Senior Governance, Risk, and Compliance (GRC) Manager

At Podium, our mission is to arm every local business with a complete platform and outcome-driven AI employees that convert leads into real, paying customers. Every day, millions of workers use our AI lead conversion and communication platform to help them get more leads and make more money.

Our work and focus on helping local businesses thrive has been recognized across the industry, including Forbes’ Next Billion Dollar Startups, Forbes’ Cloud 100, the Inc. 5000, and Fast Company’s World’s Most Innovative Companies.

At Podium, we believe in fostering a culture that thrives on hiring and developing exceptional talent. Our operating principles serve as a compass, guiding daily behavior and decision-making, and ensure we hire people who will thrive at Podium. If you resonate with our operating principles and are energized by our mission, Podium will be a great place for you!

About the Role

We are seeking a Senior GRC Manager to build and lead our governance, risk, and compliance programs during a critical growth phase. This leader will drive proactive, repeatable, and scalable compliance and risk processes across the organization, ensuring we meet customer, regulatory, and board expectations.

You will be responsible for defining the GRC strategy, leading audits and certifications (SOC 2 Type 2, ISO 27001, etc.), overseeing vendor risk, maturing our enterprise risk management function, and ensuring our security and compliance programs are sustainable, automated, and aligned with business objectives.

This is a high-visibility leadership role that will partner across Security, Legal, IT, Product/Engineering, and Finance, and will regularly engage with executives, auditors, and enterprise customers.

Responsibilities

• Build and lead the GRC function - establish team structure, processes, and tools to scale compliance and governance programs.
• Certifications & Audits - own SOC 2 Type 2, ISO 27001, and other certifications/regulatory assessments; serve as primary liaison with auditors.
• Enterprise Risk Management - establish and maintain the enterprise risk register, risk assessment process, and reporting to executive leadership and the board.
• Customer Trust - oversee customer security engagements (RFPs, DDQs, customer audits); build repeatable processes and knowledge base.
• Vendor Risk Management - design and run the program for onboarding, monitoring, and offboarding third-party vendors and SaaS platforms.
• Policy & Control Frameworks - maintain the information security policy set; map to compliance frameworks and ensure effective implementation across the org.
• Metrics & Reporting - establish compliance and risk KPIs/metrics; provide regular reporting to executives.
• Program & Project Management - ensure initiatives are planned, tracked, and delivered; reduce reliance on manual, one-off processes.
• Cross-functional Leadership - partner with Product Security, SecOps, Legal, and IT to embed compliance and risk practices into daily workflows.

Qualifications

• 10+ years of experience in Governance, Risk, and Compliance, with at least 5 years in a leadership role.
• Proven track record of building and scaling GRC programs in a mid-to-late stage SaaS company.
• Deep understanding of SOC 2, ISO 27001, HIPAA, and other compliance frameworks (PCI, SOX, a plus).
• Strong grasp of enterprise risk management methodologies and reporting.
• Experience leading audits and external assessments with regulators, customers, and auditors.
• Excellent cross-functional collaboration skills; proven ability to influence without direct authority.
• Strong project management and organizational skills; ability to drive multiple initiatives simultaneously.
• Excellent written and verbal communication skills; comfortable presenting to executives, auditors, and customers.