Governance, Risk & Compliance (GRC) Manager

Sigma Computing is seeking an experienced GRC Manager to lead and scale its governance, risk, and compliance programs. Based in Sigma's San Francisco office (a New York office option also exists) and reporting to the General Counsel, this role builds a strategic, enterprise-wide GRC function that enables business growth while managing organizational risk.

The GRC Manager partners with Legal, Engineering, Product, Sales, Operations, and leadership to develop a comprehensive GRC framework, maturing governance structures, implementing scalable risk management processes, and ensuring compliance with applicable regulatory requirements. Governance duties include designing governance frameworks, establishing enterprise policies, and building a governance committee structure; risk duties include operating an Enterprise Risk Management program, maintaining a dynamic risk register, business continuity/disaster recovery, and third-party risk management.

On the compliance side, the role owns audit and certification programs including SOC 2, ISO 27001, and HIPAA, maintains compliance monitoring, manages security awareness training, and conducts internal audits. The role also enables the business by supporting sales with security questionnaires, trust center content, and ready-to-use compliance artifacts.

Qualifications

• 4+ years of relevant GRC experience
• Experience designing and implementing governance frameworks and enterprise policies
• Hands-on experience operating an Enterprise Risk Management program and risk register
• Ownership of audit/certification programs such as SOC 2, ISO 27001, and HIPAA
• Experience with third-party/vendor risk management and business continuity/disaster recovery