Wonderful enables enterprises to build, test, deploy, and monitor AI agents for their most complex needs, serving customers and employees seamlessly across voice, chat, email, and back-office systems in any language or cultural context.
We are looking for a GRC Manager to own security compliance, customer trust, risk management, audit readiness, framework mapping, and control maturity.
This person will manage the operational reality of running multiple frameworks at once while keeping evidence accurate, control owners accountable, and customer-facing security claims defensible.
This is a hands-on GRC leadership role. The right person can work with auditors, customers, Legal, Engineering, IT, Product, and Security, and can translate framework requirements into real operational controls.
Own Wonderful’s multi-framework GRC program and framework roadmap.
Maintain a unified control map across ISO, SOC 2, PCI DSS, GDPR, EU AI Act, and upcoming frameworks so overlapping requirements are handled once.
Manage audit calendars, readiness plans, evidence collection, evidence quality, control testing, and remediation tracking.
Own Vanta hygiene, framework mappings, evidence records, control owners, policy acknowledgements, access reviews, vendor reviews, and training records.
Partner with Legal, Product, Engineering, IT, Security, Sales, and Customer Success on customer security reviews and compliance commitments.
Maintain the risk register, exception process, policy library, and customer-facing security documentation.
Turn audit gaps and customer security findings into durable operational improvements with owners, dates, and evidence.
Support Trust Center accuracy and make sure public security/compliance statements are current and defensible.
Prepare executive-ready reporting on audit status, framework readiness, risks, gaps, and remediation progress.
Strong hands-on GRC experience in SaaS, cloud, enterprise software, or regulated environments.
Direct experience running multiple frameworks at once, including ISO 27001-family frameworks, SOC 2 Type II, and PCI DSS.
Working knowledge of GDPR and AI governance requirements, with EU AI Act knowledge strongly preferred.
Ability to build and maintain a cross-framework control map rather than running each framework as a separate evidence project.
Strong evidence judgment: can tell whether an artifact actually proves the control.
Strong customer/auditor-facing communication and ability to write clearly.
Enough technical depth to work with Engineering, IT, Security, and Infrastructure on real controls, not paper-only compliance.
Strong project management, ownership, and follow-through.
Hands-on Vanta experience. This is a strong plus.
Experience with CSA STAR, C5, ISO 9001, ISO 22301, ISO 27017, ISO 27018, ISO 27799, or ISO 42001.
Experience with AI governance, AI risk management, model/vendor risk, or enterprise AI customer security reviews.
Experience supporting Trust Centers, customer security questionnaires, and enterprise procurement/security reviews.