CloudZero
Office of CTO
GRCManager
Neural analysis suggests this role is
optimal for Mid candidates.
“GRC Manager at CloudZero. Skills: governance, risk, and compliance programs, audit and certification programs, enterprise risk assessments, risk register, business continuity and disaster recovery programs, third-party risk management processes, security awareness training program, security questionnaire and assessment process, security and data privacy language in contracts, trust center maintenance. Own and scale our governance, risk, and compliance programs across the organization. Design and”
What You'll Achieve.
protects CloudZero’s interests; earns customer trust; gives the business the confidence to move quickly; drive successful outcomes; ensuring they’re current, practical, and embedded into how teams actually operate; risk-informed decision-making happens at every level of the organization; ensuring operational preparedness when it matters most; ensuring CloudZero meets its obligations under GDPR, CCPA, and other applicable requirements; validate that controls are working as intended; makes high-quality responses fast and repeatable; protect CloudZero’s interests while keeping deals on track; reducing manual effort and accelerating deal cycles without sacrificing quality; drive compliance goals and outcomes
Industry & Context.
expectation of in-office presence 2–3 days per week, All job offers are contingent upon the candidate passing background and reference checks
What They're Looking For.
Must Have
5+ years of experience in governance, risk, and/or compliance roles, Proven experience building or significantly maturing a GRC program, direct, hands-on involvement in SOC 2 or similar certification audits, Working knowledge of established risk management frameworks such as COSO, ISO 31000, or NIST RMF, Solid understanding of GDPR, CCPA, and how data privacy obligations translate into practical controls and policies, communicator who can make risk and compliance topics accessible and actionable for technical teams, business partners, and senior leadership alike, Ability to drive initiatives from scoping through completion while keeping multiple workstreams moving in a fast-paced environment, A business-enabling mindset
Nice to Have
Prior experience at a SaaS technology startup, Hands-on technical experience with GCP, AWS, or Azure from a security and compliance lens, Experience working with Vanta or Drata for continuous compliance monitoring and automation, Experience with security questionnaire automation tools such as Loopio, Iris, or similar solutions, Professional certifications such as CRISC, CISA, CISM, CISSP, or CIPP, Familiarity with security frameworks including NIST CSF, CIS Controls, or OWASP, Proven ability to partner cross-functionally across departments to drive compliance goals and outcomes, Curiosity and enthusiasm for leveraging AI tools (such as Claude, Claude Code, or similar) to work smarter, automate repetitive tasks, and continuously find new ways to drive efficiency across the GRC function
What You'll Do.
Own and scale our governance
and compliance programs across the organization
Design and operate a comprehensive GRC framework spanning governance structures
enterprise risk management
and compliance programs
Own audit and certification programs including SOC 2 and other relevant standards
and ongoing improvement of CloudZero’s security and privacy policies and procedures
Lead regular enterprise risk assessments
maintain a living risk register
Serve as a key stakeholder in building CloudZero’s AI Governance & Strategic Risk strategy
Take full ownership of business continuity and disaster recovery programs
Build and manage third-party risk management processes
Track regulatory developments alongside the Legal team
Manage the company’s security awareness training program and run internal audits
Own the security questionnaire and assessment process
Review and redline security and data privacy language in customer and prospect contracts
Build and maintain a library of pre-approved security responses
and contract language
Actively identify and implement tooling to automate questionnaire responses and security review workflows
Maintain and continuously improve CloudZero’s trust center
Partner with Sales Engineering and Solutions teams to address security and compliance requirements early in the sales cycle
How You'll Work.
Team & Collaboration
partner closely with Legal, Engineering, Product, Sales, and G&A; coordinating across internal teams and third-party auditors; working closely with Legal; Partner with Sales Engineering and Solutions teams
Communication Scope
communicator who can make risk and compliance topics accessible and actionable for technical teams, business partners, and senior leadership alike
Process & Methodology
Ability to drive initiatives from scoping through completion while keeping multiple workstreams moving in a fast-paced environment
Full Job Description
ABOUT THE ROLE CloudZero is growing fast. Our customer base is expanding, the regulatory and risk landscape is getting more complex, and the business needs a GRC function that can keep pace. As the GRC Manager at CloudZero, you’ll own and scale our governance, risk, and compliance programs across the organization. Reporting to the Sr. Director of IT & Security within the Office of the CTO organization, you’ll partner closely with Legal, Engineering, Product, Sales, and G&A to build a GRC function that protects CloudZero’s interests, earns customer trust, and gives the business the confidence to move quickly. This is a high-impact, highly cross-functional role. You’ll be as comfortable presenting a risk register to leadership as you are helping a sales team close a deal with the right compliance documentation. This is a hybrid role with an expectation of in-office presence 2–3 days per week. WHAT YOU’LL DO DESIGN AND OPERATE THE GRC FRAMEWORK - Design and operate a comprehensive GRC framework spanning governance structures, enterprise risk management, and compliance programs that grows alongside CloudZero’s business - Own audit and certification programs including SOC 2 and other relevant standards, coordinating across internal teams and third-party auditors to drive successful outcomes - Own the development, maintenance, and ongoing improvement of CloudZero’s security and privacy policies and procedures, ensuring they’re current, practical, and embedded into how teams actually operate - Lead regular enterprise risk assessments, maintain a living risk register, and create an environment where risk-informed decision-making happens at every level of the organization GOVERNANCE, RISK & BUSINESS CONTINUITY - Serve as a key stakeholder in building CloudZero’s AI Governance & Strategic Risk strategy - Take full ownership of business continuity and disaster recovery programs, including program design, documentation, regular testing cycles, and tabletop exercises — ensuring
Applying for this GRC Manager role?
Most applicants get filtered before a human reads their resume. See if yours makes the cut.
How to Apply on Ashby
- Ashby is a fast modern ATS — most applications take under 3 minutes.
- The resume parser is strong; verify parsed experience dates and job titles.
- Custom screening questions are often scored algorithmically — answer completely.
- Location field affects geo-based screening; use your actual metro area.
ANONYMOUS · UNFILTERED
What do employees actually say about CloudZero?
Real rants from real employees. Read before you apply.