Description:

The Assurance, Risk, and Compliance (“ARC”) Initiatives team at MongoDB owns the strategy, governance, and delivery of our most critical cross-functional risk and compliance initiatives. We design and execute programs that support compliance audits, risk assessments, employee awareness and enablement, and the implementation of common control frameworks, along with consistent operating cadences that align key stakeholders, accelerate decision making, and drive the execution of initiatives that reinforce MongoDB’s assurance, risk management, and compliance objectives. We define and track key metrics and deliver clear and timely, executive reporting to provide transparency, measure progress, and ensure lasting operational resilience and governance.

We serve as the central coordination point for ARC-wide initiatives, connecting Product, Engineering, Security, and Legal teams around clear priorities, milestones, and outcomes. Our focus is on building scalable governance structures, defining decision-making frameworks, and establishing repeatable ways of working so that complex efforts can be executed consistently across the team.

The Policy Program Manager is a mid-to-senior level individual contributor role responsible for leading the development and operationalization of policies and procedures aligned to established control frameworks. You will drive end-to-end ownership of policy lifecycle management, from drafting and review through implementation and ongoing maintenance, while coordinating inputs across teams to ensure accuracy, consistency, and adoption. Additionally, you will lead documentation standardization efforts, facilitate stakeholder reviews, and perform gap analyses to continuously strengthen and mature our ARC policy framework.

Responsibilities:

• Lead the end-to-end execution of company-wide compliance programs, including the annual security policy and procedure review cycle
• Design and implement scalable frameworks for policy lifecycle management (creation, review, approval, publication, and retirement)
• Establish standards, templates, and governance processes to ensure consistency and clarity across all compliance documentation
• Maintain a centralized, audit-ready repository for policies, procedures, and supporting artifacts
• Act as the primary point of contact for cross-functional teams (HR, Legal, Engineering, Product)
• Drive alignment, gather inputs, and ensure timely completion of policy updates and compliance deliverables
• Ensure policies and procedures align with regulatory, security, and internal control requirements
• Support internal and external audits by maintaining complete, accurate, and accessible documentation
• Translate audit findings and regulatory changes into actionable policy program updates
• Maintain the integrity of project-specific Jira boards and Confluence pages. Ensure all project artifacts are organized, up-to-date, and ready for leadership review or external audit
• Develop and maintain dashboards to report on program health, completion rates, and obstacles. Present status updates and metrics to leadership
• Evaluate existing program workflows and implement improvements to increase efficiency, reduce manual effort, and improve the stakeholder experience

Requirements:

• 5-8 years of program management experience, ideally within an Information Security or high-growth technology environment
• Experience creating and managing policy and procedure programs or governance frameworks
• Deep understanding of security and compliance frameworks (e.g., SOC 2, ISO 27001, PCI DSS, HIPAA, NIST CSF)
• Strong proficiency in managing full-lifecycle projects, including scoping, planning, risk mitigation, and change control
• Advanced experience with Jira and Confluence, including the ability to build custom dashboards and manage complex documentation repositories
• Maintain and support a GRC/policy management platform to ensure consistent policy administration and system usability
• Excellent interpersonal skills with the ability to hold cross-functional stakeholders accountable to deadlines in a professional and effective manner
• Exceptional attention to detail and the ability to manage multiple overlapping priorities without losing sight of milestones
• A proactive, self-directed approach to work. You enjoy taking ownership of a program and building the structure necessary for its success

Responsibilities & Expectations

• You are expected to be the owner of your assigned programs. While you will work closely with technical SMEs, you are responsible for the logistical success of the workstream. Your success is measured by the timely completion of program goals, the clarity of your reporting, and your ability to anticipate and resolve project bottlenecks
• You don't just track tasks; you own the success of the program

Scope & Complexity

• The scope is horizontal and impacts multiple departments across MongoDB
• Managing complex programs that require coordination with various business units, ensuring that project delays in one area do not derail the overall compliance roadmap

Authority & Impact

• You have the authority to manage the timelines and execution steps of your assigned programs
• Your impact is reflected in the strength of policy program management and organizational readiness you drive; by overseeing and coordinating these workstreams, you ensure the Compliance team consistently meets foundational policy requirements and aligns with external audit expectations

Expertise

• You will develop deep expertise in compliance and audit operations
• You will become the go-to resource for designing, scaling, and executing policy and compliance programs within a cloud-first organization. This role is responsible for independently and collaboratively developing and managing policies and procedures, with a strong understanding of compliance frameworks and the ability to interpret and operationalize control requirements

Leadership

• Leadership in this role is demonstrated through influence and mentorship. While you may not have direct reports, you will guide cross-functional teams in developing and standardizing policies/supporting documentation, as well as provide mentorship on policy governance, standardized documentation practices, and compliance alignment

About MongoDB

MongoDB is built for change, empowering our customers and our people to innovate at the speed of the market. We have redefined the database for the AI era, enabling innovators to create, transform, and disrupt industries with software. MongoDB’s unified database platform, the most widely available, globally distributed database on the market, helps organizations modernize legacy workloads, embrace innovation, and unleash AI. Our cloud-native platform, MongoDB Atlas, is the only globally distributed, multi-cloud database and is available across AWS, Google Cloud, and Microsoft Azure.

With offices worldwide and over 60,000 customers, including 75% of the Fortune 100 and AI-native startups, relying on MongoDB for their most important applications, we’re powering the next era of software.

Our compass at MongoDB is our Leadership Commitment, guiding how and why we make decisions, show up for each other, and win. It’s what makes us MongoDB. 

To drive the personal growth and business impact of our employees, we’re committed to developing a supportive and enriching culture for everyone. From employee affinity groups, to fertility assistance and a generous parental leave policy, we value our employees’ wellbeing and want to support them along every step of their professional and personal journeys. Learn more about what it’s like to work at MongoDB, and help us make an impact on the world!

MongoDB is committed to providing any necessary accommodations for individuals with disabilities within our application and interview process. To request an accommodation due to a disability, please inform your recruiter.

MongoDB, Inc. provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type and makes all hiring decisions without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.

REQ ID: 1273402887

Sr Manager, InfoSec Governance Risk and Compliance (GRC)

(San Francisco Bay Area, California, United States)

Founded in 2000, Ivalua is a leading global provider of cloud-based procurement solutions.

COMPANY OVERVIEW

At Ivalua we are a global community of exceptional professionals, who believe that digital transformation revolutionizes supply chain sustainability and resiliency to unlock the power of supplier collaboration. 

We achieve this through our leading cloud-based spend management platform that empowers hundreds of the world's most admired brands to effectively manage all categories of spend and all suppliers to increase profitability, improve ESG (environmental, social, and corporate governance) performance, lower risk, and improve productivity. Driven by our passions and fueled by our shared ambitions, we empower and challenge each other to create meaningful experiences for our colleagues, customers, partners, and communities. 

Learn more at www.ivalua.com. Follow us on LinkedIn and Twitter.

THE OPPORTUNITY

CONTEXT:

Our InfoSec team is dedicated to building, maintaining, and continuously improving Ivalua’s Information Security program globally. We provide peace of mind and assurance of protection and safety to our customers. In this fast-growing environment, the GRC program is critical to ensuring compliance with industry standards and certifications, managing risks, and supporting business growth.

ROLE:

We are currently looking for an experienced InfoSec Governance Risk and Compliance (GRC) Sr Manager to lead a global team and own the GRC program worldwide. Reporting to the InfoSec leadership, you will manage and develop a high-performing team, drive compliance efforts, and serve as a subject matter expert on security frameworks and standards.

WHAT YOU WILL DO WITH US

• Lead and own the Governance, Risk, and Compliance (GRC) program globally, managing and developing a high-performing team.
• Manage and drive compliance efforts and audits for certifications such as FedRAMP, IRAP, ISO 27001, HIPAA, SOC1/SOC2, PCI DSS, and others.
• Serve as the subject matter expert (SME) on security frameworks and standards including NIST SP 800-53 Rev 5, NIST 800-171, ITAR, FedRAMP, PCI DSS, SOC2, etc., providing guidance to internal stakeholders.
• Efficiently manage and respond to customer security audit and compliance requests in a timely manner.
• Maintain continuous compliance and monitoring of security controls to ensure ongoing adherence to standards.
• Collaborate closely with Sales, Marketing, and Customer Success teams to effectively communicate Ivalua’s security posture to prospects and customers.
• Review and negotiate information security exhibits and contractual terms in partnership with the legal team.
• Lead the Security Awareness and Training program to promote a culture of security across the organization.
• Track, manage, and drive remediation efforts for control deficiencies and gaps identified through internal and external audits.
• Oversee the Third Party Risk and Vendor Security Assessment program to mitigate supply chain risks.
• Develop, maintain, and enforce InfoSec policies, standards, and plans.

YOUR PROFILE

If you have the below experience and strengths this role could be for you:

Skills and Experience:

• At least 7+ years of proven experience leading GRC programs and managing compliance certifications and audits (FedRAMP, ISO 27001, HIPAA, SOC1/SOC2, PCI DSS, IRAP, etc.). 
• At least 3+ years experience as a direct leader, managing a team. The position will be part of an established global team with opportunity to grow the team
• Strong knowledge of security frameworks such as NIST SP 800-53, NIST 800-171, ITAR, PCI DSS, SOC2, and FedRAMP.
• Demonstrated ability to manage and influence stakeholders across multiple departments and time zones.
• Excellent project management, analytical, and problem-solving skills with keen attention to detail.
• Strong interpersonal and communication skills, capable of building trust and managing conflicts effectively.
• Self-motivated with a high degree of initiative and ability to work independently.
• Ability to handle multiple competing priorities and deadlines efficiently.
• Bachelor’s degree in related field preferred or equivalent experience with proven skills

Soft Skills:

• Excellent interpersonal, communication, and organizational skills.
• Team player with the ability to interface effectively with a broad range of individuals and roles, including IT and vendors.
• High degree of initiative, dependable, and able to work well with limited supervision.

WHAT HAPPENS NEXT

If your application fits this specific position’s needs, our skilled Talent team will reach out to schedule an initial screening call. Get one step closer to achieving your goals – apply today!

Our Talent team will guide you through every step of the interview process - from preparation to completion. They're here to support you!

Our recruitment process is designed to assess your competencies through a series of personalized interviews with internal stakeholders relevant to the role.

Interviews will be conducted virtually via video or on-site with face-to-face meetings.

LIFE AT IVALUA

• Hybrid working model (3 days in the office per week)
• We're a team dedicated to pushing the boundaries of product innovation and technology
• Sustainable Growth, Privately Held
• A stable and cash-flow positive Company since 10 years
• Snacks and weekly lunches in the office
• Feel empowered to pursue your goals with improved team collaboration and increased creativity/productivity
• Unlock and unleash your full professional potential with our exceptional training and career development program
• Join a dynamic and international team of top-notch professionals who are experts in their respective fields. Collaborate with like-minded individuals who are deeply passionate and highly motivated about their work. Experience a truly diverse and inclusive work environment where your unique contributions are highly valued
• Regular social events, competitive outings, team running events, and musical activities,
• Comparably recognized Ivalua for the following (https://www.comparably.com/companies/ivalua) : 

Powered by People - Powered by You!

United by our values we embrace diversity and equity in the broadest possible sense to create an inclusive workplace. To help our customers make supply chains more efficient, sustainable and resilient, we rely on a global team with a variety of backgrounds, skills and views. We believe in equal opportunity and in diversity as a driver of innovation that cultivates a spirit of inclusiveness, creates a productive and fun place to work, and provides fulfilling career opportunities for all Ivaluans. https://www.linkedin.com/company/ivalua/about/

Experience life at Ivalua - check out our captivating video! Gain insight into our unique company culture and get a glimpse of what it's like to work with us.

Ivalua’s core values include a priority on Care & Grow People. We take matters like pay equity very seriously and strive to reward our employees appropriately and fairly for their talents.

The compensation range for this position reflects the cost of labor across our US locations and is based upon careful and continual market research. In addition to location, compensation may also vary based upon job-related knowledge, skills, and experience.

Title: Manager, InfoSec Governance Risk and Compliance (GRC)

Range minimum: USD 112000

Range maximum: USD 208000

Additional compensation / rewards: Ivalua also offers exceptional benefits including medical, dental, vision and transportation.

#LI-SG1

#LI-HYBRID

Sr Manager, InfoSec Governance Risk and Compliance (GRC)(Pittsburgh, Pennsylvania, US)

Founded in 2000, Ivalua is a leading global provider of cloud-based procurement solutions.

COMPANY OVERVIEW

At Ivalua we are a global community of exceptional professionals, who believe that digital transformation revolutionizes supply chain sustainability and resiliency to unlock the power of supplier collaboration. 

We achieve this through our leading cloud-based spend management platform that empowers hundreds of the world's most admired brands to effectively manage all categories of spend and all suppliers to increase profitability, improve ESG (environmental, social, and corporate governance) performance, lower risk, and improve productivity. Driven by our passions and fueled by our shared ambitions, we empower and challenge each other to create meaningful experiences for our colleagues, customers, partners, and communities. 

Learn more at www.ivalua.com. Follow us on LinkedIn and Twitter.

THE OPPORTUNITY

CONTEXT:

Our InfoSec team is dedicated to building, maintaining, and continuously improving Ivalua’s Information Security program globally. We provide peace of mind and assurance of protection and safety to our customers. In this fast-growing environment, the GRC program is critical to ensuring compliance with industry standards and certifications, managing risks, and supporting business growth.

ROLE:

We are currently looking for an experienced InfoSec Governance Risk and Compliance (GRC) Sr Manager to lead a global team and own the GRC program worldwide. Reporting to the InfoSec leadership, you will manage and develop a high-performing team, drive compliance efforts, and serve as a subject matter expert on security frameworks and standards.

WHAT YOU WILL DO WITH US

• Lead and own the Governance, Risk, and Compliance (GRC) program globally, managing and developing a high-performing team.
• Manage and drive compliance efforts and audits for certifications such as FedRAMP, IRAP, ISO 27001, HIPAA, SOC1/SOC2, PCI DSS, and others.
• Serve as the subject matter expert (SME) on security frameworks and standards including NIST SP 800-53 Rev 5, NIST 800-171, ITAR, FedRAMP, PCI DSS, SOC2, etc., providing guidance to internal stakeholders.
• Efficiently manage and respond to customer security audit and compliance requests in a timely manner.
• Maintain continuous compliance and monitoring of security controls to ensure ongoing adherence to standards.
• Collaborate closely with Sales, Marketing, and Customer Success teams to effectively communicate Ivalua’s security posture to prospects and customers.
• Review and negotiate information security exhibits and contractual terms in partnership with the legal team.
• Lead the Security Awareness and Training program to promote a culture of security across the organization.
• Track, manage, and drive remediation efforts for control deficiencies and gaps identified through internal and external audits.
• Oversee the Third Party Risk and Vendor Security Assessment program to mitigate supply chain risks.
• Develop, maintain, and enforce InfoSec policies, standards, and plans.

YOUR PROFILE

If you have the below experience and strengths this role could be for you:

Skills and Experience:

• At least 7+ years of proven experience leading GRC programs and managing compliance certifications and audits (FedRAMP, ISO 27001, HIPAA, SOC1/SOC2, PCI DSS, IRAP, etc.).
• At least 3+ years experience as a direct leader, managing a team. The position will be part of an established global team with opportunity to grow the team
• Strong knowledge of security frameworks such as NIST SP 800-53, NIST 800-171, ITAR, PCI DSS, SOC2, and FedRAMP.
• Demonstrated ability to manage and influence stakeholders across multiple departments and time zones.
• Excellent project management, analytical, and problem-solving skills with keen attention to detail.
• Strong interpersonal and communication skills, capable of building trust and managing conflicts effectively.
• Self-motivated with a high degree of initiative and ability to work independently.
• Ability to handle multiple competing priorities and deadlines efficiently.
• Bachelor’s degree in related field preferred or equivalent experience with proven skills

Soft Skills:

• Excellent interpersonal, communication, and organizational skills.
• Team player with the ability to interface effectively with a broad range of individuals and roles, including IT and vendors.
• High degree of initiative, dependable, and able to work well with limited supervision.

WHAT HAPPENS NEXT

If your application fits this specific position’s needs, our skilled Talent team will reach out to schedule an initial screening call. Get one step closer to achieving your goals – apply today!

Our Talent team will guide you through every step of the interview process - from preparation to completion. They're here to support you!

Our recruitment process is designed to assess your competencies through a series of personalized interviews with internal stakeholders relevant to the role.

Interviews will be conducted virtually via video or on-site with face-to-face meetings.

LIFE AT IVALUA

• Hybrid working model (3 days in the office per week)
• We're a team dedicated to pushing the boundaries of product innovation and technology
• Sustainable Growth, Privately Held
• A stable and cash-flow positive Company since 10 years
• Snacks and weekly lunches in the office
• Feel empowered to pursue your goals with improved team collaboration and increased creativity/productivity
• Unlock and unleash your full professional potential with our exceptional training and career development program
• Join a dynamic and international team of top-notch professionals who are experts in their respective fields. Collaborate with like-minded individuals who are deeply passionate and highly motivated about their work. Experience a truly diverse and inclusive work environment where your unique contributions are highly valued
• Regular social events, competitive outings, team running events, and musical activities,
• Comparably recognized Ivalua for the following (https://www.comparably.com/companies/ivalua) : 

Powered by People - Powered by You!

United by our values we embrace diversity and equity in the broadest possible sense to create an inclusive workplace. To help our customers make supply chains more efficient, sustainable and resilient, we rely on a global team with a variety of backgrounds, skills and views. We believe in equal opportunity and in diversity as a driver of innovation that cultivates a spirit of inclusiveness, creates a productive and fun place to work, and provides fulfilling career opportunities for all Ivaluans. https://www.linkedin.com/company/ivalua/about/

Experience life at Ivalua - check out our captivating video! Gain insight into our unique company culture and get a glimpse of what it's like to work with us.

Ivalua’s core values include a priority on Care & Grow People. We take matters like pay equity very seriously and strive to reward our employees appropriately and fairly for their talents.

The compensation range for this position reflects the cost of labor across our US locations and is based upon careful and continual market research. In addition to location, compensation may also vary based upon job-related knowledge, skills, and experience.

Title: Manager, InfoSec Governance Risk and Compliance (GRC)

Range minimum: USD 112000

Range maximum: USD 208000

Additional compensation / rewards: Ivalua also offers exceptional benefits including medical, dental, vision and transportation.

#LI-SG1

#LI-HYBRID

Sr Manager, InfoSec Governance Risk and Compliance (GRC)(New York City, New York, United States)

Founded in 2000, Ivalua is a leading global provider of cloud-based procurement solutions.

COMPANY OVERVIEW

At Ivalua we are a global community of exceptional professionals, who believe that digital transformation revolutionizes supply chain sustainability and resiliency to unlock the power of supplier collaboration. 

We achieve this through our leading cloud-based spend management platform that empowers hundreds of the world's most admired brands to effectively manage all categories of spend and all suppliers to increase profitability, improve ESG (environmental, social, and corporate governance) performance, lower risk, and improve productivity. Driven by our passions and fueled by our shared ambitions, we empower and challenge each other to create meaningful experiences for our colleagues, customers, partners, and communities. 

Learn more at www.ivalua.com. Follow us on LinkedIn and Twitter.

THE OPPORTUNITY

CONTEXT:

Our InfoSec team is dedicated to building, maintaining, and continuously improving Ivalua’s Information Security program globally. We provide peace of mind and assurance of protection and safety to our customers. In this fast-growing environment, the GRC program is critical to ensuring compliance with industry standards and certifications, managing risks, and supporting business growth.

ROLE:

We are currently looking for an experienced InfoSec Governance Risk and Compliance (GRC) Sr Manager to lead a global team and own the GRC program worldwide. Reporting to the InfoSec leadership, you will manage and develop a high-performing team, drive compliance efforts, and serve as a subject matter expert on security frameworks and standards.

WHAT YOU WILL DO WITH US

• Lead and own the Governance, Risk, and Compliance (GRC) program globally, managing and developing a high-performing team.
• Manage and drive compliance efforts and audits for certifications such as FedRAMP, IRAP, ISO 27001, HIPAA, SOC1/SOC2, PCI DSS, and others.
• Serve as the subject matter expert (SME) on security frameworks and standards including NIST SP 800-53 Rev 5, NIST 800-171, ITAR, FedRAMP, PCI DSS, SOC2, etc., providing guidance to internal stakeholders.
• Efficiently manage and respond to customer security audit and compliance requests in a timely manner.
• Maintain continuous compliance and monitoring of security controls to ensure ongoing adherence to standards.
• Collaborate closely with Sales, Marketing, and Customer Success teams to effectively communicate Ivalua’s security posture to prospects and customers.
• Review and negotiate information security exhibits and contractual terms in partnership with the legal team.
• Lead the Security Awareness and Training program to promote a culture of security across the organization.
• Track, manage, and drive remediation efforts for control deficiencies and gaps identified through internal and external audits.
• Oversee the Third Party Risk and Vendor Security Assessment program to mitigate supply chain risks.
• Develop, maintain, and enforce InfoSec policies, standards, and plans.

YOUR PROFILE

If you have the below experience and strengths this role could be for you:

Skills and Experience:

• At least 7+ years of proven experience leading GRC programs and managing compliance certifications and audits (FedRAMP, ISO 27001, HIPAA, SOC1/SOC2, PCI DSS, IRAP, etc.).
• At least 3+ years experience as a direct leader, managing a team. The position will be part of an established global team with opportunity to grow the team
• Strong knowledge of security frameworks such as NIST SP 800-53, NIST 800-171, ITAR, PCI DSS, SOC2, and FedRAMP.
• Demonstrated ability to manage and influence stakeholders across multiple departments and time zones.
• Excellent project management, analytical, and problem-solving skills with keen attention to detail.
• Strong interpersonal and communication skills, capable of building trust and managing conflicts effectively.
• Self-motivated with a high degree of initiative and ability to work independently.
• Ability to handle multiple competing priorities and deadlines efficiently.
• Bachelor’s degree in related field preferred or equivalent experience with proven skills

Soft Skills:

• Excellent interpersonal, communication, and organizational skills.
• Team player with the ability to interface effectively with a broad range of individuals and roles, including IT and vendors.
• High degree of initiative, dependable, and able to work well with limited supervision.

WHAT HAPPENS NEXT

If your application fits this specific position’s needs, our skilled Talent team will reach out to schedule an initial screening call. Get one step closer to achieving your goals – apply today!

Our Talent team will guide you through every step of the interview process - from preparation to completion. They're here to support you!

Our recruitment process is designed to assess your competencies through a series of personalized interviews with internal stakeholders relevant to the role.

Interviews will be conducted virtually via video or on-site with face-to-face meetings.

LIFE AT IVALUA

• Hybrid working model (3 days in the office per week)
• We're a team dedicated to pushing the boundaries of product innovation and technology
• Sustainable Growth, Privately Held
• A stable and cash-flow positive Company since 10 years
• Snacks and weekly lunches in the office
• Feel empowered to pursue your goals with improved team collaboration and increased creativity/productivity
• Unlock and unleash your full professional potential with our exceptional training and career development program
• Join a dynamic and international team of top-notch professionals who are experts in their respective fields. Collaborate with like-minded individuals who are deeply passionate and highly motivated about their work. Experience a truly diverse and inclusive work environment where your unique contributions are highly valued
• Regular social events, competitive outings, team running events, and musical activities,
• Comparably recognized Ivalua for the following (https://www.comparably.com/companies/ivalua) : 

Powered by People - Powered by You!

United by our values we embrace diversity and equity in the broadest possible sense to create an inclusive workplace. To help our customers make supply chains more efficient, sustainable and resilient, we rely on a global team with a variety of backgrounds, skills and views. We believe in equal opportunity and in diversity as a driver of innovation that cultivates a spirit of inclusiveness, creates a productive and fun place to work, and provides fulfilling career opportunities for all Ivaluans. https://www.linkedin.com/company/ivalua/about/

Experience life at Ivalua - check out our captivating video! Gain insight into our unique company culture and get a glimpse of what it's like to work with us.

Ivalua’s core values include a priority on Care & Grow People. We take matters like pay equity very seriously and strive to reward our employees appropriately and fairly for their talents.

The compensation range for this position reflects the cost of labor across our US locations and is based upon careful and continual market research. In addition to location, compensation may also vary based upon job-related knowledge, skills, and experience.

Title: Manager, InfoSec Governance Risk and Compliance (GRC)

Range minimum: USD 112000

Range maximum: USD 208000

Additional compensation / rewards: Ivalua also offers exceptional benefits including medical, dental, vision and transportation.

#LI-SG1

#LI-HYBRID