Sr. Governance, Risk, and Compliance Lead

Upwork ($UPWK) is the world’s largest work marketplace, connecting businesses with highly skilled professionals worldwide. From entrepreneurs to Fortune 100 enterprises, companies trust Upwork’s platform to access expert talent, leverage AI-powered work solutions, and drive meaningful business outcomes.

Upwork’s AI-powered platform has facilitated over $20 billion in economic opportunity for professionals worldwide. With professionals spanning 10,000+ skills, including AI and machine learning, software development, sales and marketing, customer support, finance and accounting, and more, Upwork empowers businesses of all sizes to scale, innovate, and build agile teams.

We are looking for a Sr. Lead, GRC (Governance, Risk, and Compliance) to strengthen Upwork’s Information Security program by leading audit readiness and compliance operations across global frameworks and vendor requirements. This is an exciting opportunity to influence security strategy and work cross-functionally to ensure that Upwork meets the highest standards in data security and privacy. Join us in safeguarding our platform and enabling trust at scale for millions of users around the world.

As part of the Information Security team, you'll guide audit processes for ISO 27001, SOC 2 Type 2, and Microsoft SSPA, ensure that our ISMS and internal controls are up to date, and provide strategic insights into risk and compliance operations. Your work will support core business functions and help advance our enterprise-grade security posture.

Responsibilities

• Lead and manage internal and external audits for ISO 27001 and SOC 2 Type 2, including evidence collection, readiness assessments, and remediation tracking

• Own Upwork’s compliance with Microsoft Supplier Security and Privacy Assurance (SSPA), including completing the annual DPR and attestation

• Maintain and evolve the Information Security Management System (ISMS) and associated documentation to reflect Upwork’s growing business and risk landscape

• Collaborate with Engineering, IT, Legal, and Privacy teams to implement controls and address identified gaps efficiently and effectively

• Monitor and report on the enterprise risk register, audit findings, and key compliance metrics to drive transparency and accountability

• Act as the primary point of contact for auditors, assessors, and external stakeholders during audits and customer due diligence activities

• Track and interpret changes in regulatory and compliance frameworks to guide proactive adaptation and policy updates

What it takes to catch our eye

• 5+ years of experience in GRC, Information Security, or Compliance, ideally in a technology or cloud-first environment

• Proven expertise with ISO 27001, SOC 2, and third-party compliance programs like Microsoft SSPA

• Demonstrated success managing end-to-end audit processes and cross-functional compliance initiatives

• Strong project management, communication, and analytical skills with a track record of influencing cross-functional stakeholders

• Relevant certifications such as CISA, CRISC, or ISO 27001 Lead Auditor/Implementer are a plus

Come change how the world works.

At Upwork, you’ll shape the future of work for a global, remote-first workforce, creating economic opportunities for professionals worldwide. While we have a physical office in Palo Alto, we currently hire full-time employees in 21 U.S. states, making it easier than ever to join our mission from wherever you call home.

Our culture is built on trust, risk-taking, customer focus, and excellence, all in service of our core mission: to create economic opportunities so people have better lives. We embrace authenticity and inclusion, encouraging everyone to bring their whole selves to work. Personal and professional growth is a priority here, supported through development programs, mentorship, and our Upwork Belonging Communities.

We’re proud to offer benefits that go beyond the basics, including comprehensive medical coverage for you and your family, unlimited PTO, a 401(k) plan with matching, 12 weeks of paid parental leave, and an Employee Stock Purchase Plan. Visit our Life at Upwork page to learn more about our values, working principles, and the overall employee experience.

Ready to help shape the future of work? Check out our Careers page and follow us on LinkedIn, Facebook, Instagram, TikTok, and X. to learn more about life at Upwork.

Upwork is an Equal Opportunity Employer committed to recruiting and retaining a diverse and inclusive workforce. We do not discriminate based on race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, genetic information, or other legally protected characteristics under federal, state, or local law.

Please note that a criminal background check may be required once a conditional job offer is made. Qualified applicants with arrest or conviction records will be considered in accordance with applicable law, including the California Fair Chance Act and local Fair Chance ordinances.

To learn more about how Upwork processes and protects your personal information as part of the application process, please review our Global Job Applicant Privacy Notice