GRC Manager

About Us

Zenity is the first and only holistic platform built to secure and govern AI Agents from buildtime to runtime. We help organizations defend against security threats, meet compliance requirements, and drive business productivity. Trusted by many of the world’s F500 companies, Zenity provides centralized visibility, vulnerability assessments, and governance by continuously scanning business-led development environments. We recently raised $38 million in a Series B funding, solidifying our position as a leader in the industry and enabling us to accelerate our mission of securing AI Agents everywhere.

As we continue to grow rapidly across the U.S, we’re looking for a driven and hands-on Senior Talent Acquisition Partner to join our HR team and help scale our organization with top talent across both technical and GTM roles.

About the Role

We are looking for a senior, hands-on Governance, Risk, and Compliance (GRC) Manager to lead and mature Zenity’s security governance program.

You will own the strategy, design, and execution of our compliance, risk, and policy frameworks, while building automated, scalable processes that enable continuous compliance across ISO 27001, ISO 27701, SOC 2, and GDPR. This role requires someone who can operate with broad organizational influence, drive cross-functional alignment, and build long-term foundations—while also executing the day-to-day work required to keep Zenity compliant, audit-ready, and secure in a fast-moving environment.

Responsibilities: 

• Lead Zenity’s end-to-end GRC program, from strategy to day-to-day operations.
• Manage continuous compliance for ISO 27001/27701, SOC 2, GDPR, ensuring strong controls and audit readiness.
• Build and automate GRC workflows using tools like Vanta, Drata, Hyperproof, etc.
• Create dashboards, alerts, and reporting for real-time visibility into compliance and risk posture.
• Own and maintain corporate security policies and the full policy lifecycle.
• Oversee enterprise risk management: risk register, scoring, review cadence, and mitigation.
• Lead IT GRC and vulnerability management meetings with clear follow-through and accountability.
• Support vendor security reviews and procurement due diligence.
• Manage GRC intake workflows (risk requests, vendor reviews, compliance tickets).
• Partner with auditors and internal stakeholders to ensure smooth, successful audits.
• Identify control/process gaps and drive remediation with an automation-first mindset.

• 5–8+ years in GRC, security compliance, or risk management, ideally in SaaS.
• Hands-on experience with ISO, SOC 2, GDPR, and audit processes.
• Familiarity with GRC platforms (e.g., Vanta, Drata, Hyperproof).
• Experience in managing small teams for at least one to three years.
• Strong understanding of security controls, risk methodologies, and compliance operations.
• Excellent communication and cross-functional leadership skills.
• Ability to work strategically and hands-on in a fast-paced environment.
• Experience with vendor security reviews and vulnerability/risk management programs.
• Experience briefing the executive board on the risk management program and goals