Remote GRC Manager
ARCHIVED
We can't find an active application page for this role right now. It may reopen or be listed elsewhere. Use Next Steps to search for an active apply link and similar live jobs.
Mattermost is the leading collaborative workflow platform for defense, intelligence, security, and critical infrastructure. Trusted by the U.S. Department of War and Fortune 500s, our platform runs on-premises and in private clouds, delivering secure messaging, file sharing, workflow automation, audio/screenshare, and project management—all with full data and operational control. Mattermost powers high-stakes workflows across mission planning, real-time, real-world operations, DevSecOps, incident response, and cyber defense—enabling secure collaboration from tactical edge and DDIL environments to enterprise HQ. Teams operate across web, desktop, and mobile, with embedded interoperability for Microsoft Teams, Outlook, and Microsoft 365.To learn more, visit www.mattermost.comMattermost is hiring a GRC Manager to own and modernize our governance, risk, and compliance program across both federal and commercial markets.This is a program-ownership role for someone who brings a modern, engineering-led approach to compliance — harnessing GRC engineering and AI to reduce manual effort and scale our programs. You will own Mattermost's compliance posture end to end, accountable for our federal readiness and commercial certifications, and you will modernize how we run them: automated, continuously monitored, and AI-native.You will do the hands-on compliance work while coordinating across internal stakeholders in engineering, infrastructure, and IT who implement controls, the external auditors who assess them, and the customers whose trust rests on the outcome. As the program scales, you will grow and lead the team behind it.What You'll DoOwn and modernize Mattermost's compliance programs across federal and commercial marketsLead readiness, certification, and surveillance cycles across both programsOperate the risk management program end to end — from identification and assessment through treatment and acceptanceOwn the third-party and vendor risk management program, including security assessments and supply chain riskApply GRC engineering and automation to replace manual evidence collection with continuous controls monitoringBuild AI-native workflows to accelerate and improve the quality of recurring compliance workMaintain the control library, system security plans, POA&Ms, and policiesCoordinate external audits from scoping through remediationAccelerate deal cycles by owning customer security questionnaires, trust center content, and reusable compliance artifactsGrow and lead the GRC team as the program scalesWhat We're Looking ForBachelor's degree in computer science, information security, or related field — or significant professional GRC and compliance experienceProven senior-level experience in governance, risk, and compliance, security compliance, or IT audit, including direct ownership of a certification or authorization programExperience with U.S. Federal standards including CMMC and NIST series (800-171 / 800-53)Experience with ISO 27001 and SOC 2 Type IIExperience operating a formal risk management programExperience running a third-party and vendor risk management programExperience owning customer-facing security assurance, including security questionnaires and trust center contentWorking knowledge of security controls for cloud environments (AWS, GCP, and/or Azure)Excellent written and verbal communication skillsNice to HaveProfessional GRC certifications such as CISA, CRISC, CISM, CISSP, or CIPPExperience working with AI platforms such as Claude, OpenAI, or GeminiExperience with compliance automation tooling such as Vanta or Drata, and continuous controls monitoringDirect experience applying AI or LLM-based workflows to GRC tasksProficiency in no-code automation or scripting languagesPast success in critical infrastructure industries including defense, cybersecurity, communications, or manufacturingHow Success Is MeasuredCMMC Level 2 gap assessment and readiness roadmap delivered within first 90 daysSOC 2 Type II and ISO 27001 audit cycles completed on time without slippageManual evidence collection replaced with automated, continuously monitored controlsCustomer security questionnaires and trust center content maintained to unblock deal cyclesGRC team grown and operating as a scalable, program-driven functionWhy MattermostMission-driven work: Your contributions directly support the organizations and missions that depend on secure, reliable collaborationRemote-first culture: Work from anywhere with a globally distributed, high-trust team built for autonomy and ownershipOpen source at the core: Be part of a vibrant developer community shaping the future of secure collaborationAI-forward environment: We actively adopt and build AI-enabled workflows — you'll work with and on cutting-edge toolingUnique scope: Own the compliance program end to end across both federal and commercial markets at a high-growth Series B companyCompensationMattermost takes a market-based approach to pay. Actual compensation may vary based on location, skills, experience, qualifications, and market conditions.Target Salary Range: $139,254-$168,318U.S. Eligibility & ComplianceThis role requires U.S. citizenship. Candidates must be located in the United States and eligible to obtain and maintain a U.S. government security clearance. For more information visit Security Clearances — United States Department of StateApplicants must meet eligibility requirements for access to export-controlled information as defined by U.S. export control laws, including EAR and ITAR. For more information visit the Bureau of Industry and Security and the Directorate of Defense Trade Controls.Mattermost is an EEO Employer, we are a remote-first, open-source company.We are continually working to expand our hiring in more countries and regions, ensuring compliance with local laws and regulations, which takes time.Mattermost values your unique perspective—we welcome all applicants. We encourage individuals from all backgrounds to apply and are committed to assessing candidates based on their skills and qualifications. We do not tolerate discrimination against staff or applicants based on race, religion, national origin, age, disability, pregnancy status, veteran status, or other personal characteristics.If you require accommodations during the interview process, please let us know—we're happy to assist.