, output validation)
- Demonstrated ability to work independently, while recognizing when to seek input or escalate appropriately
- Strong critical thinking and communication skills with the ability to analyze complex data, challenge assumptions, and drive resolution
- Experience developing or refining operational playbooks, triage guides, and incident workflows
- Deep understanding of cloud security best practices, threat detection, and modern attacker tactics, techniques, and procedures
- Familiarity with common security frameworks such as NIST CSF, CIS Controls, and ISO 27001
- A strong sense of ownership and accountability, with the ability to act as a self-starter who can lead initiatives from concept to completion
- Demonstrated ability to collaborate across technical and non-technical teams to drive effective outcomes
- Experience fostering a positive and inclusive team environment, with a focus on team building, talent development, and shared success
- A passion for teaching and mentoring others, helping team members grow their skills and confidence
- Preferred certifications include GCIH, GCFA, OSCP, or CISSP
Discover your purpose at work
We’re not employees, we’re Benevity-ites. From all locations, backgrounds and walks of life, who deserve more …
Innovative work. Growth opportunities. Caring co-workers. And a chance to do work that fills us with a sense of purpose.
If the idea of working on tech that helps people do good in the world lights you up ... If you want a career where you’re valued for who you are and challenged to see who you can become …
It’s time to join Benevity. We’re so excited to meet you.
Where We Work
At Benevity, we embrace a flexible hybrid approach to where we work that empowers our people in a way that supports great work, strong relationships, and personal well-being. For those located near one of our offices, while there’s no set requirement for in-office time, we do value the moments when coming together in person helps us build connection and collaboration. Whether it’s for onboarding, project work, or a chance to align and bond as a team, we trust our people to make thoughtful decisions about when showing up in person matters most.
Join a company where DEIB isn’t a buzzword
Diversity, equity, inclusion and belonging are part of Benevity’s DNA. You’ll see the impact of our massive investment in DEIB daily — from our well-supported employee resources groups to the exceptional diversity on our leadership and tech teams.
We know that diverse backgrounds, experiences, skills and passions are what move our business and our people forward, so we're committed to creating a culture of belonging with equal opportunities for everyone to shine.
That starts with a fair and accessible hiring process. If you want to feel seen, heard and celebrated, you belong at Benevity.
Candidates with disabilities who may require accommodations throughout the hiring or assessment process are encouraged to reach out to accommodations@benevity.com.
Ready to apply?
Apply to Benevity
Meet Benevity
Benevity is the way the world does good, providing companies (and their employees) with technology to take social action on the issues they care about. Through giving, volunteering, grantmaking, employee resource groups and micro-actions, we help most of the Fortune 100 brands build better cultures and use their power for good. We’re also one of the first B Corporations in Canada, meaning we’re as committed to purpose as we are to profits. We have people working all over the world, including Canada, Spain, Switzerland, the United Kingdom, the United States and more!
High Level Role Overview
Benevity is looking for a Principal Information Security Analyst to join our Security Operations team. In this senior-level role, you will provide technical leadership and operational oversight across a team of analysts responsible for threat detection, alert triage, incident response, and vulnerability management.
This role is ideal for someone with deep hands-on experience in security operations who is also energized by the opportunity to work alongside AI. We are actively integrating AI tools into our SecOps practice to accelerate triage, investigation, detection engineering, and analyst productivity, and this role will play a meaningful part in shaping how we do that. You should be comfortable navigating AI tools, building your own skills with them, identifying practical use cases, and partnering with the team to put them into production.
You will serve as both a senior escalation point and a coach, helping elevate the team's ability to respond to threats in a cloud-native environment while modernizing how the work gets done.
What you'll do:
- Lead daily Security Operations workflows, including triage, escalation, and resolution of alerts from core security tooling such as EDR, WAF, CSPM, SIEM, and cloud-native platforms
- Lead and coordinate security incident response across the full lifecycle, from detection and containment through eradication, recovery, and lessons learned, serving as incident commander for significant events
- Drive and oversee the triage, investigation, and resolution of alerts generated across all security tooling, not just those escalated by the MDR provider
- Act as the technical lead and escalation point for Managed Detection and Response (MDR) activities, ensuring timely review and validation of escalated alerts
- Identify, evaluate, and operationalize AI-assisted approaches to SecOps work, including AI-augmented triage, investigation, summarization, detection engineering, and reporting
- Build your own fluency with AI tooling and help the broader team develop the same skills, sharing patterns that work and being honest about ones that don't
- Apply a healthy degree of skepticism to AI outputs, validating findings and helping the team understand where AI assists the work and where human judgment still owns the decision
- Develop and continuously refine incident response processes, detection logic, and triage playbooks to improve clarity and effectiveness
- Oversee the vulnerability management lifecycle, ensuring timely identification, prioritization, remediation tracking, and stakeholder coordination
- Collaborate with GRC, Product Security, DevOps, and Infrastructure teams to improve detection coverage, alert fidelity, and log quality
- Partner with our Senior Fraud Analyst on cross-functional investigations where fraud and cyber threats intersect, contributing SecOps expertise without owning the fraud function day-to-day
- Serve as a subject matter expert in cloud-native security operations with strong understanding of containerized and API-driven environments
- Support the development, tracking, and reporting of KPIs and metrics to measure and improve team performance
- Conduct post-incident reviews and root-cause analysis, driving preventive control enhancements
- Mentor junior and mid-level analysts, providing feedback, coaching, and opportunities for growth
What you'll bring:
- 7+ years of experience in information security or security operations, with at least 2 years in a team lead or senior analyst capacity
- Proven experience triaging and responding to alerts across a broad suite of tools including CSPM, WAF, EDR, SIEM, and cloud-native logging platforms
- Familiarity with MDR service models and hands-on experience validating escalated alerts
- Hands-on experience leading security incident response, including acting as incident commander, coordinating cross-functional responders, managing communications, and producing post-incident artifacts
- Practical experience using AI tools in a security or technical context, with a clear point of view on where they add value, where they fall short, and how to get them production-ready
- Curiosity and willingness to keep building AI skills as the tooling evolves, and an interest in helping teammates do the same
- Awareness of the security considerations that come with using AI tools in a SecOps environment (data handling, prompt hygiene, output validation)
- Demonstrated ability to work independently, while recognizing when to seek input or escalate appropriately
- Strong critical thinking and communication skills with the ability to analyze complex data, challenge assumptions, and drive resolution
- Experience developing or refining operational playbooks, triage guides, and incident workflows
- Deep understanding of cloud security best practices, threat detection, and modern attacker tactics, techniques, and procedures
- Familiarity with common security frameworks such as NIST CSF, CIS Controls, and ISO 27001
- A strong sense of ownership and accountability, with the ability to act as a self-starter who can lead initiatives from concept to completion
- Demonstrated ability to collaborate across technical and non-technical teams to drive effective outcomes
- Experience fostering a positive and inclusive team environment, with a focus on team building, talent development, and shared success
- A passion for teaching and mentoring others, helping team members grow their skills and confidence
- Preferred certifications include GCIH, GCFA, OSCP, or CISSP
Discover your purpose at work
We’re not employees, we’re Benevity-ites. From all locations, backgrounds and walks of life, who deserve more …
Innovative work. Growth opportunities. Caring co-workers. And a chance to do work that fills us with a sense of purpose.
If the idea of working on tech that helps people do good in the world lights you up ... If you want a career where you’re valued for who you are and challenged to see who you can become …
It’s time to join Benevity. We’re so excited to meet you.
Where We Work
At Benevity, we embrace a flexible hybrid approach to where we work that empowers our people in a way that supports great work, strong relationships, and personal well-being. For those located near one of our offices, while there’s no set requirement for in-office time, we do value the moments when coming together in person helps us build connection and collaboration. Whether it’s for onboarding, project work, or a chance to align and bond as a team, we trust our people to make thoughtful decisions about when showing up in person matters most.
Join a company where DEIB isn’t a buzzword
Diversity, equity, inclusion and belonging are part of Benevity’s DNA. You’ll see the impact of our massive investment in DEIB daily — from our well-supported employee resources groups to the exceptional diversity on our leadership and tech teams.
We know that diverse backgrounds, experiences, skills and passions are what move our business and our people forward, so we're committed to creating a culture of belonging with equal opportunities for everyone to shine.
That starts with a fair and accessible hiring process. If you want to feel seen, heard and celebrated, you belong at Benevity.
Candidates with disabilities who may require accommodations throughout the hiring or assessment process are encouraged to reach out to accommodations@benevity.com.
Ready to apply?
Apply to Benevity
Customer Success Manager II
Share this job
The Customer Success Manager II is responsible for driving long-term success and growth across a strategic portfolio of enterprise customers. This role serves as the primary business partner and trusted advisor to senior stakeholders, ensuring an exceptional customer experience, strong net revenue retention, high product adoption, and advocacy.
As the key point of contact for Diligent’s solutions, the CSM II leads proactive account management, orchestrates cross-functional resources, and partners closely with Sales and Services to deliver measurable outcomes and expand our footprint within each account.
Key Responsibilities
- Own a portfolio of enterprise accounts with accountability for renewal, net revenue retention, and expansion, leveraging data and insights to proactively manage risk and opportunity.
- Drive product adoption and value realization by developing and executing customer success plans aligned to the customer’s strategic objectives and key outcomes.
- Deliver a best-in-class customer experience across all phases of the customer lifecycle, from onboarding through renewal, coordinating with Implementation, Professional Services, Support, Product, and other internal teams.
- Lead executive-level engagements, including QBRs/EBRs and strategic reviews with C-suite, board administrators, and senior directors, to demonstrate ROI, influence adoption, and surface new opportunities.
- Identify, qualify, and partner on expansion opportunities in close collaboration with the Expansion Sales team, ensuring smooth handoffs, aligned account strategies, and clear growth plans.
- Facilitate successful onboarding and rollout of Diligent products and modules, working alongside the Implementation team to ensure stakeholder alignment, training, and effective change management.
- Build and maintain strong, multi-threaded relationships with key business and technical stakeholders, becoming a trusted advisor who understands their governance, risk, compliance, and operational priorities.
- Act as the voice of the customer internally, providing structured feedback and insights to Product, Marketing, Services, and Operations to influence roadmap and process improvements.
- Monitor account health and usage leveraging dashboards and analytics, intervening early to address risks, drive adoption, and reinforce value.
- Champion customer advocacy, by identifying referenceable customers, case study opportunities, testimonials, and participation in user groups or events.
- Collaborate on process and playbook improvements within the Customer Success organization to drive consistency, scalability, and excellence in how we serve enterprise customers.
Required Experience & Skills
- 5+ years of professional experience, including 2–4+ years in Customer Success, Account Management, or a similar client-facing role within B2B SaaS.
- Proven experience managing mid-market and/or enterprise accounts, with comfort engaging senior and executive stakeholders (Director, VP, C‑Suite).
- Demonstrated track record of meeting or exceeding renewal, retention, and expansion targets.
- Strong experience using CRM tools (preferably Salesforce) to manage accounts, opportunities, and customer health activities.
- Excellent communication and presentation skills, able to translate complex concepts into clear, compelling narratives for multiple stakeholder groups.
- Strong consultative and problem-solving skills, with a natural curiosity about the customer’s business, use cases, and success metrics.
- High level of resilience, ownership, and accountability, with the ability to navigate ambiguity and manage competing priorities across a large book of business.
- Passion for technology and a solution-centric mindset, with the ability to quickly learn new products and articulate their business value.
- Strong organizational skills and attention to detail, with experience managing multiple customers, projects, and deadlines simultaneously.
Preferred Qualifications
- Experience in governance, risk, compliance, legal, or adjacent enterprise software environments is a plus.
- Background working in a matrixed, global organization with cross-functional partners across time zones.
- Familiarity with customer success platforms and data-driven approaches to managing account health and adoption.
About Us
Diligent is the AI leader in governance, risk and compliance (GRC) SaaS solutions, helping more than 1 million users and 700,000 board members to clarify risk and elevate governance. The Diligent One Platform gives practitioners, the C-Suite and the board a consolidated view of their entire GRC practice so they can more effectively manage risk, build greater resilience and make better decisions, faster.
Learn more at diligent.com or follow us on LinkedIn and Facebook
What Diligent Offers You
- Creativity is ingrained in our culture. We are innovative collaborators by nature. We thrive in exploring how things can be differently both in our internal processes and to help our clients
- We care about our people. Diligent offers a flexible work environment, global days of service, comprehensive health benefits, meeting free days, generous time off policy and wellness programs to name a few
- We have teams all over the world. We may be headquartered in New York City, but we have office hubs in Washington D.C., Vancouver, London, Galway, Budapest, Munich, Bengaluru, Singapore, and Sydney.
- Diversity is important to us. Growing, maintaining and promoting a diverse team is a top priority for us. We foster and encourage diversity through our Employee Resource Groups and provide access to resources and education to support the education of our team, facilitate dialogue, and foster understanding.
Diligent created the modern governance movement. Our world-changing idea is to empower leaders with the technology, insights and connections they need to drive greater impact and accountability – to lead with purpose. Our employees are passionate, smart, and creative people who not only want to help build the software company of the future, but who want to make the world a more sustainable, equitable and better place.
Headquartered in New York, Diligent has offices in Washington D.C., London, Galway, Budapest, Vancouver, Bengaluru, Munich, Singapore and Sydney. To foster strong collaboration and connection, this role will follow a hybrid work model. If you are within a commuting distance to one of our Diligent office locations, you will be expected to work onsite at least 50% of the time. We believe that in-person engagement helps drive innovation, teamwork, and a strong sense of community.
We are a drug free workplace. Diligent is proud to be an equal opportunity employer. We do not discriminate based on race, color, religious creed, sex, national origin, ancestry, citizenship status, pregnancy, childbirth, physical disability, mental disability, age, military status, protected veteran status, marital status, registered domestic partner or civil union status, gender (including sex stereotyping and gender identity or expression), medical condition (including, but not limited to, cancer related or HIV/AIDS related), genetic information, or sexual orientation in accordance with applicable federal, state and local laws. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. See also Diligent's EEO Policy and Know Your Rights. We are committed to providing reasonable accommodations for qualified individuals with disabilities and disabled veterans in our job application procedures. If you need assistance or an accommodation due to a disability, you may contact us at recruitment@diligent.com.
To all recruitment agencies: Diligent does not accept unsolicited agency resumes. Please do not forward resumes to our jobs alias, Diligent employees or any other organization location. Diligent is not responsible for any fees related to unsolicited resumes.
Ready to apply?
Apply to Diligent Corporation
Governance, Risk, & Compliance Program Manager
Share this job
Role Description
As a Compliance Program Manager on the Governance, Risk, & Compliance team, you will play a crucial role in building Compliance across our product set.
Protecting Dropbox and our users is critical to being worthy of trust. As a Compliance Program Manager at Dropbox, you will join a growing team to design, implement, and coordinate programs to promote user trust and manage risks to their data. You will work with teams across the organization, including Engineering, Product, Design, and Sales, in order to manage risks to Dropbox and users alike. You will work in depth with other parts of the business to ensure Dropbox meets our security, privacy, and regulatory commitments.
If you are passionate about protecting Dropbox and our users, are looking for an opportunity to stretch and grow yourself in a dynamic team, and thrive in an environment where you can constantly learn, then this role is for you.
Responsibilities
- Promote and foster a culture of trust within and outside of Dropbox.
- Partner with teams to execute on cross-team and/or multi-phase projects from design through implementation against a wide variety of regulatory and compliance frameworks, especially AI-specific standards/frameworks
- Identify the right solutions to clarify and solve ambiguous, open-ended problems across various compliance programs.
- Mature our overall compliance program. Improve and implement controls for internal systems, processes, and policies through bold and innovative approaches and leveraging automation and AI-enabled processes
- Facilitate ongoing AI Governance, Risk and Compliance initiatives and monitor control effectiveness.
- Collaborate with internal teams and external auditors throughout compliance assessments.
- Play an active part in responding and mitigating compliance challenges across multiple time zones and jurisdictions.
- Drive automation efforts across the Compliance function via the AI-enabled GRC automation tools
- Identify opportunities impacting the Compliance function and establish the strategy and cross-functional alignment to achieve these objectives.
- Conduct gap assessments to identify areas of non-compliance or areas for improvement, and develop action plans to address these gaps.
- Provide guidance to management on the impact of new laws and regulations and recommend changes in business practices where necessary
Requirements
- 4+ years of experience building or maintaining programs to mitigate risks around security, confidentiality, integrity, availability, and privacy
- Independently executes and manages projects with high-level direction from a manager
- Consistently utilize AI tools to enhance workflows, evaluate outputs with critical judgment, and help others adopt tools where appropriate.
- Experience facilitating or being the subject of SOC, ISO, HIPAA and/or PCI audits at a fast-paced technology company, public accounting firm, or similar environment
- Experience partnering with Engineering, Product, & Development teams to define compliance needs in a multi-product environment
- Moderate familiarity with a broad range of technical concepts relevant to cloud computing environments: logical access control, agile development process, secure coding principles, security architecture, information security, network security, and privacy
- Experience with implementing compliance programs for emerging new products, including AI enabled products
- Moderate understanding of cloud-based technologies and their implications for governance, risk, and compliance, with a focus on AI compliance needs
- Strong project management and organizational skills - must drive your own projects to completion with high-level direction from a manager, while also fostering collaboration and bringing teams together to achieve common objectives.
- Great people skills and ability to work well in fast paced team environment with a wide range of technical and non-technical teams
- Excellent writing, communication, and organizational skills - strong attention to detail
- Passion to aim higher and develop new skills
- CISA, CISSP, CCSK, CIPP, or other professional certifications/associations required
Preferred Qualifications
- Experience in scaling compliance programs in high-growth technology company
Compensation
US Zone 1
This role is not available in Zone 1
Ready to apply?
Apply to Dropbox
Governance, Risk, & Compliance Program Manager
Share this job
Role Description
As a Compliance Program Manager on the Governance, Risk, & Compliance team, you will play a crucial role in building Compliance across our product set.
Protecting Dropbox and our users is critical to being worthy of trust. As a Compliance Program Manager at Dropbox, you will join a growing team to design, implement, and coordinate programs to promote user trust and manage risks to their data. You will work with teams across the organization, including Engineering, Product, Design, and Sales, in order to manage risks to Dropbox and users alike. You will work in depth with other parts of the business to ensure Dropbox meets our security, privacy, and regulatory commitments.
If you are passionate about protecting Dropbox and our users, are looking for an opportunity to stretch and grow yourself in a dynamic team, and thrive in an environment where you can constantly learn, then this role is for you.
Responsibilities
- Promote and foster a culture of trust within and outside of Dropbox.
- Partner with teams to execute on cross-team and/or multi-phase projects from design through implementation against a wide variety of regulatory and compliance frameworks, especially AI-specific standards/frameworks
- Identify the right solutions to clarify and solve ambiguous, open-ended problems across various compliance programs.
- Mature our overall compliance program. Improve and implement controls for internal systems, processes, and policies through bold and innovative approaches and leveraging automation and AI-enabled processes
- Facilitate ongoing AI Governance, Risk and Compliance initiatives and monitor control effectiveness.
- Collaborate with internal teams and external auditors throughout compliance assessments.
- Play an active part in responding and mitigating compliance challenges across multiple time zones and jurisdictions.
- Drive automation efforts across the Compliance function via the AI-enabled GRC automation tools
- Identify opportunities impacting the Compliance function and establish the strategy and cross-functional alignment to achieve these objectives.
- Conduct gap assessments to identify areas of non-compliance or areas for improvement, and develop action plans to address these gaps.
- Provide guidance to management on the impact of new laws and regulations and recommend changes in business practices where necessary
Requirements
- 4+ years of experience building or maintaining programs to mitigate risks around security, confidentiality, integrity, availability, and privacy
- Independently executes and manages projects with high-level direction from a manager
- Consistently utilize AI tools to enhance workflows, evaluate outputs with critical judgment, and help others adopt tools where appropriate.
- Experience facilitating or being the subject of SOC, ISO, HIPAA and/or PCI audits at a fast-paced technology company, public accounting firm, or similar environment
- Experience partnering with Engineering, Product, & Development teams to define compliance needs in a multi-product environment
- Moderate familiarity with a broad range of technical concepts relevant to cloud computing environments: logical access control, agile development process, secure coding principles, security architecture, information security, network security, and privacy
- Experience with implementing compliance programs for emerging new products, including AI enabled products
- Moderate understanding of cloud-based technologies and their implications for governance, risk, and compliance, with a focus on AI compliance needs
- Strong project management and organizational skills - must drive your own projects to completion with high-level direction from a manager, while also fostering collaboration and bringing teams together to achieve common objectives.
- Great people skills and ability to work well in fast paced team environment with a wide range of technical and non-technical teams
- Excellent writing, communication, and organizational skills - strong attention to detail
- Passion to aim higher and develop new skills
- CISA, CISSP, CCSK, CIPP, or other professional certifications/associations required
Preferred Qualifications
- Experience in scaling compliance programs in high-growth technology company
Compensation
Ready to apply?
Apply to Dropbox
Software Engineering Intern (Fall 2026)
Share this job
Position Overview
We are seeking a passionate and well-rounded candidate to join Diligent’s Platform Administration Services team. As part of this vital group, you will help design, build, and deliver the core services that power Diligent’s platform capabilities supporting our global product suite.
The candidate will have the opportunity to learn and practice effective analysis, design, programming, and testing to produce and maintain scaled SaaS software solutions. The successful candidate will work as part of an established team used to working together to achieve excellent results. Our ideal candidate will be someone who is motivated, proactive and takes pride in their code. It's a 4-month program from September 2026 with the possibility of an extension for another term, depending on performance and mutual interest.
Key Responsibilities:
- Work as part of an agile Platform team and contribute to grooming user stories and ensuring work items are clear and testable.
- Develop and maintain an existing codebase.
- Take part in the team's ceremonies.
- Work on the team's backlog including planning, implementation, testing and release.
Required Experience/Skills
- Self-driven mindset and strong analytical skills.
- University-level programming coursework or comparable coding boot camp qualification.
- Looking for an education in programming and platform development
- Ability to work unsupervised for extended periods.
- Ability to be on-site in our Vancouver Office.
Nice to Have Qualifications (not required):
- Exposure to fullstack web applications including frontend and backend components.
- Exposure to AI tools (such as code assistants, AI debuggers, or design copilots) to enhance software development speed, quality, and creativity.
- Exposure to cloud environments (AWS, Azure, or GCP).
- Exposure to AI and LLM applications, including prompt engineering, RAG pipelines, or semantic search.
- Exposure with infrastructure-as-code, CI/CD pipelines, and observability practices.
- Passion for continuous learning and for exploring how AI can transform software engineering.
We Take Care of Our Team
- Continuous learning opportunities.
- Flexible work arrangements.
- Diversity & engagement programs, company events.
About Us
Diligent is the AI leader in governance, risk and compliance (GRC) SaaS solutions, helping more than 1 million users and 700,000 board members to clarify risk and elevate governance. The Diligent One Platform gives practitioners, the C-Suite and the board a consolidated view of their entire GRC practice so they can more effectively manage risk, build greater resilience and make better decisions, faster.
Learn more at diligent.com or follow us on LinkedIn and Facebook
What Diligent Offers You
- Creativity is ingrained in our culture. We are innovative collaborators by nature. We thrive in exploring how things can be differently both in our internal processes and to help our clients
- We care about our people. Diligent offers a flexible work environment, global days of service, comprehensive health benefits, meeting free days, generous time off policy and wellness programs to name a few
- We have teams all over the world. We may be headquartered in New York City, but we have office hubs in Washington D.C., Vancouver, London, Galway, Budapest, Munich, Bengaluru, Singapore, and Sydney.
- Diversity is important to us. Growing, maintaining and promoting a diverse team is a top priority for us. We foster and encourage diversity through our Employee Resource Groups and provide access to resources and education to support the education of our team, facilitate dialogue, and foster understanding.
Diligent created the modern governance movement. Our world-changing idea is to empower leaders with the technology, insights and connections they need to drive greater impact and accountability – to lead with purpose. Our employees are passionate, smart, and creative people who not only want to help build the software company of the future, but who want to make the world a more sustainable, equitable and better place.
Headquartered in New York, Diligent has offices in Washington D.C., London, Galway, Budapest, Vancouver, Bengaluru, Munich, Singapore and Sydney. To foster strong collaboration and connection, this role will follow a hybrid work model. If you are within a commuting distance to one of our Diligent office locations, you will be expected to work onsite at least 50% of the time. We believe that in-person engagement helps drive innovation, teamwork, and a strong sense of community.
We are a drug free workplace. Diligent is proud to be an equal opportunity employer. We do not discriminate based on race, color, religious creed, sex, national origin, ancestry, citizenship status, pregnancy, childbirth, physical disability, mental disability, age, military status, protected veteran status, marital status, registered domestic partner or civil union status, gender (including sex stereotyping and gender identity or expression), medical condition (including, but not limited to, cancer related or HIV/AIDS related), genetic information, or sexual orientation in accordance with applicable federal, state and local laws. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. See also Diligent's EEO Policy and Know Your Rights. We are committed to providing reasonable accommodations for qualified individuals with disabilities and disabled veterans in our job application procedures. If you need assistance or an accommodation due to a disability, you may contact us at recruitment@diligent.com.
To all recruitment agencies: Diligent does not accept unsolicited agency resumes. Please do not forward resumes to our jobs alias, Diligent employees or any other organization location. Diligent is not responsible for any fees related to unsolicited resumes.
Ready to apply?
Apply to Diligent Corporation
Solution Sales Executive - SLED
Share this job
Position Overview
The Solutions Sales Specialist will play an instrumental role in driving revenue growth for Diligent for existing and new accounts for specialized products. This position will collaborate with Account Executives and Directors to develop pipeline through prospecting, performing inbound and outbound activity to generate pipeline for team members and assume a quota within a territory to close business.
This position will require a commercially astute individual that is confident in showcasing our offerings in a compelling way to customers by uncovering how the customer requirements map to our products as part of the Diligent solutions. The Solutions Sales Specialist I embodies our culture and values and has demonstrated experience collaborating with stakeholders to realize shared goals.
Key Responsibilities
- Demonstrate an in-depth knowledge of Diligent’s solution and specialized products.
- Prospect new leads within existing accounts to drive new opportunities.
- Adopts a ‘solutions’ selling approach, understanding customer needs and developing solutions through the lens of the Diligent solutions.
- Demonstrate Sales excellence by managing the end-to-end sales cycle from opportunity to deal close using the Diligent approved sales methodology.
- Effectively utilize sales tools to prospect new leads, schedule initial meetings, increase win rates and generate bookings.
- Accurately maintain CRM records, forecast and report out on projected bookings, deals closed etc. on a regular basis.
- Proactively gathers external insights of the competitor landscape, including customers’ business strategy and the direction of the industry to inform the creation of strategic account plans.
- Collaborates with Account teams to discover new and growth opportunities, qualify opportunities and build pipeline.
Required Experience/Skills:
- Proven track record of success in account management and achieving revenue targets within the technology or GRC industry.
- SLED experience.
- Familiarity with selling through channel distribution processes.
- Ability to build and maintain relationships with diverse stakeholders at different levels of the organization.
- Continuous learning, including a desire to develop knowledge and expertise in internal products, external industry trends and the customer landscape.
- Strong communication, presentation and influencing skills.
- A high level of curiosity and empathy with the ability to understand a potential customer's context, issues and pain points through effective questioning and listening.
- Self-motivated, results-driven, and ability to work in a fast-paced and dynamic environment.
The posted salary range reflects the base salary for this role. In addition, this position is eligible for commission/variable compensation based on performance.
About Us
Diligent is the AI leader in governance, risk and compliance (GRC) SaaS solutions, helping more than 1 million users and 700,000 board members to clarify risk and elevate governance. The Diligent One Platform gives practitioners, the C-Suite and the board a consolidated view of their entire GRC practice so they can more effectively manage risk, build greater resilience and make better decisions, faster.
Learn more at diligent.com or follow us on LinkedIn and Facebook
What Diligent Offers You
- Creativity is ingrained in our culture. We are innovative collaborators by nature. We thrive in exploring how things can be differently both in our internal processes and to help our clients
- We care about our people. Diligent offers a flexible work environment, global days of service, comprehensive health benefits, meeting free days, generous time off policy and wellness programs to name a few
- We have teams all over the world. We may be headquartered in New York City, but we have office hubs in Washington D.C., Vancouver, London, Galway, Budapest, Munich, Bengaluru, Singapore, and Sydney.
- Diversity is important to us. Growing, maintaining and promoting a diverse team is a top priority for us. We foster and encourage diversity through our Employee Resource Groups and provide access to resources and education to support the education of our team, facilitate dialogue, and foster understanding.
Diligent created the modern governance movement. Our world-changing idea is to empower leaders with the technology, insights and connections they need to drive greater impact and accountability – to lead with purpose. Our employees are passionate, smart, and creative people who not only want to help build the software company of the future, but who want to make the world a more sustainable, equitable and better place.
Headquartered in New York, Diligent has offices in Washington D.C., London, Galway, Budapest, Vancouver, Bengaluru, Munich, Singapore and Sydney. To foster strong collaboration and connection, this role will follow a hybrid work model. If you are within a commuting distance to one of our Diligent office locations, you will be expected to work onsite at least 50% of the time. We believe that in-person engagement helps drive innovation, teamwork, and a strong sense of community.
We are a drug free workplace. Diligent is proud to be an equal opportunity employer. We do not discriminate based on race, color, religious creed, sex, national origin, ancestry, citizenship status, pregnancy, childbirth, physical disability, mental disability, age, military status, protected veteran status, marital status, registered domestic partner or civil union status, gender (including sex stereotyping and gender identity or expression), medical condition (including, but not limited to, cancer related or HIV/AIDS related), genetic information, or sexual orientation in accordance with applicable federal, state and local laws. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. See also Diligent's EEO Policy and Know Your Rights. We are committed to providing reasonable accommodations for qualified individuals with disabilities and disabled veterans in our job application procedures. If you need assistance or an accommodation due to a disability, you may contact us at recruitment@diligent.com.
To all recruitment agencies: Diligent does not accept unsolicited agency resumes. Please do not forward resumes to our jobs alias, Diligent employees or any other organization location. Diligent is not responsible for any fees related to unsolicited resumes.
Ready to apply?
Apply to Diligent Corporation
Vous souhaitez vous épanouir dans un environnement de travail stimulant ? Joignez-vous au leader en transformation numérique et boostez votre carrière chez Levio. Nous vous proposons une opportunité unique de développer votre savoir-faire au sein d’une équipe de haut calibre.
La variété des défis proposés par nos clients vous donnera l’occasion de vous dépasser et de maintenir votre expertise au top. Partagez le quotidien de nos clients et soyez un acteur important dans les projets les plus ambitieux en matière de technologies et de solutions logicielles.
DESCRIPTION DU POSTE :
Nous sommes à la recherche de développeurs ServiceNow pour différents projets d'envergure.
RÔLE ET RESPONSABILITÉS :
En tant que développeur ServiceNow, vous devrez:
- Collaborer avec des équipes inter fonctionnelles pour concevoir et mettre en œuvre des solutions basées sur ServiceNow;
- Concevoir et développer des applications, modules et workflows personnalisés sur la plateforme ServiceNow;
- Développer et maintenir des intégrations ServiceNow avec d'autres systèmes;
- Assurer l'intégrité des données et participer aux tâches régulières de maintenance du système, y compris les mises à niveau et les correctifs;
- Aider à résoudre les problèmes liés au développement, à la configuration et aux performances de ServiceNow;
- Créer et maintenir une documentation technique, y compris la conception du système, les plans de mise en œuvre et les guides utilisateur;
- Fournir un soutien technique et des conseils aux membres de l'équipe et aux parties prenantes;
- Concevoir des tableaux de bord (Dash Board) et rapports;
- Assister à la formation des utilisateurs selon les besoins.
QUALIFICATIONS ET EXPÉRIENCE :
- Diplôme collégial ou universitaire en informatique, en technologie de l'information ou dans un domaine connexe;
- Trois à cinq années d'expérience en développement terrain avec ServiceNow;
- Posséder une certification : ServiceNow System Administrator Certification - CSA;
- Expérience technique sur la plateforme, participation à des mises à jour et application de correctif;
- Expérience d'implantation de la plateforme (nouvelles installations);
- Expertise sur les modules de la plateforme ServiceNow (ITSM, ITOM, ITAM (SAM / HAM), GRC, SecOPS, IRM, CSM);
- Confortable avec les méthodologies Agile Scrum/Kanban, DevOps, et Intégration / Déploiement / Livraison Continue;
- Maîtrise de l'anglais et du français.
AVANTAGES SOCIAUX :
Levio offre plusieurs avantages dans le but d’offrir la plus grande flexibilité possible à ses employés! En plus d’offrir un environnement de travail stimulant et dynamique, nous offrons entre autres :
- 4 semaines de vacances cumulables dès l’embauche
- Horaires flexibles
- Une allocation de développement professionnel (ADP) utilisable pour des formations, de l’équipement informatique et des activités physiques
- Formations adaptées à vos domaines d’expertise
- Régime Enregistré d’Épargne Retraite (REER) avec contribution employeur jusqu’à un maximum de 3% de votre salaire brut.
- Des assurances collectives modulables
- Le transport en commun ou le stationnement est remboursé lorsque requis
- Des primes au référencement de nouveaux candidats
- 11 congés féries
- Des congés personnels
- Une vie sociale active (5 à 7, club social, cafés et collations santé, etc.)
Statut du poste : Temps plein, permanent
Levio souscrit au principe d'équité en emploi et applique un programme d'accès à l'égalité en emploi pour les femmes, les autochtones, les minorités visibles, les minorités ethniques et les personnes en situation d’handicap.
Levio valorise la diversité et de l’inclusion et vise à créer un milieu de travail sain, accessible et gratifiant qui met en valeur la contribution unique de nos employés au succès de notre entreprise. En tant qu'employeur qui s'engage à respecter l'équité en matière d'emploi, nous encourageons les candidatures les plus diverses. Des accommodements sont disponibles sur demande pour les candidats qui participent à tous les aspects du processus de sélection.
Le genre masculin est utilisé sans aucune discrimination et dans le seul but d’alléger le présent texte.
Ready to apply?
Apply to Levio
Security Operations Analyst
Share this job
Position Overview:
The Security Operations team is an agile, exciting, hands-on security operations team focused on protecting Diligent personnel, sites, and assets worldwide. We like to get our hands dirty working closely together and cross-functionally with the greater Security Department. Our goal is to maintain the confidentiality and integrity of customer, employee, and business information in compliance with organization, industry, and regional policies and standards.
Security Operations Analyst II is a part of high impact security operations team focused on protecting Diligent personnel, sites and assets worldwide. As part of the Security team, you will help to with the strategy, development, and deployment of a comprehensive physical and logical security operation programs. The position is responsible for oversight and operations on security event monitoring, incident response, user behavior analysis, threat hunting, in addition to maintaining the confidentiality and integrity of customer, employee, and business information in compliance with organization, industry, and regional policies and standards.
Key Responsibilities
- Actively monitor and respond to security alerts from tools such as SIEM, EDR, CNAP, etc.
- Analyze security alerts and document tuning opportunities to reduce false positives.
- Support change management responsibilities to reduce security risk/impact to corporate systems and networks.
- Contribute to security tooling policies and supporting process enhancement as needed to mature defense controls and facilitate exceptions for BAU operations.
- Initiate and coordinate incident response activities. Maintain documentation and reports for compliance purposes.
- Configure and run network and endpoint vulnerability scans. Closely collaborate with technical teams to mitigate risks through patching and configuration changes.
- Assess and evaluate the suitability of existing and new security tools to bolster the organization’s security posture
Required Experience/Skills
- 3-5 years of information technology experience or the equivalent combination of education, technical training, or work experience.
- Working experience in information security, especially on a Computer/Security Incident Response Team (C/SIRT), Computer Emergency Response Team (CERT), Computer Security Incident Response Center (CSIRC) or a Security Operations Center (SOC)
- Working experience with regulatory compliance and information security management frameworks.
- Strong decision-making capabilities.
- Technical knowledge of anti-virus solutions, virus outbreak management, and the ability to differentiate virus activity from directed attack patterns.
Preferred Experience/Skills
- Must have strong interpersonal skills with the ability to interact with customer’s technical, non-technical easily and effectively, support, and business staff at all levels.
About Us
Diligent is the AI leader in governance, risk and compliance (GRC) SaaS solutions, helping more than 1 million users and 700,000 board members to clarify risk and elevate governance. The Diligent One Platform gives practitioners, the C-Suite and the board a consolidated view of their entire GRC practice so they can more effectively manage risk, build greater resilience and make better decisions, faster.
Learn more at diligent.com or follow us on LinkedIn and Facebook
What Diligent Offers You
- Creativity is ingrained in our culture. We are innovative collaborators by nature. We thrive in exploring how things can be differently both in our internal processes and to help our clients
- We care about our people. Diligent offers a flexible work environment, global days of service, comprehensive health benefits, meeting free days, generous time off policy and wellness programs to name a few
- We have teams all over the world. We may be headquartered in New York City, but we have office hubs in Washington D.C., Vancouver, London, Galway, Budapest, Munich, Bengaluru, Singapore, and Sydney.
- Diversity is important to us. Growing, maintaining and promoting a diverse team is a top priority for us. We foster and encourage diversity through our Employee Resource Groups and provide access to resources and education to support the education of our team, facilitate dialogue, and foster understanding.
Diligent created the modern governance movement. Our world-changing idea is to empower leaders with the technology, insights and connections they need to drive greater impact and accountability – to lead with purpose. Our employees are passionate, smart, and creative people who not only want to help build the software company of the future, but who want to make the world a more sustainable, equitable and better place.
Headquartered in New York, Diligent has offices in Washington D.C., London, Galway, Budapest, Vancouver, Bengaluru, Munich, Singapore and Sydney. To foster strong collaboration and connection, this role will follow a hybrid work model. If you are within a commuting distance to one of our Diligent office locations, you will be expected to work onsite at least 50% of the time. We believe that in-person engagement helps drive innovation, teamwork, and a strong sense of community.
We are a drug free workplace. Diligent is proud to be an equal opportunity employer. We do not discriminate based on race, color, religious creed, sex, national origin, ancestry, citizenship status, pregnancy, childbirth, physical disability, mental disability, age, military status, protected veteran status, marital status, registered domestic partner or civil union status, gender (including sex stereotyping and gender identity or expression), medical condition (including, but not limited to, cancer related or HIV/AIDS related), genetic information, or sexual orientation in accordance with applicable federal, state and local laws. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. See also Diligent's EEO Policy and Know Your Rights. We are committed to providing reasonable accommodations for qualified individuals with disabilities and disabled veterans in our job application procedures. If you need assistance or an accommodation due to a disability, you may contact us at recruitment@diligent.com.
To all recruitment agencies: Diligent does not accept unsolicited agency resumes. Please do not forward resumes to our jobs alias, Diligent employees or any other organization location. Diligent is not responsible for any fees related to unsolicited resumes.
Ready to apply?
Apply to Diligent Corporation
Trust & Safety Senior Associate, Information Security Ops
Share this job
We're transforming the grocery industry
At Instacart, we invite the world to share love through food because we believe everyone should have access to the food they love and more time to enjoy it together. Where others see a simple need for grocery delivery, we see exciting complexity and endless opportunity to serve the varied needs of our community. We work to deliver an essential service that customers rely on to get their groceries and household goods, while also offering safe and flexible earnings opportunities to Instacart Personal Shoppers.
Instacart has become a lifeline for millions of people, and we’re building the team to help push our shopping cart forward. If you’re ready to do the best work of your life, come join our table.
Instacart is a Flex First team
There’s no one-size fits all approach to how we do our best work. Our employees have the flexibility to choose where they do their best work—whether it’s from home, an office, or your favorite coffee shop—while staying connected and building community through regular in-person events. Learn more about our flexible approach to where we work.
Overview
About the Role
The InfoSec Ops Senior Associate will sit on Instacart’s InfoSec Ops team and report to the Trust & Safety manager over InfoSec Ops. You will collaborate cross-functionally with GRC, Security, Procurement, Legal, Engineering, and other stakeholders in this role. You must be able to operate independently and with a high degree of confidentiality.
About the Team
Instacart's Trust & Safety department takes data-driven, customer-first approaches to ensure we are compliant with all local, state, and federal regulations regarding grocery fulfillment. The InfoSec Ops team focuses on keeping Instacart’s data (and the systems it flows through) safe at scale, from vendor risk management to internal access controls and beyond.
About the Job
- The InfoSec Ops Senior Associate will handle a variety of operational and program management tasks related to data privacy and information security. You will be responsible for handling cadenced tasks (e.g., daily/weekly), high-priority escalations, and some program management responsibilities. You will also take ownership of privacy and security readiness efforts for high-visibility launches. You will be expected to manage competing priorities across several different subject matter areas.
- Your operational responsibilities will include:
- Evaluating vendors’ data collection practices and security postures; working with internal teams and vendor teams to understand the types of data each vendor would collect; communicating Instacart’s security and privacy requirements
- Tracking and reporting metrics on InfoSec Ops initiatives
- Assisting with large-scale audit readiness efforts
- Organizing, coordinating, and tracking cross-functional privacy and security projects involving multiple stakeholder teams
- Acting as the DRI representing Trust & Safety’s privacy and security operations teams in high-visibility company-wide initiatives, including expansions into new markets and product surfaces
- Your program management responsibilities will include:
- Building and maintaining workflow documentation
- Automating and monitoring recurring tasks using AI agents
- Proactively coming up with ideas to improve operational efficiency
- Identifying, tracking, and reporting success metrics
- We are looking for candidates with stellar written communication skills, business acumen, and a keen sense of situational awareness. You will need to navigate delicate situations with discretion and tact; as you develop in this role, you will be expected to understand when to under-communicate or over-communicate depending on the audience and situation.
- As a member of a small operational team supporting a program with company-wide impact, will take on project work to help the program continue to mature. You will surface ideas for projects and process improvements and drive them to fruition. You will be asked to take on data analysis tasks and metrics reporting.
About You
Minimum Qualifications
- 4+ years of experience within a Trust & Safety, risk, legal, or policy operations function, ideally one subject to legal, regulatory, or contractual obligations around sensitive data; 2+ years taking on elevated responsibilities within such an environment
- Demonstrated ability to navigate ambiguity and show leadership on complex, high-visibility operational workflows
- Track record of driving cross-functional projects to completion
- Familiarity with information security and data privacy concepts and vocabulary
- Stellar written and verbal communication skills, including the ability to convey complex privacy and security issues clearly to internal and external stakeholders
- Composure and precision when operating in time-sensitive or business-critical situations
- Working understanding of business metrics and reporting
Preferred Qualifications
- Professional experience related to information security and data privacy operations, esp. vendor risk management operations
- Familiarity with third party risk management frameworks
- CIPP/CIPM or SEC+ certification is a big plus
#LI-Remote
Instacart provides highly market-competitive compensation and benefits in each location where our employees work. This role is remote and the base pay range for a successful candidate is dependent on their permanent work location. Please review our Flex First remote work policy here. Currently, we are only hiring in the following provinces: Ontario, Alberta, British Columbia, and Nova Scotia.
Offers may vary based on many factors, such as candidate experience and skills required for the role. Additionally, this role is eligible for a new hire equity grant as well as annual refresh grants. Please read more about our benefits offerings here.
For Canadian based candidates, the base pay ranges for a successful candidate are listed below.
Ready to apply?
Apply to Instacart
Figma is growing our team of passionate creatives and builders on a mission to make design accessible to all. Figma’s platform helps teams bring ideas to life—whether you're brainstorming, creating a prototype, translating designs into code, or iterating with AI. From idea to product, Figma empowers teams to streamline workflows, move faster, and work together in real time from anywhere in the world. If you're excited to shape the future of design and collaboration, join us!
This is a unique opportunity to contribute to a high-quality SOX program while helping create something from the ground up: an IT risk management function and operational audit capability at one of the most recognized design companies in the world. The Manager of IT Internal Audit (Risk & Ops) will support Figma's IT SOX compliance program and, in partnership with the Head of Internal Audit, develop the IT risk management and risk-based operational audit workstreams. The right candidate brings compliance rigor and the intellectual curiosity to work in greenfield territory, where the playbook does not yet exist.
This is a full time role that can be held from one of our US hubs or remotely in the United States.
What you’ll do at Figma:
- Execute the IT SOX compliance program: ITGC and ITAC testing, deficiency management, remediation tracking, and SOX documentation. Coordinate with external auditors and co-sourced resources throughout the audit cycle.
- Provide technical support in the assessment, design, and implementation of IT General Controls and IT Application Controls in collaboration with GRC and IT management. Participate in system upgrades and implementations to ensure controls over financial reporting are adequately identified and addressed.
- Lead IT risk conversations with management and contribute to the IT risk register. Support the buildout of Figma's IT risk management program, including risk identification methodology, assessment frameworks, and leadership reporting.
- Contribute to risk updates for the Audit Committee and senior leadership as it relates to the IT risk landscape, including emerging technology risks such as cloud, SaaS, and AI.
- Develop a risk-based operational audit plan and implement audits across IT and business process areas, including where no prior year workpapers exist. Issue findings with risk ratings and actionable recommendations; track remediation to closure.
- Build audit programs from scratch, prepare clear and concise audit reports, and present findings and recommendations to senior leaders and cross-functional partners.
We'd love to hear from you if you have:
- 6+ years in IT audit, IT risk management, or a combination thereof
- IT SOX compliance experience with hands-on ownership of ITGCs, ITACs, and Segregation of Duties
- Experience performing operational or integrated audits, including in environments without established playbooks
- Knowledge of PCAOB/SEC requirements and audit frameworks, including CISA, CIA, or CISM certifications
- Ability to collaborate across Internal Audit and cross-functional teams (GRC, IT, Finance, Legal, Business Systems)
While not required, it’s an added plus if you also have:
- Experience supporting the development of a risk management program
- SaaS or fast-paced tech company experience
- Familiarity with GRC tools (AuditBoard, Workiva, ServiceNow GRC, or similar)
- Experience with data analytics tools (ACL, IDEA, or similar) for audit processes
- Cloud security knowledge and audit experience
Pay Transparency Disclosure
If based in Figma’s San Francisco or New York hub offices, this role has the annual base salary range stated below.
Job level and actual compensation will be decided based on factors including, but not limited to, individual qualifications objectively assessed during the interview process (including skills and prior relevant experience, potential impact, and scope of role), market demands, and specific work location. The listed range is a guideline, and the range for this role may be modified. For roles that are available to be filled remotely, the pay range is localized according to employee work location by a factor of between 80% and 100% of range. Please discuss your specific work location with your recruiter for more information.
Figma offers equity to employees, as well a competitive package of additional benefits, including health, dental & vision, retirement with company contribution, parental leave & reproductive or family planning support, mental health & wellness benefits, generous PTO, company recharge days, a learning & development stipend, a work from home stipend, and cell phone reimbursement. Figma also offers sales incentive pay for most sales roles and an annual bonus plan for eligible non-sales roles. Figma’s compensation and benefits are subject to change and may be modified in the future.
At Figma we celebrate and support our differences. We know employing a team rich in diverse thoughts, experiences, and opinions allows our employees, our product and our community to flourish. Figma is an equal opportunity workplace - we are dedicated to equal employment opportunities regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity/expression, veteran status, or any other characteristic protected by law. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements.
We will work to ensure individuals with disabilities are provided reasonable accommodation to apply for a role, participate in the interview process, perform essential job functions, and receive other benefits and privileges of employment. If you require accommodation, please reach out to accommodations-ext@figma.com. These modifications enable an individual with a disability to have an equal opportunity not only to get a job, but successfully perform their job tasks to the same extent as people without disabilities.
Examples of accommodations include but are not limited to:
- Holding interviews in an accessible location
- Enabling closed captioning on video conferencing
- Ensuring all written communication be compatible with screen readers
- Changing the mode or format of interviews
To ensure the integrity of our hiring process and facilitate a more personal connection, we require all candidates keep their cameras on during video interviews. Additionally, if hired you will be required to attend in person onboarding.
By applying for this job, the candidate acknowledges and agrees that any personal data contained in their application or supporting materials will be processed in accordance with Figma's Candidate Privacy Notice.
Ready to apply?
Apply to Figma
Senior Security Operations Engineer
Share this job
Why join us
Brex is the intelligent finance platform that enables companies to spend smarter and move faster in more than 200 markets. By combining global corporate cards and banking with intuitive spend management, bill pay, and travel software, Brex enables founders and finance teams to accelerate operations, gain real-time visibility, and control spend effortlessly. Brex’s AI-native automation and world-class service eliminate manual expense and accounting tasks for customers so they can focus on what matters most. Tens of thousands of the world's best companies run on Brex, including DoorDash, Coinbase, Robinhood, Zoom, Plaid, Reddit, and SeatGeek.
Working at Brex allows you to push your limits, challenge the status quo, and collaborate with some of the brightest minds in the industry. We’re committed to building a diverse team and inclusive culture and believe your potential should only be limited by how big you can dream. We make this a reality by empowering you with the tools, resources, and support you need to grow your career.
Engineering at Brex
Engineering at Brex is about building systems that scale with speed and intention. Our teams span Software, Data, Security, and IT, and operate with high autonomy and deep collaboration. We tackle hard technical problems, own our outcomes, and push for excellence at every level — from architecture to deployment. It’s an environment where engineering is a craft, and builders become leaders.
What you’ll do
As a Security Operations Engineer at Brex, you will focus on preventing, detecting and responding to security threats across Brex's corporate and cloud environments. You will use existing systems and develop tools to improve our security capabilities. Our team is responsible for functions across corporate security, detection & response and infrastructure security domains; and we perform systems engineering and automation to support those functions.
Security Operations is part of our wider Trust & IT organization which means you will have the opportunity to work closely with Application Security, Corporate Engineering, GRC and IT and to improve security configurations, drive positive employee behaviors and generally work to prevent events from becoming incidents. You will also help build and maintain our team’s open source project Substation and have the opportunity to contribute to the Brex Tech Blog. You’ll be part of a team that actively contributes to the wider security community and has a commitment to mentorship and engineering excellence.
We’re looking for individuals with a strong background and interest in detecting, responding to, and resolving security incidents and security challenges. You should be comfortable dealing with lots of moving pieces, changing priorities, and new technologies, while having a keen eye for detail. Most importantly, you should be enthusiastic about working with a variety of backgrounds, roles, and people across Brex. Building a world-class financial service requires world-class security.
Where you’ll work
This role will be based in our Vancouver office. We are a hybrid environment that combines the energy and connections of being in the office with the benefits and flexibility of working from home. We currently require a minimum of three coordinated days in the office per week, Monday, Wednesday and Thursday. As a perk, we also have up to four weeks per year of fully remote work!
Responsibilities
- Work on a highly cross-functional team to prevent, detect and respond to security threats across Brex's corporate and cloud environments
- Perform security incident response, investigation, remediation, and documentation, participate in periodic threat hunting and security exercises
- Leading, scoping and building features, participate in designing, and maintaining tools and systems which support the team’s domains – corporate security, detection & response and infrastructure security
- Collaborating and partnering with engineering and operations teams to drive remediation of security issues, while balancing prioritization of those security issues within SLA and teams’ respective backlogs
- Caring about secure system design, valuing building things correctly, an understanding of a MVP approach and an empathetic mindset when working with others
Requirements
- Bachelor’s degree in Computer Science, Engineering or related field OR equivalent training / fellowship OR 5+ years work experienceExperience working in a corporate security, detection & response or infrastructure security role with responsibilities for security alert triage and security incident response
- Familiarity with CI/CD systems and DevOps workflows (e.g. Buildkite, Flux, Git, Terraform) in cloud environments (e.g. AWS, Azure, GCP)
- Experience with deploying and maintaining some of the security services and tools owned by the team (e.g. - SIEM, data pipelines, SOAR, domain monitoring, endpoint tooling, email protection tooling, cloud security tools)
- While not primarily a development role, the team develops and maintains tools written in Go and Python, so experience with coding is required
- You thrive in a collaborative environment filled with a diverse group of people with different expertise and backgrounds. We currently have around 30 nationalities represented with more than ½ the company working in a country different from the one they grew up in.
Bonus points
- Proficiency with Go and other programming languages
- Experience with securing distributed systems in AWS, cloud and Kubernetes environments
- Contributions to the wider technical community (open source, public research, mentorship, community organizing, blogging, presentations, etc)
Compensation
The expected salary range for this role is $192,000 CAD - $240,000 CAD. However, the starting base pay will depend on a number of factors including the candidate’s location, skills, experience, market demands, and internal pay parity. Depending on the position offered, equity and other forms of compensation may be provided as part of a total compensation package.
Brex LLC is a wholly owned subsidiary of Capital One, N.A.
Please be aware, job-seekers may be at risk of targeting by malicious actors looking for personal data. Brex recruiters will only reach out via LinkedIn or email with a brex.com domain. Any outreach claiming to be from Brex via other sources should be ignored.
Ready to apply?
Apply to Brex
Director, Security & Infrastructure
Share this job
Company Description
Workleap is a Montreal-based tech company on a mission to make work simpler.
Since 2006, we’ve been building game-changing products that tackle HR and IT’s biggest challenges.
Workleap operates two distinct product lines:
- The Workleap Platform, an AI-powered HR solution designed to drive team performance and boost employee engagement.
- ShareGate, the leading Microsoft 365 migration and governance solution, trusted by IT professionals worldwide for its unmatched simplicity.
Today, more than 20,000 companies rely on Workleap products to grow, lead, and operate with confidence.
We’re builders at heart, with a clear purpose: to craft the simplest products that deliver exceptional value for our customers. Period.
Job Description
So, what will your new role look like?
As Director, Security & Infrastructure, your role is to create the conditions for product and engineering teams to move faster with confidence. You will lead the infrastructure, security operations, and governance, risk, and compliance functions across Workleap and ShareGate, ensuring our environment remains reliable, scalable, and secure as the organization evolves. You will play a key role in supporting Workleap’s shift toward a Full-Stack Builder model, where small teams own the full journey from insight to production. This means building a platform and security foundation that reduces friction, strengthens trust, and helps teams ship quickly without compromising reliability, security, or compliance.
Responsibilities:
- Improve platform reliability and scalability so product teams can ship with confidence across Workleap and ShareGate;
- Reduce security and compliance risk through guardrails embedded directly into delivery workflows;
- Increase engineering autonomy by reducing dependency on centralized infrastructure support;
- Increase system resilience and minimize service disruption through stronger observability, incident response, and proactive capacity planning;
- Elevate team impact and organizational leverage by building a high-performing infrastructure and security function;
- Improve executive decision-making with clear, business-relevant visibility into security, compliance, and risk posture.
What does your future team look like?
You will lead a platform-focused team spanning infrastructure, security operations, and GRC, supporting both Workleap and ShareGate. This team is evolving from a traditional support function into a platform enablement team, one that helps product teams move faster by providing reliable, secure, and easy-to-use foundations. Your role is to position this team as a force multiplier for engineering: reducing friction, increasing autonomy, and making security and infrastructure feel invisible to builder teams.
What are the next challenges awaiting your team?
Your mandate is clear: transform infrastructure and security into silent foundations, robust in the shadows, transparent in everyday use, so that product delivery is smooth and the entire company stands on solid ground.
In the next phase, the team must:
- Enable true self-service so teams can build, deploy, and scale independently;
- Embed security directly into delivery workflows, eliminating manual gates;
- Strengthen platform reliability to support faster and more frequent releases;
- Shift governance from static control to continuous, automated assurance.
Beyond the systems, the real challenge is cultural: turning infrastructure and security into enablers of speed, not constraints. Success means product teams can ship faster with confidence and never have to slow down for infrastructure or security.
Qualifications
- 8+ years of experience across infrastructure and security leadership in technology organizations;
- Experience leading technical teams through transformation in fast-paced, evolving organizations;
- Strong expertise in cloud-native environments such as Azure or GCP;
- Hands-on experience with Kubernetes, infrastructure as code, and platform automation;
- Deep understanding of security frameworks, such as SOC 2, NIST CSF, ISO 27001, and CIS Controls;
- Proven ability to build secure, scalable, high-availability environments for SaaS products;
- Strong ability to communicate risk, priorities, and tradeoffs to executive and board-level stakeholders;
- CISSP, CISM, or equivalent credentials are considered an asset;
- Based in Montreal, or able to travel there a few times per quarter.
Who we are
We’re a team of curious minds and bold builders, brought together by a shared drive to make work simpler - and better - for everyone. Challenges fuel our creativity, fast-paced environments keep us sharp, and pushing boundaries is just part of how we operate. We believe the best ideas come from experimentation, rapid learning, and even the occasional discomfort - that’s where growth happens.
Since 2006, we’ve been rethinking the way teams work, blending creativity and tech to solve real problems in IT and HR. We move quickly, we learn constantly, and we always keep our customers at the center of what we do. If you're a proactive thinker who takes ownership, loves to collaborate, and isn’t afraid to leap into the unknown - you’ll fit right in.
Additional Information
At Workleap, we build together, we trust each other, and we support each other in success or failure. You will be able to express yourself, evolve and develop your creativity in an environment that will adapt to your daily life and your needs.
We strive to create a healthy and inclusive work environment. This is everyone’s business.
Our Candidate Experience Flow at Workleap:
Phone Screen - Virtual Interview using Microsoft Teams - Work Sample - Job Offer
As a tech-forward company, we leverage AI tools to enhance our recruitment process, while ensuring all hiring decisions remain human-led.
We are looking forward to getting to know you!
By applying to this job, you are confirming that you have read and agree to the terms of our privacy policy.
#LI-Remote
Ready to apply?
Apply to Workleap - en
Directeur.rice, Sécurité & Infrastructure
Share this job
Description de l'entreprise
Workleap est une entreprise tech basée à Montréal avec comme mission de rendre le travail plus simple.
Depuis 2006, on bâtit des produits innovants qui aident les équipes RH et TI à relever leurs plus grands défis.
Workleap offre deux lignes de produits distinctes :
-
La plateforme Workleap, une solution RH propulsée par l’IA qui élève la performance des équipes et stimule l’engagement des employés.
-
ShareGate, le leader incontesté en migration et gouvernance Microsoft 365, reconnu par les professionnels TI du monde entier pour sa grande simplicité.
Aujourd’hui, c’est plus de 20 000 entreprises partout dans le monde qui comptent sur les produits Workleap pour croître, évoluer et opérer.
On est des bâtisseurs dans l’âme et ce qui nous passionne est clair : créer les produits les plus simples qui amènent de la valeur exceptionnelle à nos clients, un point c’est tout.
Description du poste
Concrètement, à quoi va ressembler ton poste ?
À titre de Directeur.rice, Sécurité & Infrastructure, ton rôle sera de créer les conditions qui permettent aux équipes produit et ingénierie d’avancer plus vite, avec confiance. Tu dirigeras les fonctions d’infrastructure, d’opérations de sécurité TI, ainsi que de gouvernance, de risque et conformité pour Workleap et ShareGate, en assurant un environnement fiable, évolutif et sécuritaire à mesure que l’organisation se transforme. Tu joueras un rôle clé dans l’évolution de Workleap vers un modèle Full-Stack Builder, où de petites équipes prennent en charge l’ensemble du cycle, de l’idée à la production. Cela implique de bâtir une fondation technologique et sécuritaire qui réduit la friction, renforce la confiance et aide les équipes à livrer rapidement, sans compromettre la fiabilité, la sécurité ou la conformité.
Responsabilités :
- Renforcer la fiabilité et l’évolutivité de la plateforme afin que les équipes produit puissent livrer avec confiance pour Workleap et ShareGate ;
- Réduire les risques en matière de sécurité et de conformité grâce à des garde-fous intégrés directement aux flux de livraison ;
- Accroître l’autonomie des équipes d’ingénierie en réduisant leur dépendance envers le soutien centralisé en infrastructure ;
- Accroître la résilience des systèmes et réduire les interruptions de service grâce à une meilleure observabilité, une gestion rigoureuse des incidents et une planification proactive ;
- Augmenter l’impact de l’équipe et sa valeur pour l’organisation en bâtissant une fonction infrastructure et sécurité hautement performante ;
- Améliorer la prise de décision des leaders grâce à une visibilité claire et pertinente sur la posture de sécurité, de conformité et de risque.
Qui est l’équipe que tu vas rejoindre ?
Tu dirigeras une équipe plateforme couvrant l’infrastructure, les opérations de sécurité et le GRC, en soutien à Workleap et ShareGate. L’équipe est en transition d’un rôle de support traditionnel vers une équipe d’activation plateforme, dont l’objectif est de permettre aux équipes produit d’avancer plus vite grâce à des fondations fiables, sécuritaires et simples à utiliser. Ton rôle est de positionner cette équipe comme un multiplicateur d’impact pour l’ingénierie : moins de friction, plus d’autonomie, et une infrastructure et une sécurité qui deviennent presque invisibles pour les équipes.
Quels sont les prochains défis qui attendent ton équipe ?
Ton mandat est clair : transformer l'infrastructure et la sécurité en fondations silencieuses, robustes dans l'ombre, transparentes au quotidien, pour que la livraison produit soit fluide et que toute la compagnie repose sur du solide.
Dans la prochaine phase, l’équipe devra :
- Permettre un véritable libre-service pour que les équipes puissent construire, déployer et évoluer de façon autonome ;
- Intégrer la sécurité directement dans les flux de livraison pour éliminer les étapes manuelles ;
- Renforcer la fiabilité de la plateforme afin de soutenir des livraisons plus rapides et plus fréquentes ;
- Faire évoluer la gouvernance vers un modèle continu et automatisé.
Au-delà de la technologie, le défi est aussi culturel : faire de l’infrastructure et de la sécurité des leviers de vitesse, et non des contraintes. Le succès se traduit par des équipes produit capables de livrer plus rapidement, avec confiance, sans être ralenties par l’infrastructure ou la sécurité.
Qualifications
- 8+ ans d’expérience en leadership en infrastructure et en sécurité dans des organisations technologiques ;
- Solide expertise des environnements infonuagiques comme Azure ou GCP ;
- Expérience concrète avec Kubernetes, l’infrastructure as code et l’automatisation de plateforme ;
- Excellente compréhension des cadres de sécurité comme SOC 2, NIST CSF, ISO 27001 et CIS Controls ;
- Expérience démontrée dans la création d’environnements SaaS sécuritaires, évolutifs et hautement disponibles ;
- Capacité à faire évoluer des équipes techniques dans des contextes de transformation rapides et changeants ;
- Forte aptitude à communiquer les risques, les priorités et les arbitrages à des parties prenantes exécutives et au conseil ;
- CISSP, CISM ou certification équivalente, un atout ;
- Basé.e à Montréal, ou en mesure de s’y déplacer quelques fois par trimestre.
Qui nous sommes
On est une équipe de curieux et de créateurs passionnés, rassemblés par le même objectif : rendre le travail plus simple - et meilleur - pour tout le monde. Les défis stimulent notre créativité, on carbure à l'intensité, et repousser les limites fait partie de notre ADN. On pense que les meilleures idées naissent de l’expérimentation, de l’apprentissage continu, et parfois même de l’inconfort—c’est comme ça qu’on évolue.
Depuis 2006, on réinvente la façon dont les équipes travaillent, en alliant créativité et technologie pour résoudre de vrais problèmes en TI et en RH. On avance vite, on apprend constamment, et on garde toujours nos clients au coeur de nos décisions. Si tu es une personne proactive, qui prend les choses en main, adore collaborer et n’a pas peur de plonger dans l’inconnu - tu trouveras parfaitement ta place parmi nous.
Informations supplémentaires
Chez Workleap, on bâtit ensemble, on se fait confiance et on se soutient, dans la réussite ou dans l'échec. Tu pourras t'exprimer, évoluer et développer ta créativité dans un environnement qui s'adaptera à ton quotidien et à tes besoins.
Nos aspirations sont de bâtir un environnement de travail sain et inclusif. Il s’agit là de l’affaire de tous et de toutes.
Notre processus Expérience Candidat chez Workleap :
Entrevue téléphonique - Entrevue virtuelle par Teams - Mise en situation - Offre d'emploi
En tant qu’entreprise technologique, nous utilisons l’IA pour optimiser le recrutement, tout en veillant à ce que toutes les décisions d’évaluation restent humaines.
On a hâte d'apprendre à te connaître !
En postulant à ce poste, tu confirmes avoir lu et être en accord avec notre politique de confidentialité.
#LI-Remote
Ready to apply?
Apply to Workleap - fr
Growth Marketing Manager, Field
Share this job
Position Overview
The Field Marketing Manager, Americas will own and scale the field marketing engine for a high-impact business unit, directly influencing pipeline growth, accelerating revenue, and shaping how we go to market across the region.
This is a highly visible role that blends strategy and execution. You’ll design and orchestrate integrated campaigns, events, webinars, and ABM programs; working side-by-side with Sales and cross-functional Marketing teams to turn ideas into measurable business outcomes.
If you’re equal parts strategist, operator, and innovator; and excited to leverage AI to unlock smarter, faster marketing - this role is for you.
Key Responsibilities
- Lead the development and execution of pod-level field marketing plans aligned to regional and business unit goals.
- Partner closely with Sales to identify and activate priority plays that progress opportunities through the funnel and into bookings.
- Build scalable field marketing programs and infrastructure, leveraging AI to improve efficiency, targeting and insights.
- Shape team-wide processes and workflows and provide day-to-day guidance and coaching to Field Marketing Specialists and Senior Specialists, exerting influence without formal authority.
- Strategy and Planning
- Own the field marketing strategy and annual plan for an assigned Americas pod or business unit, aligned to shared MQL, pipeline and bookings targets.
- Translate GTM plays and regional priorities into integrated field programs that pull the right marketing levers at the right time across the customer journey.
- Use data, insights and AI tools to seize opportunities, refine targeting, and continuously optimize program mix and investment.
- Campaigns, Events & ABM
- Design and execute multi-channel field campaigns, including events, webinars, ABM motions and localized programs that support both new logo and expansion goals.
- Own end-to-end delivery of field marketing activities — brief development, project management, enablement, execution and debriefs — with extreme attention to detail and operational rigor.
- Partner with Demand Generation, Product Marketing, Brand, and Corporate Events to ensure Americas field programs are on-brand, on-message and coordinated across channels.
- Sales & Cross-Functional Partnership
- Build strong, trust-based relationships with Sales leaders and AEs in the assigned pod/region; act as the primary marketing counterpart for planning and performance reviews.
- Align on coverage models, territories, key accounts and follow-up expectations with BDR/SDR teams; ensure smooth handoffs from MQL to opportunity and into bookings.
- Collaborate with other Field Marketing Managers across Americas to share best practices, standardize processes and identify opportunities to scale what works.
- AI-Enabled Execution & Innovation
- Champion the use of AI across field marketing workflows — from audience and target account list refinement to content creation, testing and reporting — to increase throughput and impact.
- Pilot new AI-driven tactics in partnership with Brand, Content and Demand Generation, and document learnings to inform broader adoption.
- Measurement, Reporting & Optimization
- Own pod-level field targets and KPIs; track and report on MQLs, opportunities, pipeline and bookings influenced by field programs, as well as marketing ROI.
- Build regular performance readouts for Sales and Marketing leadership, surfacing insights, risks and recommended optimizations.
- Use data to identify gaps in the funnel, propose corrective actions, and test alternative approaches to unlock growth.
Required Experience/Skills
- 5+ years of B2B SaaS field marketing or closely related experience (e.g., growth, revenue, campaign marketing), with a track record of driving pipeline and bookings with Sales.
- Deep experience building and executing integrated field programs across tactics such as events, webinars, ABM and partner campaigns.
- Demonstrable capability with AI tools, with real use cases that improve operational excellence, visibility and speed-to-impact in marketing programs.
- Motivated self-starter with a “get stuff done” mindset and the ability to set priorities, manage multiple projects and hit deadlines with limited oversight.
- Strong interpersonal and communication skills (written and verbal), including comfort presenting to and influencing senior Marketing and Sales leaders.
- Proven ability to partner and develop strong relationships across all levels of a complex, matrixed commercial organization.
- Highly organized, process-driven operator with strong project management skills and extreme attention to detail.
- Commercial, strategic and data-driven mindset; uses data and reporting to make decisions, optimize plans and demonstrate impact against regional growth goals.
- Proficiency with core marketing and productivity tools (e.g., Salesforce, Marketo, Wrike, Microsoft Office Suite) and comfort adopting new AI-powered technologies.
- Familiarity with the GRC space and experience working in a complex matrixed organization are strong pluses.
About Us
Diligent is the AI leader in governance, risk and compliance (GRC) SaaS solutions, helping more than 1 million users and 700,000 board members to clarify risk and elevate governance. The Diligent One Platform gives practitioners, the C-Suite and the board a consolidated view of their entire GRC practice so they can more effectively manage risk, build greater resilience and make better decisions, faster.
Learn more at diligent.com or follow us on LinkedIn and Facebook
What Diligent Offers You
- Creativity is ingrained in our culture. We are innovative collaborators by nature. We thrive in exploring how things can be differently both in our internal processes and to help our clients
- We care about our people. Diligent offers a flexible work environment, global days of service, comprehensive health benefits, meeting free days, generous time off policy and wellness programs to name a few
- We have teams all over the world. We may be headquartered in New York City, but we have office hubs in Washington D.C., Vancouver, London, Galway, Budapest, Munich, Bengaluru, Singapore, and Sydney.
- Diversity is important to us. Growing, maintaining and promoting a diverse team is a top priority for us. We foster and encourage diversity through our Employee Resource Groups and provide access to resources and education to support the education of our team, facilitate dialogue, and foster understanding.
Diligent created the modern governance movement. Our world-changing idea is to empower leaders with the technology, insights and connections they need to drive greater impact and accountability – to lead with purpose. Our employees are passionate, smart, and creative people who not only want to help build the software company of the future, but who want to make the world a more sustainable, equitable and better place.
Headquartered in New York, Diligent has offices in Washington D.C., London, Galway, Budapest, Vancouver, Bengaluru, Munich, Singapore and Sydney. To foster strong collaboration and connection, this role will follow a hybrid work model. If you are within a commuting distance to one of our Diligent office locations, you will be expected to work onsite at least 50% of the time. We believe that in-person engagement helps drive innovation, teamwork, and a strong sense of community.
We are a drug free workplace. Diligent is proud to be an equal opportunity employer. We do not discriminate based on race, color, religious creed, sex, national origin, ancestry, citizenship status, pregnancy, childbirth, physical disability, mental disability, age, military status, protected veteran status, marital status, registered domestic partner or civil union status, gender (including sex stereotyping and gender identity or expression), medical condition (including, but not limited to, cancer related or HIV/AIDS related), genetic information, or sexual orientation in accordance with applicable federal, state and local laws. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. See also Diligent's EEO Policy and Know Your Rights. We are committed to providing reasonable accommodations for qualified individuals with disabilities and disabled veterans in our job application procedures. If you need assistance or an accommodation due to a disability, you may contact us at recruitment@diligent.com.
To all recruitment agencies: Diligent does not accept unsolicited agency resumes. Please do not forward resumes to our jobs alias, Diligent employees or any other organization location. Diligent is not responsible for any fees related to unsolicited resumes.
Ready to apply?
Apply to Diligent Corporation
Director, AI Software Engineering
Share this job
Overview
We are seeking a hands-on Director of AI Software Engineering to lead and scale AI engineering efforts supporting multiple business units across Governance, Risk, and Compliance (GRC). This role sits at the intersection of product delivery, platform evolution, and applied AI—driving real-world impact across core workflows.
This is not a pure management role. We are looking for a builder who leads from the front, someone who has recently written production code, shipped systems end-to-end, and can operate comfortably in ambiguity while aligning teams and stakeholders.
What You’ll Do
Lead AI Engineering Across GRC
Own delivery of AI-powered capabilities embedded directly into business unit workflows (e.g., risk analysis, compliance automation, reporting, due diligence)
Partner with product, data, and platform teams to translate business problems into scalable AI systems
Stay Hands-On
- Contribute to architecture, code reviews, and critical path implementation
- Prototype and validate new approaches (LLMs, agents, retrieval systems, classification pipelines, etc.)
- Set engineering standards for performance, reliability, and cost efficiency
Build and Scale Teams
- Lead and mentor a high-performing team of AI/ML and software engineers
- Drive hiring, coaching, and career development
- Establish a culture of ownership, speed, and technical excellence
Drive Execution
- Deliver production-grade systems—not experiments
- Balance speed with rigor (security, privacy, compliance)
- Operate across multiple concurrent initiatives with clear prioritization
Communicate and Influence
- Act as a bridge between engineering and business stakeholders
- Clearly articulate trade-offs, risks, and outcomes to senior leadership
- Align cross-functional teams around shared goals and timelines
What We’re Looking For
Proven Builder
- 10+ years in software engineering, with recent hands-on coding experience
- Demonstrated track record of shipping production systems at scale
- Experience with modern AI/ML systems (LLMs, NLP, search, or data platforms)
Technical Depth
- Strong backend engineering skills (e.g., Python, Java, or similar)
- Experience with distributed systems, APIs, and cloud platforms (AWS/GCP/Azure)
- Familiarity with modern AI stacks (e.g., vector search, embeddings, model serving, agent frameworks)
Leadership with Credibility
- Experience leading engineering teams while remaining technically engaged
- Ability to earn trust with senior engineers and challenge them constructively
Strong Communicator
- Can simplify complex technical concepts for non-technical stakeholders
- Comfortable operating at both executive and implementation levels
Execution-Oriented
- Bias for action; thrives in fast-moving, ambiguous environments
- Focused on delivering measurable business impact—not just technical output
Nice to Have
- Experience in GRC, fintech, or regulated environments
- Exposure to FedRAMP or similar compliance frameworks
- Background in building AI-powered products (not just research)
Why This Role
- Direct influence on how AI transforms core GRC workflows
- Opportunity to define and scale AI-native systems across the platform
- High visibility with senior leadership and business stakeholders
- Build real products used by customers, not internal experiments
About Us
Diligent is the AI leader in governance, risk and compliance (GRC) SaaS solutions, helping more than 1 million users and 700,000 board members to clarify risk and elevate governance. The Diligent One Platform gives practitioners, the C-Suite and the board a consolidated view of their entire GRC practice so they can more effectively manage risk, build greater resilience and make better decisions, faster.
Learn more at diligent.com or follow us on LinkedIn and Facebook
What Diligent Offers You
- Creativity is ingrained in our culture. We are innovative collaborators by nature. We thrive in exploring how things can be differently both in our internal processes and to help our clients
- We care about our people. Diligent offers a flexible work environment, global days of service, comprehensive health benefits, meeting free days, generous time off policy and wellness programs to name a few
- We have teams all over the world. We may be headquartered in New York City, but we have office hubs in Washington D.C., Vancouver, London, Galway, Budapest, Munich, Bengaluru, Singapore, and Sydney.
- Diversity is important to us. Growing, maintaining and promoting a diverse team is a top priority for us. We foster and encourage diversity through our Employee Resource Groups and provide access to resources and education to support the education of our team, facilitate dialogue, and foster understanding.
Diligent created the modern governance movement. Our world-changing idea is to empower leaders with the technology, insights and connections they need to drive greater impact and accountability – to lead with purpose. Our employees are passionate, smart, and creative people who not only want to help build the software company of the future, but who want to make the world a more sustainable, equitable and better place.
Headquartered in New York, Diligent has offices in Washington D.C., London, Galway, Budapest, Vancouver, Bengaluru, Munich, Singapore and Sydney. To foster strong collaboration and connection, this role will follow a hybrid work model. If you are within a commuting distance to one of our Diligent office locations, you will be expected to work onsite at least 50% of the time. We believe that in-person engagement helps drive innovation, teamwork, and a strong sense of community.
We are a drug free workplace. Diligent is proud to be an equal opportunity employer. We do not discriminate based on race, color, religious creed, sex, national origin, ancestry, citizenship status, pregnancy, childbirth, physical disability, mental disability, age, military status, protected veteran status, marital status, registered domestic partner or civil union status, gender (including sex stereotyping and gender identity or expression), medical condition (including, but not limited to, cancer related or HIV/AIDS related), genetic information, or sexual orientation in accordance with applicable federal, state and local laws. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. See also Diligent's EEO Policy and Know Your Rights. We are committed to providing reasonable accommodations for qualified individuals with disabilities and disabled veterans in our job application procedures. If you need assistance or an accommodation due to a disability, you may contact us at recruitment@diligent.com.
To all recruitment agencies: Diligent does not accept unsolicited agency resumes. Please do not forward resumes to our jobs alias, Diligent employees or any other organization location. Diligent is not responsible for any fees related to unsolicited resumes.
Ready to apply?
Apply to Diligent Corporation
Solutions Sales Executive II
Share this job
Position Overview:
The Solutions Sales Specialist II will play an instrumental role in driving revenue growth for Diligent for existing and new accounts for Diligents’ solutions. This position will collaborate with Sales stakeholders to develop pipeline through prospecting, performing inbound and outbound activity to generate pipeline for team members and assumes a quota within a territory to close business.
This position will require a commercially astute individual that is confident in showcasing our offerings in a compelling way to customers by uncovering how the customer requirements map to our products as part of the Diligent One Platform. With a proven track record of success, the Solutions Sales Specialist II embodies our culture and values and has demonstrated experience collaborating with stakeholders to realize shared goals.
Key Responsibilities
- Prospect new leads in addition to supplementing inbound leads to build pipeline.
- Develop an expert knowledge of Diligent’s specialist GRC SaaS solution with a focus on multiple products within the Diligent portfolio.
- Adopt a ‘solutions’ selling approach, rather than a features and functionality sales approach.
- Effectively manage the end-to-end sales cycle from opportunity to deal close using MEDDICC sales methodology.
- Utilize sales tools such as Salesforce.com, SalesLoft, LinkedIn Sales Navigator, Zoom, Gong.io to prospect new leads, schedule initial meetings, increase win rates and generate bookings.
- Accurately maintain SFDC records, forecast and report out on projected bookings, deals closed etc. on a regular basis.
- Develop an expert knowledge of Diligent’s specialist GRC SaaS solution with a focus on multiple products within the Diligent portfolio specifically with Entity Management
Required Experience/Skills:
- 7-10 years of experience
- Proven track record of success in account management and achieving revenue targets within the technology or GRC industry.
- Ability to build and maintain relationships with diverse stakeholders at different levels of the organization.
- Continuous learning, including a desire to develop knowledge and expertise in internal products, external industry trends and the customer landscape.
- Strong communication, presentation and influencing skills.
- A high level of curiosity and empathy with the ability to understand a potential customer's context, issues and pain points through effective questioning and listening.
- Self-motivated, results-driven, and ability to work in a fast-paced and dynamic environment.
About Us
Diligent is the AI leader in governance, risk and compliance (GRC) SaaS solutions, helping more than 1 million users and 700,000 board members to clarify risk and elevate governance. The Diligent One Platform gives practitioners, the C-Suite and the board a consolidated view of their entire GRC practice so they can more effectively manage risk, build greater resilience and make better decisions, faster.
Learn more at diligent.com or follow us on LinkedIn and Facebook
What Diligent Offers You
- Creativity is ingrained in our culture. We are innovative collaborators by nature. We thrive in exploring how things can be differently both in our internal processes and to help our clients
- We care about our people. Diligent offers a flexible work environment, global days of service, comprehensive health benefits, meeting free days, generous time off policy and wellness programs to name a few
- We have teams all over the world. We may be headquartered in New York City, but we have office hubs in Washington D.C., Vancouver, London, Galway, Budapest, Munich, Bengaluru, Singapore, and Sydney.
- Diversity is important to us. Growing, maintaining and promoting a diverse team is a top priority for us. We foster and encourage diversity through our Employee Resource Groups and provide access to resources and education to support the education of our team, facilitate dialogue, and foster understanding.
Diligent created the modern governance movement. Our world-changing idea is to empower leaders with the technology, insights and connections they need to drive greater impact and accountability – to lead with purpose. Our employees are passionate, smart, and creative people who not only want to help build the software company of the future, but who want to make the world a more sustainable, equitable and better place.
Headquartered in New York, Diligent has offices in Washington D.C., London, Galway, Budapest, Vancouver, Bengaluru, Munich, Singapore and Sydney. To foster strong collaboration and connection, this role will follow a hybrid work model. If you are within a commuting distance to one of our Diligent office locations, you will be expected to work onsite at least 50% of the time. We believe that in-person engagement helps drive innovation, teamwork, and a strong sense of community.
We are a drug free workplace. Diligent is proud to be an equal opportunity employer. We do not discriminate based on race, color, religious creed, sex, national origin, ancestry, citizenship status, pregnancy, childbirth, physical disability, mental disability, age, military status, protected veteran status, marital status, registered domestic partner or civil union status, gender (including sex stereotyping and gender identity or expression), medical condition (including, but not limited to, cancer related or HIV/AIDS related), genetic information, or sexual orientation in accordance with applicable federal, state and local laws. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. See also Diligent's EEO Policy and Know Your Rights. We are committed to providing reasonable accommodations for qualified individuals with disabilities and disabled veterans in our job application procedures. If you need assistance or an accommodation due to a disability, you may contact us at recruitment@diligent.com.
To all recruitment agencies: Diligent does not accept unsolicited agency resumes. Please do not forward resumes to our jobs alias, Diligent employees or any other organization location. Diligent is not responsible for any fees related to unsolicited resumes.
Ready to apply?
Apply to Diligent Corporation
Cybersecurity GRC Manager
Share this job
Cerebras Systems builds the world's largest AI chip, 56 times larger than GPUs. Our novel wafer-scale architecture provides the AI compute power of dozens of GPUs on a single chip, with the programming simplicity of a single device. This approach allows Cerebras to deliver industry-leading training and inference speeds and empowers machine learning users to effortlessly run large-scale ML applications, without the hassle of managing hundreds of GPUs or TPUs.
Cerebras' current customers include top model labs, global enterprises, and cutting-edge AI-native startups. OpenAI recently announced a multi-year partnership with Cerebras, to deploy 750 megawatts of scale, transforming key workloads with ultra high-speed inference.
Thanks to the groundbreaking wafer-scale architecture, Cerebras Inference offers the fastest Generative AI inference solution in the world, over 10 times faster than GPU-based hyperscale cloud inference services. This order of magnitude increase in speed is transforming the user experience of AI applications, unlocking real-time iteration and increasing intelligence via additional agentic computation.
About The Role
The Cybersecurity GRC Manager is accountable for maturing and scaling engineering-driven governance, risk, and compliance programs that support the security, privacy, and regulatory-compliant posture of the organization. The ideal candidate will bring a unique blend of deep technical security acumen and GRC expertise, enabling the creation of GRC workflows that are measurable, automated, and resilient. This is a strategic, cross-functional, and customer-facing role reporting to the Director of Governance, Risk, & Compliance.
A successful candidate will have a comprehensive understanding of cybersecurity and privacy industry frameworks (e.g., NIST, ISO, SOC 2, CCPA, GDPR, HIPAA). They will be responsible for transforming governance, risk, and compliance practices into proactive, testable capabilities using automation, continuous auditing, and AI-driven solutions.
Proficiency with AI tools (LLMs, prompt engineering, generative‑AI workflows) is a core requirement – you’ll use AI to streamline GRC workflow creation and implementation, evidence generation, and security risk mitigation. Experience with designing and implementing autonomous “agentic AI” solutions is preferred.
Responsibilities
- Drive a compliance operating model that includes automated control testing, self-service reporting, and AI-enhanced risk analysis. Implement continuous control monitoring and evidence collection pipelines integrated into cloud-native and on-prem environments.
- Partner with engineering and product teams to define and codify security and compliance requirements as part of the SDLC. Introduce automated security/compliance tests into CI/CD pipelines to support shift-left practices.
- Use generative AI for compliance gap detection, policy mapping, risk triaging, and customer assurance functions.
- Oversee security and privacy assurance activities and assessments, internal/external audits, and attestation/certification initiatives (e.g., SOC 2, ISO 27001). Lead internal readiness for third-party audits and external assessments and maintain ongoing compliance posture.
- Utilize automation and GRC platforms to optimize gathering and maintenance of audit readiness documentation and audit evidence.
- Utilize AI-driven solutions to manage the organization’s responses to customers’ and partners’ cybersecurity requests (e.g. information security questionnaires).
- Enhance and execute third-party security risk management practices, including inherent / residual security risk assessment, vendor / supplier security due diligence reviews, vendor / supplier inventory management, ongoing security monitoring, and risk reporting.
- Build and maintain enterprise-level risk registers; facilitate and monitor security risk acceptance processes; design and maintain security risk measurement and monitoring including risk reporting.
- Grow and expand cybersecurity guidance through development and maintenance of cybersecurity policies, standards, and procedures.
- Manage security awareness programs through administration of regular security trainings, phishing simulations, and corporate communications.
Skills And Qualifications
Required Experience
- Bachelor’s degree in computer science, Cybersecurity, or related engineering field; advanced degree preferred.
- Minimum 5 years of progressive experience in cybersecurity, security engineering, and/or risk management.
- Proven success managing compliance programs in cloud-native, SaaS/PaaS environments with high automation maturity.
- Demonstrated ability to manage customer-facing compliance engagements and audit preparation.
Technical and Domain Expertise
- Deep knowledge of, and experience working with, industry frameworks (NIST SP800-53, ISO 27001, SOC 2, CCPA, GDPR, HIPAA).
- Strong familiarity with AI/ML usage in security programs and risk analysis.
- Experience implementing and administering GRC tools/platforms.
- Proficiency in cloud security, AI security, secure development / DevSecOps practices, and infrastructure-as-code (IaC) security tooling.
- Experience implementing automated compliance and control validation pipelines.
Soft Skills
- Excellent communication, stakeholder management, and executive reporting skills.
- Ability to influence cross-functional teams and operate in fast-paced, high-growth environments.
- Strong analytical, critical thinking, and decision-making capabilities.
Why Join Cerebras
People who are serious about software make their own hardware. At Cerebras we have built a breakthrough architecture that is unlocking new opportunities for the AI industry. With dozens of model releases and rapid growth, we’ve reached an inflection point in our business. Members of our team tell us there are five main reasons they joined Cerebras:
- Build a breakthrough AI platform beyond the constraints of the GPU.
- Publish and open source their cutting-edge AI research.
- Work on one of the fastest AI supercomputers in the world.
- Enjoy job stability with startup vitality.
- Our simple, non-corporate work culture that respects individual beliefs.
Read our blog: Five Reasons to Join Cerebras in 2026.
Apply today and become part of the forefront of groundbreaking advancements in AI!
Cerebras Systems is committed to creating an equal and diverse environment and is proud to be an equal opportunity employer. We celebrate different backgrounds, perspectives, and skills. We believe inclusive teams build better products and companies. We try every day to build a work environment that empowers people to do their best work through continuous learning, growth and support of those around them.
This website or its third-party tools process personal data. For more details, click here to review our CCPA disclosure notice.
Ready to apply?
Apply to Cerebras Systems
Solutions Engineer
Share this job
Position Overview
As a Solutions Engineer at Diligent, you will partner closely with Sales to help organizations understand how our platform can transform the way they mitigate risk, perform audits, and operationalize compliance. You’ll independently lead the SE workstream on small to mid-sized opportunities, while partnering with more senior Solutions Engineers on complex, multi-pillar deals, acting as a trusted partner to customer stakeholders and helping translate Ethics & Compliance and broader GRC challenges into clear, compelling solutions that drive business value.
If you enjoy combining domain expertise, storytelling, solution design, and customer interaction and are looking to build your career in a commercial, customer-facing environment, this is a strong next step.
Key Responsibilities
Customer & Commercial Partnership
- Partner with Sales to lead the full pre-sales lifecycle for small to mid-sized opportunities, helping customers understand how Diligent solves real-world compliance challenges.
- Deliver independent, well-prepared, tailored software demonstrations that clearly articulate business value, while seeking coaching and feedback from senior team members for continuous improvement.
- Engage confidently with stakeholders across Legal, Ethics & Compliance, Governance, Risk & Audit teams, owning day-to-day customer conversations and escalating to senior SEs for high-risk or complex topics as needed.
- Translate customer pain points into clear solution narratives, including outcomes and success criteria, to support deal progression and closure.
- Own the technical win for small to mid-sized opportunities, and contribute to the technical strategy on larger, multi-stakeholder deals in partnership with senior SEs.
Solution Design & Thought Leadership
- Design and present solution architectures that align with customer objectives and regulatory environments.
- Articulate the cross-platform value of the Diligent One Platform and how it supports integrated Governance, Risk and Compliance (GRC) programs.
- Collaborate with Product teams by capturing and relaying customer and domain feedback on product enhancements.
- Independently run structured discovery sessions for your own opportunities, mapping requirements to Diligent solutions, defining POC/sandbox success criteria, and ensuring proposed solutions are implementation-ready, with guidance from senior SEs where needed.
- Co-lead selected marketing initiatives such as webinars, industry events, and thought-leadership content.
Domain Expertise
- Apply a solid working knowledge of compliance and governance concepts in customer discussions to frame challenges and guide solution design, with mentorship from senior SEs as you deepen your expertise.
- Maintain working familiarity with key regulatory and industry frameworks such as GDPR/CCPA, SOC 2, ISO, NIST, EU Directives (Whistleblower, AI, etc.), ABAC/AML, LkSG, as well as other relevant industry regulations.
- Build knowledge of core compliance functions, including Ethics & Compliance Programs, Policy & Training, Third-Party Risk Management, and Entity & Subsidiary Management.
Technical & Integration Fluency
- Maintain a strong working understanding of the Diligent platform, including core workflows, configuration options, reporting, and common integrations.
- Configure and maintain demo and sandbox environments, ensuring they reflect current product capabilities and common customer use cases.
- Confidently whiteboard end-to-end solution flows, data movements, and high-level architectures with both business and technical audiences, engaging senior SEs for deeper architectural or cross-pillar discussions.
Required Skills/Experience
- 1–3 years of experience in Ethics & Compliance, GRC, Legal (Corporate Compliance), or a related field, either in a customer-facing role or within industry.
- Experience working with SaaS solutions, including demonstrated experience independently delivering demos or evaluations for at least one solution area, or a strong track record of quickly ramping on new SaaS platforms.
- Strong presentation and communication skills, with the ability to simplify complex topics for non-technical audiences.
- Comfortable partnering with Sales and contributing to commercial outcomes as part of a broader account team.
- Curious, self-driven, and motivated to continuously deepen both technical and domain knowledge, with a growth mindset and openness to coaching and feedback.
About Us
Diligent is the AI leader in governance, risk and compliance (GRC) SaaS solutions, helping more than 1 million users and 700,000 board members to clarify risk and elevate governance. The Diligent One Platform gives practitioners, the C-Suite and the board a consolidated view of their entire GRC practice so they can more effectively manage risk, build greater resilience and make better decisions, faster.
Learn more at diligent.com or follow us on LinkedIn and Facebook
What Diligent Offers You
- Creativity is ingrained in our culture. We are innovative collaborators by nature. We thrive in exploring how things can be differently both in our internal processes and to help our clients
- We care about our people. Diligent offers a flexible work environment, global days of service, comprehensive health benefits, meeting free days, generous time off policy and wellness programs to name a few
- We have teams all over the world. We may be headquartered in New York City, but we have office hubs in Washington D.C., Vancouver, London, Galway, Budapest, Munich, Bengaluru, Singapore, and Sydney.
- Diversity is important to us. Growing, maintaining and promoting a diverse team is a top priority for us. We foster and encourage diversity through our Employee Resource Groups and provide access to resources and education to support the education of our team, facilitate dialogue, and foster understanding.
Diligent created the modern governance movement. Our world-changing idea is to empower leaders with the technology, insights and connections they need to drive greater impact and accountability – to lead with purpose. Our employees are passionate, smart, and creative people who not only want to help build the software company of the future, but who want to make the world a more sustainable, equitable and better place.
Headquartered in New York, Diligent has offices in Washington D.C., London, Galway, Budapest, Vancouver, Bengaluru, Munich, Singapore and Sydney. To foster strong collaboration and connection, this role will follow a hybrid work model. If you are within a commuting distance to one of our Diligent office locations, you will be expected to work onsite at least 50% of the time. We believe that in-person engagement helps drive innovation, teamwork, and a strong sense of community.
We are a drug free workplace. Diligent is proud to be an equal opportunity employer. We do not discriminate based on race, color, religious creed, sex, national origin, ancestry, citizenship status, pregnancy, childbirth, physical disability, mental disability, age, military status, protected veteran status, marital status, registered domestic partner or civil union status, gender (including sex stereotyping and gender identity or expression), medical condition (including, but not limited to, cancer related or HIV/AIDS related), genetic information, or sexual orientation in accordance with applicable federal, state and local laws. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. See also Diligent's EEO Policy and Know Your Rights. We are committed to providing reasonable accommodations for qualified individuals with disabilities and disabled veterans in our job application procedures. If you need assistance or an accommodation due to a disability, you may contact us at recruitment@diligent.com.
To all recruitment agencies: Diligent does not accept unsolicited agency resumes. Please do not forward resumes to our jobs alias, Diligent employees or any other organization location. Diligent is not responsible for any fees related to unsolicited resumes.
Ready to apply?
Apply to Diligent Corporation
Staff Product Manager
Share this job
Hyperproof is hiring a Staff Product Manager to join our strong and growing team.
About us
Hyperproof is on a mission to transform the Governance, Risk, and Compliance (GRC) world with a powerful new software platform. With Hyperproof, companies can save time and money while also operating their programs at a much higher level of effectiveness and accountability. We envision a world where organizations we depend on are truly trustworthy - and Hyperproof is the platform that will get them there.
We have a great team and culture - picture yourself in a highly collaborative startup environment where you can make a real impact on something truly important. It’s an exciting time to be at Hyperproof; we raised our Series B round in 2023, validating our teamwork and company vision, and we continue to grow rapidly.
What you’ll do
In this role, you will work on scaling and building new features to meet growing demands in the GRC space. You will be responsible for ensuring seamless integration, and you will be empowered with the autonomy needed to drive successful outcomes and elevate the product’s value in collaborative environments. A key focus of this role is driving the development and enhancement of AI-powered features that meaningfully improve customer outcomes.
You’ll own the strategy, roadmap, and delivery of AI-driven features and enhancements which will achieve key customer outcomes in a dynamic environment in a fast evolving landscape. You’ll collaborate with key stakeholders, including customers, engineering, and design teams, to understand market needs, customer requirements, and integration opportunities.
- You’ll conduct in-depth market research and analysis to identify emerging trends, industry standards, and customer demands.
- You’ll monitor and analyze metrics, usage data, and customer feedback to identify areas for product improvement and build quick functional prototypes to validate new product ideas and improvements.
- You’ll represent Hyperproof as a subject matter expert in GRC in industry events and discussions.
- You’ll continuously act as the champion of our users and customers to ensure their needs are always a top priority!
HOW YOU’LL KNOW YOU ARE SUCCESSFUL
- Hundreds of companies, including well-known Fortune 500 customers, will use your feature to become more efficient and trustworthy
- Customers will post rave reviews on G2 mentioning your feature
- You will understand our customers' and partners' highly challenging needs and problems
- You will create insightful solutions that land well with customers.
- You will identify new areas of opportunity and propose new ways of approaching and solving problems.
- You will be a valuable team player who wants to grow and support others.
WHAT YOU’LL BRING
- 7+ years of experience in a product role and have scaled a product to enterprise customers
- Bachelor's degree in Computer Science, Engineering, Business, or a related field (or equivalent practical experience).
- Excellent communication skills - the ability to build alignment and clarity across both technical and non-technical audiences, including internal teams and customers/partners
- Demonstrated ability to gather and analyze customer feedback, market trends, and business requirements to inform product strategy and decision-making.
- Excellent communication skills with the ability to effectively collaborate with cross-functional teams, stakeholders, and customers.
- Strong problem-solving and analytical skills, with a data-driven and detail-oriented approach.
- Passion for delivering exceptional user experiences and customer value through integration solutions.
- Ability to thrive in a fast-paced, agile environment and manage multiple priorities simultaneously.
- Curiosity - someone who delves deep into the details to understand the root cause of problems, unexpected user behavior, etc.
- Team player - people around you do better work because of your enthusiasm, openness, and willingness to help out
Note: you must be currently authorized to work in the United States on a full-time basis.
WHAT WILL BE THE PLUS
- You have experience in the governance, risk, and compliance (GRC) or cybersecurity domain.
You have shipped AI enabled products in production
LOCATION
- We are a fully remote company! Rather than restrict ourselves to only finding talent in one city, we’d rather find the absolute best people regardless of where they live.
CANDIDATE EXPERIENCE
We respect your time and want to provide clarity on what to anticipate. For this interview process, we anticipate:
- A 30-minute initial chat with the People and Talent Partner
- 60 minute interview with the Hiring Manager
- An assessment round with closest business partners
- Individual conversations with 2-3 closest collaborators
WHERE YOU’LL GO
- Hyperproof also loves to see an internal transfer. If a linear career path is not what you’re looking for, you can work with your manager and our people team to explore lateral moves to other parts of the organization as you continue to grow with us.
WHAT WE OFFER TO OUR EMPLOYEES
Please note: Benefits listed below are for employees in the United States; contractor roles or international positions may differ
- Annual compensation reviews + equity
- Unlimited PTO: strongly encouraged to unplug and recharge
- Health: coverage for medical, dental, and vision - employee and dependents
- 401K, which vests immediately, complete with a 4% company match
- 12 weeks of Parental leave and 1 year free diapers and wipes with Honest
- Annual company in-person events and quarterly in-person connects
- $500 home office stipend - at the time of hire. Any additional home office needs are requested as needed.
- $100 quarterly paid wellness stipend
- Pet insurance discount
- Slack channel notifications turn off after 5 pm based on your time zone
- Two Hypercharge weeks of rest where we close company-wide (July & Dec)
It’s an exciting time to be at Hyperproof — we recently raised $40 million in our Series B financing, further cementing Hyperproof as the emerging leader in the risk and compliance management space.
At Hyperproof’s core are our passionate team members who focus on user experience, beautiful design, and evangelize a positive social impact of our cloud based platform. We help organizations streamline their risk and compliance workflows so our customers can spend more time strategically managing programs and less time wrangling spreadsheets.
We are disrupting the governance, risk, and compliance software space with our innovative platform by helping traditionally unsung heroes (compliance professionals) do the right things so the wrong things don’t happen.
Learn more about the @hyperproof culture and how it all started.
A NOTE ABOUT OUR INTERVIEW PROCESS
We’re committed to creating a fair, respectful, and secure hiring experience for everyone. As part of that commitment, we use standard verification steps throughout our interview process.
Here’s what that means for you:
- We may conduct routine verification checks during the hiring process.
- You might be asked additional questions to better understand your experience and background.
- For video interviews, we ask that candidates be on camera without filters or visual modifications.
These steps are applied consistently for all candidates and are designed to ensure an equitable experience for everyone.
EQUAL OPPORTUNITY EMPLOYER
Hyperproof is committed to a diverse and inclusive workplace — it’s one of our core values! Hyperproof is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status.
Our company is dedicated to building a diverse, inclusive, and authentic workplace. If you're excited about this role, but your experience doesn't perfectly fit every qualification, we encourage you to apply anyway. You may be just the right person for this role or others.
To ensure a smooth interview process, all candidates will be required to provide a valid phone number that is not a VOIP (Voice Over Internet Protocol) number. This helps us maintain clear and reliable communication throughout your interview experience.
Ready to apply?
Apply to Hyperproof
Value Engineer
Share this job
Position Overview
Diligent is looking for an experienced Value Engineer to join the team and work on key accounts to develop opportunities for prospects and customers. This position will leverage our GTM, and value drivers established through combining people, process, and technology. This resource will command a path of ensuring any mutually agreed outcomes established with customers are built through rigorous adaptation to measurable success.
Through a balanced program of assessment, investigation, and value modelling these outcomes will be managed from inception to fruition via the Business Value Consulting program.
Key Responsibilities
- Develop and present clear and concise Business Cases and Value Assessments:
- Proven ability to unearth business requirements & Drivers.
- Proven ability to map business drivers & initiatives to technology offering & differentiators.
- Proven ability to articulate validated business value.
- Gathering and analyzing in-depth business, technical, and financial information to understand the baseline and future capability of the client proposition.
- Conducting gap analyses of clients’ current versus desired states, identifying specific opportunities for benefit realisation.
- Drive adoption and enablement of the business value framework across the wider Diligent ecosystem, supporting the teams on the customers end to end journey of sales through to customer success and value realization.
- Ability to review and support POCs, and project planning involving Diligent technologies to incorporate Proof of Value messaging.
- Active participation in thought leadership, creating whitepapers, industry specific GTM materials and leading internal initiatives.
- Delivers training for other Engineers as part of enablement efforts.
- Enablement of Presales and Sales organization around Value Based Selling deliverables, processes, and best practices.
- Articulates and evangelizes industry and business trends relevant to Diligent's go-to market strategy.
Required Experience/Skills
- Extensive experience in product management, with a strong background in developing and managing Data SaaS products.
- Excellent presentation, verbal, and written communication skills.
- Strong experience partnering with a sales force who follow a strict sales methodology (MEDDIC/MEDDPIC).
- Adaptive mindset and ability to drive out a meaningful path to how our customers see tangible business value.
- Able to provide clear analysis and modelling of ROI (Return of Investment) and TCO (Total Cost of Ownership) concepts to justify business cases.
- Ability to build relationships both internally and externally to understand the underpinning needs of Diligent in terms of delivering proposed business value.
About Us
Diligent is the AI leader in governance, risk and compliance (GRC) SaaS solutions, helping more than 1 million users and 700,000 board members to clarify risk and elevate governance. The Diligent One Platform gives practitioners, the C-Suite and the board a consolidated view of their entire GRC practice so they can more effectively manage risk, build greater resilience and make better decisions, faster.
Learn more at diligent.com or follow us on LinkedIn and Facebook
What Diligent Offers You
- Creativity is ingrained in our culture. We are innovative collaborators by nature. We thrive in exploring how things can be differently both in our internal processes and to help our clients
- We care about our people. Diligent offers a flexible work environment, global days of service, comprehensive health benefits, meeting free days, generous time off policy and wellness programs to name a few
- We have teams all over the world. We may be headquartered in New York City, but we have office hubs in Washington D.C., Vancouver, London, Galway, Budapest, Munich, Bengaluru, Singapore, and Sydney.
- Diversity is important to us. Growing, maintaining and promoting a diverse team is a top priority for us. We foster and encourage diversity through our Employee Resource Groups and provide access to resources and education to support the education of our team, facilitate dialogue, and foster understanding.
Diligent created the modern governance movement. Our world-changing idea is to empower leaders with the technology, insights and connections they need to drive greater impact and accountability – to lead with purpose. Our employees are passionate, smart, and creative people who not only want to help build the software company of the future, but who want to make the world a more sustainable, equitable and better place.
Headquartered in New York, Diligent has offices in Washington D.C., London, Galway, Budapest, Vancouver, Bengaluru, Munich, Singapore and Sydney. To foster strong collaboration and connection, this role will follow a hybrid work model. If you are within a commuting distance to one of our Diligent office locations, you will be expected to work onsite at least 50% of the time. We believe that in-person engagement helps drive innovation, teamwork, and a strong sense of community.
We are a drug free workplace. Diligent is proud to be an equal opportunity employer. We do not discriminate based on race, color, religious creed, sex, national origin, ancestry, citizenship status, pregnancy, childbirth, physical disability, mental disability, age, military status, protected veteran status, marital status, registered domestic partner or civil union status, gender (including sex stereotyping and gender identity or expression), medical condition (including, but not limited to, cancer related or HIV/AIDS related), genetic information, or sexual orientation in accordance with applicable federal, state and local laws. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. See also Diligent's EEO Policy and Know Your Rights. We are committed to providing reasonable accommodations for qualified individuals with disabilities and disabled veterans in our job application procedures. If you need assistance or an accommodation due to a disability, you may contact us at recruitment@diligent.com.
To all recruitment agencies: Diligent does not accept unsolicited agency resumes. Please do not forward resumes to our jobs alias, Diligent employees or any other organization location. Diligent is not responsible for any fees related to unsolicited resumes.
Ready to apply?
Apply to Diligent Corporation
AI Solution Architect
Share this job
The Team:
Our Business Applications and Analytics team plays a pivotal role in driving business success through data-driven decision-making and operational excellence. This dynamic team manages enterprise-wide applications, including ERP, CRM, and BI systems. By harnessing the power of data and advanced analytical tools, we provide valuable insights that inform strategic initiatives, optimize processes, and enhance overall performance.
Position Overview:
Diligent is ‘All-In’ on AI and is seeking a dynamic and strategic AI leader to join our team as an AI Solutions Architect. As part of the Business Applications and Analytics team, this crucial role is designed to accelerate our Internal AI capabilities across multiple business functions, including Marketing, GTM/Sales, Customer Success & Support, Finance, HR, Legal, and Product and Engineering teams.
The primary goal of this position is to identify, prototype, deploy, and scale AI technologies and solutions that drive greater operational efficiency and effectiveness. The ideal candidate will be a technically adept individual with business acumen, able to bridge the gap between robust technical implementations and business needs, with the ability to partner with various business leaders to spot and act on opportunities for AI-driven transformation and innovation.
Key Responsibilities:
- Partner with business leaders to understand challenges, identify AI opportunities, and implement effective AI/GenAI solutions.
- Lead the ideation, prototyping, deployment, and scaling of AI/GenAI technologies and agentic solutions tailored to business needs.
- Develop and communicate strategic frameworks and roadmaps for AI initiatives aligned with business goals.
- Champion best practices in AI/ML and GenAI development—including responsible AI, privacy, security, and ethical guidelines.
- Collaborate with cross-functional teams to integrate AI tools within core business processes, ensuring seamless, high-value adoption.
- Stay abreast of AI best practices, tools, and methodologies and introduce them to the organization.
- Drive AI and Data literacy across the company through training, workshops, and continuous education initiatives.
- Ensure compliance with data protection and privacy regulations in all AI implementations.
- Monitor and evaluate the performance and effectiveness of AI solutions and continually refine them.
- Collaborate with stakeholders to define and achieve key performance indicators (KPIs) and return on investment (ROI) for AI projects.
- Advocate and implement AI ethical guidelines and best practices.
Required Qualifications:
- Solid Foundations: Bachelor’s degree in Computer Science, AI/ML, Data Science, or a related technical field.
- Practical Tinkerer: 5+ years in a technical role (software, data, DevOps, etc.), with hands on experience building end-to-end prototypes using GenAI tools (GPTs, Hugging Face, open-source LLMs, LangChain, Scikit-learn, etc.).
- Curious Explorer: Demonstrates a hands-on approach to learning in prompt-engineering, fine-tuning, RAG pipelines, or API Integrations, with a commitment to rapid failure, iteration, and sharing findings.
- Data Wrangler: Possesses the ability to source, clean, and transform raw data, including spreadsheets, logs, APIs, or CRM exports, into structured inputs for AI experiments and prototypes.
- Code Crafter: Capable of writing scripts or small applications to connect models, cloud services, or data sources. Prior experience with TensorFlow, PyTorch, Azure, AWS, or GCP is beneficial, but willingness to learn is equally important.
- Business Translator: Experienced as a technical sales engineer or solutions consultant, capable of turning AI experiments into compelling stories and metrics that resonate with non-technical stakeholders.
- Responsible AI Mindset: Demonstrated experience in addressing privacy, security, bias, and ethics in professional work, with a strong familiarity with industry-specific data privacy, AI ethics, and compliance requirements.
- Team Player: Essential qualities include clear communication and a growth mindset, as you will collaborate with marketers, sales professionals, engineers and leaders.
Preferred Qualifications:
- Demonstrates strong knowledge of AI use cases, including NLP, computer vision, data analytics, predictive modelling, and translating technical capabilities into business value, along with proficiency in large language models (LLMs), prompt engineering, RAG architectures, MLOps, LLMOps, and GenAI application deployment.
- Advanced programming and data engineering skills, with Python preferred, and experience in cloud-based AI solutions (AWS, GCP, Azure).
- Ability to architect and deploy enterprise-scale AI solutions, collaborating across sales, product, and implementation teams to ensure adoption and measurable ROI.
- Strategic thinker with strong analytical and problem-solving skills, capable of driving measurable business outcomes through AI/GenAI.
About Us
Diligent is the AI leader in governance, risk and compliance (GRC) SaaS solutions, helping more than 1 million users and 700,000 board members to clarify risk and elevate governance. The Diligent One Platform gives practitioners, the C-Suite and the board a consolidated view of their entire GRC practice so they can more effectively manage risk, build greater resilience and make better decisions, faster.
Learn more at diligent.com or follow us on LinkedIn and Facebook
What Diligent Offers You
- Creativity is ingrained in our culture. We are innovative collaborators by nature. We thrive in exploring how things can be differently both in our internal processes and to help our clients
- We care about our people. Diligent offers a flexible work environment, global days of service, comprehensive health benefits, meeting free days, generous time off policy and wellness programs to name a few
- We have teams all over the world. We may be headquartered in New York City, but we have office hubs in Washington D.C., Vancouver, London, Galway, Budapest, Munich, Bengaluru, Singapore, and Sydney.
- Diversity is important to us. Growing, maintaining and promoting a diverse team is a top priority for us. We foster and encourage diversity through our Employee Resource Groups and provide access to resources and education to support the education of our team, facilitate dialogue, and foster understanding.
Diligent created the modern governance movement. Our world-changing idea is to empower leaders with the technology, insights and connections they need to drive greater impact and accountability – to lead with purpose. Our employees are passionate, smart, and creative people who not only want to help build the software company of the future, but who want to make the world a more sustainable, equitable and better place.
Headquartered in New York, Diligent has offices in Washington D.C., London, Galway, Budapest, Vancouver, Bengaluru, Munich, Singapore and Sydney. To foster strong collaboration and connection, this role will follow a hybrid work model. If you are within a commuting distance to one of our Diligent office locations, you will be expected to work onsite at least 50% of the time. We believe that in-person engagement helps drive innovation, teamwork, and a strong sense of community.
We are a drug free workplace. Diligent is proud to be an equal opportunity employer. We do not discriminate based on race, color, religious creed, sex, national origin, ancestry, citizenship status, pregnancy, childbirth, physical disability, mental disability, age, military status, protected veteran status, marital status, registered domestic partner or civil union status, gender (including sex stereotyping and gender identity or expression), medical condition (including, but not limited to, cancer related or HIV/AIDS related), genetic information, or sexual orientation in accordance with applicable federal, state and local laws. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. See also Diligent's EEO Policy and Know Your Rights. We are committed to providing reasonable accommodations for qualified individuals with disabilities and disabled veterans in our job application procedures. If you need assistance or an accommodation due to a disability, you may contact us at recruitment@diligent.com.
To all recruitment agencies: Diligent does not accept unsolicited agency resumes. Please do not forward resumes to our jobs alias, Diligent employees or any other organization location. Diligent is not responsible for any fees related to unsolicited resumes.
Ready to apply?
Apply to Diligent Corporation