GRC Lead

Grammarly team members who will be collaborating at our San Francisco hub must be based in the United States.

The opportunity 

Grammarly empowers people to thrive and connect, whenever and wherever they communicate. Every day, 30 million people and 30,000 teams around the world use our AI-powered writing assistant. All of this begins with our team collaborating in a values-driven and learning-oriented environment. 

To achieve our ambitious goals, we’re looking for a Security Compliance Lead to join our Governance, Risk, and Compliance team. This role will scale and lead the Security Compliance function at Grammarly. The Security Compliance Lead will help further scale our security compliance program, affirming and increasing trust in our security posture among our existing and prospective customers. This individual will work closely with a wide variety of global teams at Grammarly, including Engineering, Security, IT, Customer Support, Marketing, and Legal. 

Grammarly’s engineers and researchers have the freedom to innovate and uncover breakthroughs—and, in turn, influence our product roadmap. The complexity of our technical challenges is growing rapidly as we scale our interfaces, algorithms, and infrastructure. Read more about our stack or hear from our team on our technical blog.

Your impact

As Security Compliance Lead, you will head the execution of our enterprise roadmap by developing our security compliance program, which will further expand our market coverage in the enterprise sector. 

In this role, you will:

• Define the strategy that addresses the demands of our existing and future customers.
• Build a team of professionals to support this strategy.
• Maintain and further develop Grammarly’s security control framework in line with our values and culture.
• Enable various teams at Grammarly to be efficient control owners by ensuring the controls address the risks while not imposing additional burdens and bureaucracy. 
• Build a scalable cybersecurity risk assessment framework.
• Maintain relationships with independent auditors.
• Lead internal security audits.
• Document and communicate our security practices to provide transparency to customers, prospects, and other stakeholders.
• Further drive compliance efforts to enable us to enter increasingly regulated markets.

Within the first thirty days, you will establish meaningful relationships with your team and peers across the organization, get up to speed on all systems and technologies, and start to make an immediate impact on the compliance program.

By month three, you will own the global strategy for security compliance and take over direct leadership of the function. You will own the strategy and partner directly with the functional leads to understand their challenges and learn the demand. You will start growing the GRC team, which currently consists of one team member. 

By month six and beyond, you will set a long-term strategy for the global compliance program addressing Grammarly’s business objectives. You will design and grow the control framework and the supporting team to meet the needs of Grammarly’s ambitious growth targets. 

We’re looking for someone who

• Embodies our EAGER values—is ethical, adaptable, gritty, empathetic, and remarkable.
• Has exposure to the SaaS world and related global compliances with 5+ years of relevant experience.
• Has 2 years of experience managing people and knows how to attract top talents either from the market or their own network.
• Has hands-on experience with auditing security frameworks such as SOC 2, ISO 270XX, SOX.
• Built a compliance program in a highly dynamic environment that is based on Agile principles.
• Knows how to measure risk appetite and implement adequate compensating controls to support business objectives rather than impose excessive bureaucracy.
• Is keen on automation and is constantly looking for ways to minimize manual operations.
• Is strong at complex program management.

Bonus points for

• BA or BS in a technical field or equivalent experience
• Any of the following certifications: CISA, CISSP, CISM, or CCSP
• Experience with business continuity programs and disaster recovery plan implementation

Support for you, professionally and personally

• Professional growth: We hire people we trust, and we give team members autonomy to do their best work. We also support professional development with training, coaching, and regular feedback.
• A connected team: Grammarly builds a product that helps people connect, and we apply this mindset to our own team. We have a highly collaborative culture supported by our EAGER values. We also take time to celebrate our colleagues and accomplishments with global, local, and team-specific events and programs.
• Comprehensive benefits: Grammarly offers all team members competitive pay along with a benefits package that includes superior health care. We also offer support to set up a home office, ample and defined time off, gym and recreation stipends, admission discounts, and more.

We encourage you to apply

At Grammarly, we value our differences, and we encourage all—especially those whose identities are traditionally underrepresented in tech organizations—to apply. We do not discriminate on the basis of race, religion, color, gender expression or identity, sexual orientation, national origin, citizenship, age, marital status, veteran status, disability status, or any other characteristic protected by law. Grammarly will consider qualified applicants with criminal histories in a manner consistent with the San Francisco Fair Chance Ordinance. Grammarly is an equal opportunity employer and participant in the U.S. Federal E-Verify program.