Startup Jobs
Post a Job
Swimlane

GRC Lead

full-time Remote

AI overview

This role leads the security compliance program and manages audits and regulatory obligations, partnering with multiple departments to drive compliance maturity and risk management.

We are seeking a mid- to senior-level Governance, Risk & Compliance (GRC) professional to own and evolve our security compliance program. This role is responsible for managing our security-related RFP and questionnaire processes and leading the preparation and execution of all audits tied to our compliance certifications (including SOC 2 Type II, ISO27001, and others).
This is a high-impact role that partners closely with Security, Engineering, Legal, Sales, and Customer Success to ensure we consistently meet our customers’ expectations and our regulatory obligations.
Responsibilities:
Compliance Management

  • Lead external audit engagements for SOC 2 Type II, ISO 27001, ISO 27701, ISO 42001, and CSA STAR.
  • Own the relationship with external auditors and certification bodies.
  • Develop and drive Swimlane’s compliance maturity roadmap, including future programs such as FedRAMP, CMMC, the EU AI Act, IRAP, and additional emerging frameworks.
  • Monitor evolving regulations, industry standards, and global compliance requirements impacting security, privacy, and AI governance.


Governance & Policy Management

  • Develop, maintain, and continuously improve policies, procedures, and plans within Swimlane’s integrated management system (security, privacy, and AI governance).
  • Coordinate annual policy and documentation reviews in alignment with audit schedules and certification timelines.
  • Assign and reinforce control ownership across business units, ensuring accountability and operational alignment.
  • Provide guidance to teams to ensure organizational processes and business objectives remain compliant with policies and regulatory expectations.
  • Define and track key GRC metrics (KPIs/KRIs), such as policy exceptions, risk register health, audit status, and control performance.


Risk Management

  • Oversee the annual risk assessment and risk treatment planning aligned to ISO 27001, ISO 27701, and ISO 42001 requirements.
  • Conduct targeted risk assessments and gap analyses to support strategic initiatives and emerging risks.
  • Drive continuous improvement of enterprise risk processes and alignment of risk
    ownership across all departments.
  • Collaborate closely with Engineering and Product teams to embed risk management
    into roadmaps and development processes.


Internal Audit Program

  • Lead full lifecycle internal audit engagements (planning, execution, reporting, and remediation).
    Manage internal audits required for certification under ISO 27001, ISO 27701, and ISO 42001.
  • Implement and configure automation solutions for continuous control monitoring in partnership with GRC engineering resources.


Third-Party Risk Management

  • Conduct risk assessments and due diligence for all new vendors and technology partners.
  • Maintain a complete and up-to-date third-party inventory and oversee ongoing monitoring activities.
  • Ensure third-party risk practices align with Swimlane’s broader compliance obligations.


Trust & Customer Assurance

  • Own and maintain the company’s external Trust Center, ensuring accurate and up- to-date documentation.
  • Lead the completion of customer security questionnaires, RFPs, and all due diligence processes.
  • Curate, organize, and maintain a repository of GRC documentation for external stakeholders (prospects, customers, partners, auditors).
    Serve as the primary SME for GRC topics, requiring strong familiarity with security architecture, engineering controls, and AI-related governance.


Business Continuity & Disaster Recovery

  • Facilitate annual updates to the Business Continuity (BC) and Disaster Recovery (DR) plans.
  • Coordinate BC/DR tabletop exercises and ensure alignment to audit and certification requirements.
  • Support validation of cloud service availability, backup restoration, resiliency processes, and incident response playbooks.


Security Awareness & Training

  • Deliver and track company-wide security awareness training.
  • Develop role-specific training programs, including secure development, data protection, and acceptable use of AI technologies, aligned with compliance mandates.


Minimum Qualifications:

  • 10+ years of experience in GRC, security compliance, risk management, or a related discipline.
  • Hands-on experience managing SOC 2, ISO 27001, or similar security frameworks and audits.
  • Strong understanding of security controls, compliance requirements, and industry best practices.
  • Experience managing security questionnaires, RFP/RFI responses, or customer security due diligence processes.
  • Excellent project management and organizational skills; ability to prioritize and manage multiple concurrent requests.
  • Strong communication skills and comfort working with both internal stakeholders and external auditors.
  • Familiarity with compliance or RFP tools is a plus.


Location: This role is based in India, and candidates must be current residents of India before applying to be considered.


Who we are, and what we offer:
Swimlane is a rapidly growing, innovative startup that provides cloud-scale, low-code security automation for organizations of all industries and sizes. Our technology is relied upon by major security-forward companies around the globe, and we are consistently rated as the #1 trusted low-code security automation platform. Our mission is to prevent breaches and enable continuous compliance via a low-code security automation platform that serves as the system of record for the entire security organization.


The Perks of Being a Swimlaner:

  • Competitive Benefits & Compensation
  • Stock Options
  • Training & Professional Development Opportunities
  • MacBook Pro
  • Great Company Culture
  • We value collaboration and innovation
  • Give-back Volunteering Opportunities


Here at Swimlane, our core focus is to Automate the World of Security and we strive to represent our five core values in everything we do:

  • Punch above your weight class - We make the most of our circumstances and constantly surprise and impress with our ability to deliver.
  • Be a happy innovator - The hard problems are the fun problems to solve, we’re excited to take on difficult challenges and find creative solutions.
  • Always be leveling up - We are continuously improving, embracing change, and consuming information to better ourselves and each other.
  • Move at the speed of WOW - We work with an extreme sense of urgency, but we never compromise quality.
  • Have honesty and integrity in ‘all the things’ - We make decisions with the best of intentions, doing what is right for as many stakeholders as possible.

To complete your application, please submit your resume to swimlane.com/careers

Perks & Benefits Extracted with AI

  • Training and professional development: Training & Professional Development Opportunities
  • Volunteering opportunities: Give-back Volunteering Opportunities
  • Stock Options: Stock Options
Swimlane
View all jobs
Report this job
Apply for this job