Director - GRC
*This is a remote position that must be based in the United States.
What You'll Be Doing
Strategic Leadership & Executive Engagement
Define and execute Tines' multi-year GRC strategy aligned with business objectives and market expansion goals
Own the compliance roadmap, prioritizing certifications and frameworks based on customer needs and revenue impact (FedRAMP, ISO 27001, SOC 2, GDPR, CCPA, etc.)
Serve as executive sponsor for all compliance programs, providing visibility and reporting to C-suite and Board of Directors
Build business cases for compliance investments, demonstrating ROI and competitive advantage
Monitor evolving compliance landscape, anticipating regulatory changes and translating requirements into actionable programs
Team Leadership & Organizational Development
Lead, mentor, and grow a team of GRC professionals, establishing career development paths and performance metrics
Scale the team strategically as Tines grows, hiring specialized roles as needed (GRC engineers, compliance analysts, etc.)
Foster cross-functional collaboration with Engineering, Product, Sales, Legal, IT, Security, and HR teams
Embed compliance champions across the organization and build a culture of excellence within the GRC function
FedRAMP & Federal Compliance Programs
Drive Tines' FedRAMP authorization to successful completion, overseeing gap remediation, documentation, and 3PAO engagement
Establish ongoing FedRAMP continuous monitoring and reauthorization processes
Build relationships with government stakeholders, agencies, and partners to support federal market expansion
Develop strategy for any future Federal requirements (DoD IL4/IL5, CMMC, StateRAMP) as business needs evolve
Compliance Program Management & Risk Governance
Maintain and optimize SOC 2 Type II compliance, ensuring efficient audit cycles and continuous control effectiveness
Lead ISO 27001 audits and other framework expansions
Establish and mature vendor risk management, third-party risk assessment, and supply chain security programs
Implement enterprise risk management processes, including risk registers, treatment plans, and executive risk reporting
Own the information security policy framework, ensuring alignment with regulatory requirements and business needs
Manage relationships with external auditors, 3PAOs, and assessors across all compliance programs
Customer Trust, Assurance & Market Positioning
Own the customer security assurance experience, including questionnaire responses, audit coordination, and Trust Center management
Partner with Sales and Customer Success to support enterprise deals requiring compliance evidence and security reviews
Build scalable processes to handle increasing volume of security assessments and due diligence requests
Represent Tines externally at customer meetings, industry events, and with auditors, positioning Tines as a compliance leader
Compliance Automation & Innovation
Champion the use of Tines' platform to automate compliance workflows, evidence collection, control testing, and reporting
Build a 'compliance-as-code' culture, treating compliance operations as a product with continuous improvement
Establish metrics and dashboards for real-time compliance posture visibility
Serve as an internal advocate and external case study for how automation transforms GRC
What You Bring With You
Required
12+ years of progressive experience in GRC, information security, or risk management, with at least 5 years in a leadership role
Proven track record leading FedRAMP authorization efforts from planning through ATO (Authority to Operate)
Deep expertise in multiple compliance frameworks: SOC 2, ISO 27001, FedRAMP, NIST 800-53
Experience building and scaling GRC teams and programs in high-growth SaaS or technology companies
Strong executive presence with ability to influence C-suite and Board-level stakeholders
Demonstrated success managing complex, multi-workstream compliance programs with competing priorities
Exceptional communication skills with the ability to translate technical compliance requirements into business value for diverse audiences
Strategic mindset with hands-on execution capability; comfortable rolling up sleeves while setting long-term vision
Experience partnering with Sales, Engineering, Product, and Legal teams to operationalize compliance
Preferred
Industry certifications such as CISSP, CISA, CISM, or CRISC
Experience achieving FedRAMP authorization for a SaaS platform (bonus for Moderate or High impact levels)
Background in compliance automation, GRC tooling, or security orchestration
Experience with privacy regulations and programs (GDPR, CCPA, data governance)
Knowledge of cloud security architecture and controls (AWS, Azure, GCP)
Prior experience in a startup or hypergrowth environment (Series B-D stage)
Familiarity with DevSecOps, infrastructure-as-code, and modern engineering practices
Experience using or implementing workflow automation platforms
Active participation in industry groups (CSA, FedRAMP PMO community, etc.)
Target Annual Compensation: $250-265K
Applicants for this opportunity must be authorized to work for any employer in the U.S. We are unable to sponsor or take over sponsorship of an employment Visa at this time.
#LI-SW1
About the job
Apply for this position
Director - GRC
*This is a remote position that must be based in the United States.
What You'll Be Doing
Strategic Leadership & Executive Engagement
Define and execute Tines' multi-year GRC strategy aligned with business objectives and market expansion goals
Own the compliance roadmap, prioritizing certifications and frameworks based on customer needs and revenue impact (FedRAMP, ISO 27001, SOC 2, GDPR, CCPA, etc.)
Serve as executive sponsor for all compliance programs, providing visibility and reporting to C-suite and Board of Directors
Build business cases for compliance investments, demonstrating ROI and competitive advantage
Monitor evolving compliance landscape, anticipating regulatory changes and translating requirements into actionable programs
Team Leadership & Organizational Development
Lead, mentor, and grow a team of GRC professionals, establishing career development paths and performance metrics
Scale the team strategically as Tines grows, hiring specialized roles as needed (GRC engineers, compliance analysts, etc.)
Foster cross-functional collaboration with Engineering, Product, Sales, Legal, IT, Security, and HR teams
Embed compliance champions across the organization and build a culture of excellence within the GRC function
FedRAMP & Federal Compliance Programs
Drive Tines' FedRAMP authorization to successful completion, overseeing gap remediation, documentation, and 3PAO engagement
Establish ongoing FedRAMP continuous monitoring and reauthorization processes
Build relationships with government stakeholders, agencies, and partners to support federal market expansion
Develop strategy for any future Federal requirements (DoD IL4/IL5, CMMC, StateRAMP) as business needs evolve
Compliance Program Management & Risk Governance
Maintain and optimize SOC 2 Type II compliance, ensuring efficient audit cycles and continuous control effectiveness
Lead ISO 27001 audits and other framework expansions
Establish and mature vendor risk management, third-party risk assessment, and supply chain security programs
Implement enterprise risk management processes, including risk registers, treatment plans, and executive risk reporting
Own the information security policy framework, ensuring alignment with regulatory requirements and business needs
Manage relationships with external auditors, 3PAOs, and assessors across all compliance programs
Customer Trust, Assurance & Market Positioning
Own the customer security assurance experience, including questionnaire responses, audit coordination, and Trust Center management
Partner with Sales and Customer Success to support enterprise deals requiring compliance evidence and security reviews
Build scalable processes to handle increasing volume of security assessments and due diligence requests
Represent Tines externally at customer meetings, industry events, and with auditors, positioning Tines as a compliance leader
Compliance Automation & Innovation
Champion the use of Tines' platform to automate compliance workflows, evidence collection, control testing, and reporting
Build a 'compliance-as-code' culture, treating compliance operations as a product with continuous improvement
Establish metrics and dashboards for real-time compliance posture visibility
Serve as an internal advocate and external case study for how automation transforms GRC
What You Bring With You
Required
12+ years of progressive experience in GRC, information security, or risk management, with at least 5 years in a leadership role
Proven track record leading FedRAMP authorization efforts from planning through ATO (Authority to Operate)
Deep expertise in multiple compliance frameworks: SOC 2, ISO 27001, FedRAMP, NIST 800-53
Experience building and scaling GRC teams and programs in high-growth SaaS or technology companies
Strong executive presence with ability to influence C-suite and Board-level stakeholders
Demonstrated success managing complex, multi-workstream compliance programs with competing priorities
Exceptional communication skills with the ability to translate technical compliance requirements into business value for diverse audiences
Strategic mindset with hands-on execution capability; comfortable rolling up sleeves while setting long-term vision
Experience partnering with Sales, Engineering, Product, and Legal teams to operationalize compliance
Preferred
Industry certifications such as CISSP, CISA, CISM, or CRISC
Experience achieving FedRAMP authorization for a SaaS platform (bonus for Moderate or High impact levels)
Background in compliance automation, GRC tooling, or security orchestration
Experience with privacy regulations and programs (GDPR, CCPA, data governance)
Knowledge of cloud security architecture and controls (AWS, Azure, GCP)
Prior experience in a startup or hypergrowth environment (Series B-D stage)
Familiarity with DevSecOps, infrastructure-as-code, and modern engineering practices
Experience using or implementing workflow automation platforms
Active participation in industry groups (CSA, FedRAMP PMO community, etc.)
Target Annual Compensation: $250-265K
Applicants for this opportunity must be authorized to work for any employer in the U.S. We are unable to sponsor or take over sponsorship of an employment Visa at this time.
#LI-SW1