[Remote] Manager, GRC Subject Matter Experts, Product

Remote Full-time
Note: The job is a remote job and is open to candidates in USA. Vanta is a company dedicated to helping businesses earn and prove trust through continuous security monitoring. The Manager of GRC Subject Matter Experts, Product will lead a team responsible for the lifecycle, quality, and integration of Vanta's GRC frameworks and content, ensuring alignment with customer needs and regulatory requirements.ResponsibilitiesHire, mentor, and develop a team of SMEs covering commercial frameworks, government frameworks, test authoring, framework quality uplift, and framework maintenance β€” planning for current and future capacity needs, setting the bar for technical depth and content quality, and preparing high performers for broader scopeBuild a stable, motivated team environment with clear operating rhythms, delegating effectively to grow ownership and capability, and partnering with your leader and People Business Partner to spot and address team health issues earlyConnect the team's roadmap and content priorities to Vanta's broader product and company strategy, anticipating near-term shifts in customer needs, regulatory landscape, and product direction, and adjusting focus to keep the team alignedCreate open feedback loops within the team and adapt how you communicate priorities, decisions, and risks across different audiences β€” from individual contributors to engineering, GTM partners, customers, and executivesLead the team through change with steadiness while holding yourself and them accountable for commitments β€” communicating progress and risks proactively, addressing misses directly, and creating an environment where mistakes are treated as learning opportunities rather than blameOwn and govern Vanta's framework release process end-to-end, partnering with Product and Engineering to define the playbook for how new frameworks, framework updates, automated tests, crosswalks, and content are scoped, built, reviewed, and shippedDrive the program management work that surrounds GRC content β€” including new framework launches, framework updates, update notes, customer escalations, content and test requests, PMM material reviews, and licensing and pricing inputTrack team performance and report KPIs and metrics to security and product leadership, including framework release velocity, content quality, adoption, time-to-evidence, and customer impactBreak down ambiguous and competing priorities β€” across framework launches, framework updates, test authoring, and quality uplift β€” into clear, actionable decisions, balancing customer demand, market opportunity, and engineering capacity, and escalating complex tradeoffs with context and a recommended path forwardLead the quality uplift effort for older commercial frameworks, ensuring Vanta's full library meets a consistent and modern standard for control wording, evidence specificity, and testing methodSet direction for the team's work on crosswalks and mappings across security and privacy frameworks, including canonical control IDs, mapping confidence, and evidence data dictionaries, and partner with Engineering to operationalize them in-productSteer the team's contribution to the broader GRC product surface β€” risk management, issue and corrective action management (POA&M), policy management, access reviews, Trust Center, and third-party risk managementPartner with Product Management and Design to ensure SMEs are effective product advisors across discovery, PRD authoring, UI/UX review, and usability testingChampion AI-assisted compliance on the team β€” coaching SMEs to translate domain knowledge into machine-readable specs, evaluation sets, and guardrails, and partnering with Engineering and ML to ship LLM-powered guidance and automationPartner with Sales, Customer Success, and Product Marketing to represent the framework portfolio externally and contribute to pricing, packaging, and licensing conversations (including frameworks such as HITRUST)Serve as a senior escalation point for customer issues related to framework content, scoping, and interpretationProvide input and feedback on the development of GRC product features that depend on the team's content and expertiseSkills7+ years of GRC and/or Information Security experience, with hands-on implementation or assessment across multiple frameworks (e.g., SOC 2, ISO 27001/27701, HIPAA, PCI DSS, NIST CSF/800-53); experience with cloud environments and SaaS strongly preferred2+ years of experience managing technical or subject matter expert teams, with a passion for developing people and building a culture of quality and accountabilityExperience owning or heavily contributing to programs that span Product, Engineering, and GTM β€” ideally including content lifecycle, framework release, or compliance product workStrong program management instincts: comfortable defining process, driving prioritization, and holding cross-functional partners accountable to release plans and quality barsDeep GRC craft β€” controls, risks, testing approaches, evidence standards, and program operations (policies, risk registers, POA&M, vendor risk, continuous monitoring)Product mindset β€” able to coach the team on translating customer and regulatory needs into productizable capabilities, with comfort using data to prioritizeTechnical and automation fluency (AI-augmented) β€” comfortable using AI pair-programming and LLM tools to accelerate drafting of specs, mappings, and test logic, and able to set safe-use guidelines, evaluation practices, and reusable patterns for the teamAnalytical and detail-oriented β€” skilled at precise control wording, mapping accuracy, and evidence specificity; comfortable working with spreadsheets and large data setsExcellent written and verbal communication; able to partner effectively with engineers, designers, GTM teams, auditors, and customers, and to represent the team's work to executivesSelf-motivated and adaptable in a fast-paced environment, with a track record of leading teams through changeFederal experience (e.g., FedRAMP, CMMC, StateRAMP) a plus but not requiredPrivacy regulation experience (GDPR/CCPA), audit/assessor background experience a plusCertifications preferred but not required β€” one or more of: CISA, CISSP, CCSK/CCSK+, ISO 27001 Lead Implementer/Lead Auditor, CIPM/CIPT, PCI-ISA/QSAOpen to using AI to amplify their skills and strengthen their work - demonstrating curiosity, a willingness to learn, and sound judgment in applying AI responsibly to improve efficiency and impactBenefitsIndustry-competitive salary and equityComprehensive medical, dental, and vision coverage, with 100% of employee-only benefit premiums covered for most medical plans16 weeks paid Parental Leave for all new parentsHealth & wellness stipendRemote workspace, internet, and cellphone stipendCommuter benefits for team members who report to the SF and NYC officeFamily planning benefitsMatching 401(k) contribution with immediate vestingFlexible PTO policy, plus 80 hours of Sick Time11 company-paid holidaysVirtual team building activities, lunch and learns, and other company-wide events!Company OverviewVanta is a trust management platform that automates compliance and risk management. It was founded in 2018, and is headquartered in San Francisco, California, USA, with a workforce of 1001-5000 employees. Its website is https://vanta.com.Company H1B SponsorshipVanta has a track record of offering H1B sponsorships, with 6 in 2026, 23 in 2025, 6 in 2024, 4 in 2023, 10 in 2022, 3 in 2021. Please note that this does not guarantee sponsorship for this specific role.

Apply Now β†’

Similar Jobs

Experienced Registered Behavior Technician for In-Home ABA Therapy - Atlanta, GA

Remote

Immediate Hiring: Experienced Registered Behavioral Technician (RBT) for Clinic-Based ABA Therapy Services

Remote

Experienced Registered Behavioral Technician (RBT) - ABA Therapy for Children with Autism Spectrum Disorder

Remote

Experienced Registered Nurse - Telehealth: Providing Remote Care Coordination and Patient Support

Remote

Experienced Substitute Teacher for Riverside County Schools - Join Scoot Education's Innovative Team

Remote

Experienced Substitute Teacher for San Bernardino County - Flexible Schedules & Competitive Pay

Remote

Experienced School Year Instructional Coach for High-Dosage Tutoring Programs in Edgewater Park, NJ

Remote

Experienced School Year Tutor for K-8 Students in Math and Literacy - Mickleton, NJ

Remote

Experienced Secondary Social Studies Teacher for Kansas - Flexible Hybrid Remote Arrangement

Remote

USPS Office Helper

Remote

Manager, Application Development

Remote

Mitarbeiter im Kundenkontakt (m/w/d), nebenberuflich | selbststΓ€ndig | remote

Remote

Sr. Organizational Development Consultant

Remote

Overnight Residential Aide (12am – 8am) – Sanctuary For Families Inc. – The Bronx, NY

Remote

Direct Medical Program College Counselor (BS/MD & BS/DO Specialist)

Remote

Experienced Part-Time Data Entry Specialist – Remote Work Opportunity for Detail-Oriented Professionals at arenaflex

Remote

Booking Agent - Work From Home

Remote

Purchasing Coordinator-Remote

Remote

Audiologist, Ph.D

Remote

T.J. Maxx Remote Jobs (Night Shift, Full Time) ...

Remote
← Back