We’re a startup with big ambitions: to make estate planning modern, visual, and intelligent. Vanilla is the first AI-powered estate advisory platform, built by advisors, planners, and attorneys to transform how wealth is transferred across generations. Our technology unifies scenario modeling, client visualization, and document creation into one seamless, digital experience.
Our team brings together diverse subject matter expertise across estate planning, wealth management, and scaling SaaS startups. We’re distributed across the U.S., with a mix of fully remote and hybrid roles, and we embrace flexibility while staying closely connected. At Vanilla, you’ll join curious builders and problem-solvers who thrive on speed, autonomy, and impact. Here, you won’t just join a company, you’ll help create it. If you’re excited to tackle hard problems, move quickly, and see your work shape both an industry and a growing startup, we’d love to meet you.
This role is a remote position, you must be based out of one of the following states: Arizona, California, Colorado, Connecticut, Florida, Georgia, Idaho, Illinois, Kentucky, Maine, Massachusetts, Minnesota, New Jersey, New York, Ohio, Pennsylvania, Texas, Utah, or Washington
We're looking for a Security GRC Program Manager to own our customer trust, security compliance, and assurance programs. As our first hire in this role, you'll build the operational backbone that lets us ship reliably while maintaining the trust of customers who depend on us with their most sensitive financial and estate planning data.
You’ll own our customer trust program, assist with coordination of our SOC 2 program and audits, coordinate customer security diligence responses, and enable our enterprise sales motion through customer-facing security conversations and documentation. You’ll run point on customer DDQ and RFP responses, establishing scalable processes that enable fast, accurate, and consistent turnarounds.
This means spending your time running SOC 2 audit cycles, building and scaling trust and compliance processes, responding to customer security questionnaires, and translating between engineering teams, auditors, customers, and leadership. You’ll work closely with the CTO, Chief Legal Officer, Security Engineer, and Revenue teams to make compliance and customer trust strategic advantages rather than overhead.
This role is ideal for someone who thrives at the intersection of technical program management and security compliance, enjoys building foundational programs, and wants high-impact visibility at a Series B company where customer trust is a competitive differentiator.
Lead customer due diligence questionnaire (DDQ) and RFP response process and third-party risk management process; track and manage high volume of DDQ and RFP requests. Coordinate and collaborate with internal teams to meet tight deadlines. Handle a high volume of requests and interactions in a fast-paced environment
Support enterprise sales with technical customer security discussions
Lead SOC 2 Type II audit preparation, evidence collection, and remediation
Conduct third party vendor security assessments, collaborate on third party risk management processes
Implement and manage third party tool and new processes to create efficiencies
Develop the security narrative and conduct security reviews for new product functionality to enable GTM
Review and negotiate security and compliance language in customer contracts in collaboration with Legal team
Build and manage Trust Center integrations and public-facing security documentation in collaboration with Legal team
Build customer-facing compliance artifacts (security whitepapers, certifications)
Minimum of 5 years in a technical and/or security role with customer facing experience
Minimum of 3 years experience in program management, customer trust, or DDQ/RFP management within the tech industry with highly regulated customers
Proven track record in driving security processes and operational plans
Requires strong attention to detail, organizational skills, good judgement, and the ability to prioritize tasks, manage timelines, and meet tight deadlines
Strong contract review and negotiation skills related to security and compliance
Knowledge of security risks, vulnerabilities, and threat management
Background in supporting customer audits and engagements
Experience in fintech, healthtech, or regulated industries
Prior experience at Series B-D companies scaling security compliance programs
Demonstrable experience implementing tools to drive and streamline DDQ processes
The salary range for this role is $135,000 to $150,000. Our compensation packages also include a performance based bonus and equity. Compensation is based on a number of factors and may vary depending on job-related knowledge, skills, and experience.
Flexible paid time off policy and 10 company-wide paid holidays
Parental leave, 4 weeks for all full-time employees and up to 12 weeks for birthing parents
Medical, dental, and vision benefits coverage for employees and their families
401K eligibility after one month of employment
Free estate planning documents
Budget for learning & development and home office setup
Paid parking or transit for hybrid and in office employees
Vanilla Technologies Inc. (dba "Vanilla") provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.
Vanilla participates in E-Verify and will provide the federal government with your Form I-9 information to confirm that you are authorized to work in the U.S.
Please mention you found this job on AI Jobs. It helps us get more startups to hire on our site. Thanks and good luck!
Understand the required skills and qualifications, anticipate the questions you may be asked, and study well-prepared answers using our sample responses.
Program Manager Q&A's