Director, GRC

*This is a remote position that must be based in the United States.

What You'll Be Doing

Strategic Leadership & Executive Engagement

• Define and execute Tines' multi-year GRC strategy aligned with business objectives and market expansion goals
• Own the compliance roadmap, prioritizing certifications and frameworks based on customer needs and revenue impact (FedRAMP, ISO 27001, SOC 2, GDPR, CCPA, etc.)
• Serve as executive sponsor for all compliance programs, providing visibility and reporting to C-suite and Board of Directors
• Build business cases for compliance investments, demonstrating ROI and competitive advantage
• Monitor evolving compliance landscape, anticipating regulatory changes and translating requirements into actionable programs

Team Leadership & Organizational Development

• Lead, mentor, and grow a team of GRC professionals, establishing career development paths and performance metrics
• Scale the team strategically as Tines grows, hiring specialized roles as needed (GRC engineers, compliance analysts, etc.)
• Foster cross-functional collaboration with Engineering, Product, Sales, Legal, IT, Security, and HR teams
• Embed compliance champions across the organization and build a culture of excellence within the GRC function

FedRAMP & Federal Compliance Programs

• Drive Tines' FedRAMP authorization to successful completion, overseeing gap remediation, documentation, and 3PAO engagement
• Establish ongoing FedRAMP continuous monitoring and reauthorization processes
• Build relationships with government stakeholders, agencies, and partners to support federal market expansion
• Develop strategy for any future Federal requirements (DoD IL4/IL5, CMMC, StateRAMP) as business needs evolve

Compliance Program Management & Risk Governance

• Maintain and optimize SOC 2 Type II compliance, ensuring efficient audit cycles and continuous control effectiveness
• Lead ISO 27001 audits and other framework expansions
• Establish and mature vendor risk management, third-party risk assessment, and supply chain security programs
• Implement enterprise risk management processes, including risk registers, treatment plans, and executive risk reporting
• Own the information security policy framework, ensuring alignment with regulatory requirements and business needs
• Manage relationships with external auditors, 3PAOs, and assessors across all compliance programs

Customer Trust, Assurance & Market Positioning

• Own the customer security assurance experience, including questionnaire responses, audit coordination, and Trust Center management
• Partner with Sales and Customer Success to support enterprise deals requiring compliance evidence and security reviews
• Build scalable processes to handle increasing volume of security assessments and due diligence requests
• Represent Tines externally at customer meetings, industry events, and with auditors, positioning Tines as a compliance leader

Compliance Automation & Innovation

• Champion the use of Tines' platform to automate compliance workflows, evidence collection, control testing, and reporting
• Build a "compliance-as-code" culture, treating compliance operations as a product with continuous improvement
• Establish metrics and dashboards for real-time compliance posture visibility
• Serve as an internal advocate and external case study for how automation transforms GRC

What You Bring With You

Required

• 12+ years of progressive experience in GRC, information security, or risk management, with at least 5 years in a leadership role
• Proven track record leading FedRAMP authorization efforts from planning through ATO (Authority to Operate)
• Deep expertise in multiple compliance frameworks: SOC 2, ISO 27001, FedRAMP, NIST 800-53
• Experience building and scaling GRC teams and programs in high-growth SaaS or technology companies
• Strong executive presence with ability to influence C-suite and Board-level stakeholders
• Demonstrated success managing complex, multi-workstream compliance programs with competing priorities
• Exceptional communication skills with the ability to translate technical compliance requirements into business value for diverse audiences
• Strategic mindset with hands-on execution capability; comfortable rolling up sleeves while setting long-term vision
• Experience partnering with Sales, Engineering, Product, and Legal teams to operationalize compliance

Preferred

• Industry certifications such as CISSP, CISA, CISM, or CRISC
• Experience achieving FedRAMP authorization for a SaaS platform (bonus for Moderate or High impact levels)
• Background in compliance automation, GRC tooling, or security orchestration
• Experience with privacy regulations and programs (GDPR, CCPA, data governance)
• Knowledge of cloud security architecture and controls (AWS, Azure, GCP)
• Prior experience in a startup or hypergrowth environment (Series B-D stage)
• Familiarity with DevSecOps, infrastructure-as-code, and modern engineering practices
• Experience using or implementing workflow automation platforms
• Active participation in industry groups (CSA, FedRAMP PMO community, etc.)

Target Annual Compensation: $250-265K

Applicants for this opportunity must be authorized to work for any employer in the U.S. We are unable to sponsor or take over sponsorship of an employment Visa at this time.

#LI-SW1