Explore careers with our portfolio companies

GRC Expert



United States · Remote
Posted on Thursday, June 27, 2024

About RiskOptics!

At RiskOptics, we aim to make risk management more strategic, pulling it up from tactical “check-the-box” work to something more valuable to both the company and the security team. There’s an opportunity for security executives to go beyond just protecting their company and secure their role as a more valuable, strategic member of the team. We can help by giving them the business context they need to report risk to their board in a way that is easy to understand and act upon.

If you enjoy problem-solving and building scalable processes, and are looking for an opportunity to have an immediate impact on ARR, RiskOptics could be the right place for you. We'd love to meet you!

Our Commitment to Pay Transparency

At RiskOptics, we are committed to transparent & equitable compensation practices across our entire organization. This is a critical component of our hiring process and as such, compensation for this role will be discussed during your first interview to ensure a fair interviewing experience and effective use of your time. No questions related to compensation are off-limits as we believe complete transparency leads to an enjoyable hiring experience for all involved.

Job Description

Are you an expert in compliance, risk management, InfoSec, or auditing and have you wanted to shape the future of GRC? Now’s your chance! We are looking for a GRC Expert to join our team at ZenGRC. Our GRC Experts are a thoughtful and professional presence on customer-facing calls, and they give customers strategic and tactical guidance to achieve desired outcomes through ZenGRC. Behind the scenes, GRC Experts collaborate with internal ZenGRC teams by providing insightful product ideas and feedback and creating strategic and engaging content. Our GRC Experts know “how to GRC” and enjoy helping customers and other ZenGCR teams to do the same.

What you will get to do:

  • Advise customers on GRC strategies and best practices to help them with the best program design and rollout to meet their business goals.
  • Advise customers on ZenGRC implementation and improvement strategies to achieve business goals.
  • Identify and develop new opportunities for expansion across a customer’s business to support subscription growth.
  • Assist internal ZenGRC teams including Customer Success, Product, Sales, etc. as requested with thought leadership, prescriptive guidance, product demonstrations, product reviews, and product feature development.
  • Create and maintain ZenGRC best practices, example data sets, and other written collateral and content.
  • Collaborate with the GRC Expert team to identify potential frameworks to support and create/maintain related ZenGRC content.
  • Provide product feedback, improvement ideas, and review of proposed features and product offerings.
  • Scope and deliver paid services engagements as assigned.
  • Evaluate and measure impact of use of ZenGRC and related GRC processes on customer’s business.

What we're looking for:

  • 10+ years experience in GRC-related fields including but not limited to information security, compliance, risk management, third-party risk management, auditing and assurance, and data privacy.
  • Passion for delivering customer delight with the demonstrated ability to drive execution.
  • Experience building/supporting customer relationships at the executive/CISO level.
  • Cross-functional experience working across teams like customer success, sales, product, and marketing.
  • Experience consulting, training, and leading new initiatives in a collaborative or cross-functional environment.
  • Ability to build effective project plans and manage against milestones with customers.
  • Demonstrated experience building programs, processes, and tools.
  • Effective written and verbal communication, including presentation development.


  • Significant experience with our solution ZenGRC.
  • Experience with software implementation.
  • Experience implementing, managing, or enabling customers with compliance frameworks such as SOC2, PCI, SOX, GDPR, CCPA ISO 27001/2, FedRAMP, NIST 800-53, etc.
  • Experience implementing, managing, or enabling customers with Enterprise Risk Management, Cybersecurity Risk, or Third-Party Risk Management.
  • Experience working with GRC Software as a Service such as MetricStream, LogicGate, Galvanize, OneTrust, Auditboard etc.


The job looks interesting but you don't know if you meet all of the qualifications on paper?

Apply anyway! We're aware that many people only apply for a job when they've met every requirement listed in a job description. At RiskOptics, we hire the PERSON, not the resume. We value diversity, in experiences and backgrounds, and are committed to providing equal opportunity for all applicants and employees. While there are certain requirements that exist for all open positions, we want to get to know YOU above all else when making our hiring decisions. Go for it.

Benefits (US-Based Employees)

  • We are committed to the health and safety of our people. Our people are mostly working remote, collaborating online and connecting over video, as they continue to deliver high-quality technology solutions
  • Competitive salary and equity (we want everyone to be a stakeholder)
  • Full benefits (medical, dental, vision, 3% 401k match, wellness offerings, etc.)
  • Unlimited PTO, paid sick days, 11 holidays
  • Collaborating with smart coworkers that put customers first

Equal Employment Opportunity Statement

We value a diverse environment. RiskOptics provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, citizenship or immigration status, disability status, genetics, protected veteran, sexual orientation, gender identity or expression, or any characteristic protected by federal, state or local laws.

Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.

The statements herein are intended to describe the general nature and level of work being performed by employees assigned to this classification. They are not intended to be construed as an exhaustive list of all responsibilities, duties, and skills required for personnel so classified.

RiskOptics will comply with all local data protection laws, including GDPR when it comes to the handling and processing of personal data. All resumes submitted to RiskOptics will be retained for 6 months (12 months with your consent) after submission for recruitment purposes. Should you wish for us to remove your personal data from our recruitment database, please email us directly at talent@riskoptics.com.