What you'd actually do

Design and implement governance frameworks, including reporting, policy governance, and control oversight

Develop and operate a comprehensive Enterprise Risk Management (ERM) program

Own audit and certification programs including SOC 2, ISO 27001, HIPAA, and other relevant standards

Support sales and customer success teams with compliance documentation and security inquiries

Complete and manage responses to customer security questionnaires and assessments (VSAs, SIGs, custom questionnaires)

Skills

Required

4+ years of experience in governance, risk management, and/or compliance roles, preferably in SaaS or technology companies
Demonstrated experience building or significantly maturing a GRC program from the ground up
Track record of successfully leading certification audits (SOC 2, ISO 27001, HIPAA, or similar)
Experience implementing risk management frameworks (COSO, ISO 31000, NIST RMF, or similar)
Strong knowledge of data privacy regulations and their practical application (GDPR, CCPA, etc.)
Experience developing and maintaining information security and privacy policies, procedures, and control frameworks
Strong business acumen with ability to translate risk and compliance requirements into business value
Excellent communication skills with ability to influence stakeholders at all levels, including leadership
Proven ability to manage multiple priorities and stakeholders in a fast-paced, high-growth environment
Collaborative mindset and commitment to enabling business success while managing risk

Nice to have

Experience with GRC platforms (ServiceNow GRC, Archer, LogicGate, or similar)
Hands-on experience with cloud environments (GCP, AWS, Azure) from a compliance and security perspective
Experience with labor & employment compliance or cross-functional collaboration with HR on regulatory matters
Familiarity with multi-state or international employment regulations
Experience with continuous compliance automation tools (Vanta, Drata, Secureframe, Tugboat, or similar)
Professional certifications such as CRISC, CISA, CISM, CGEIT, CISSP, or CIPP
Experience in high-growth SaaS or technology companies
Background in both technical and operational risk management
Experience working in organizations with distributed or remote teams
Familiarity with security frameworks such as NIST CSF, CIS Controls, or OWASP

What the JD emphasized

building or significantly maturing a GRC program from the ground up

successfully leading certification audits (SOC 2, ISO 27001, HIPAA, or similar)

implementing risk management frameworks (COSO, ISO 31000, NIST RMF, or similar)

Strong knowledge of data privacy regulations and their practical application (GDPR, CCPA, etc.)

Experience developing and maintaining information security and privacy policies, procedures, and control frameworks

Governance, Risk & Compliance (GRC) Manager

Sigma is seeking an experienced GRC Manager to lead and scale our governance, risk, and compliance programs. This role is based in our San Francisco office or upcoming New York office and reports to the General Counsel. You'll have the opportunity to build a strategic, enterprise-wide GRC function that enables business growth while managing organizational risk.

As our GRC Manager, you'll partner with Legal, Engineering, Product, Sales, Operations, and leadership to develop a comprehensive GRC framework that protects Sigma's interests, supports our strategic objectives, and builds stakeholder trust. You'll mature our governance structures, implement scalable risk management processes, and ensure compliance with applicable regulatory requirements—all while enabling the business to move quickly and confidently.

What You'll Do

Governance

Design and implement governance frameworks, including reporting, policy governance, and control oversight
Establish and maintain enterprise policies, standards, and procedures across technology, security, privacy, and operational functions
Build and lead a governance committee structure that provides appropriate oversight and decision-making
Create governance dashboards and metrics to provide visibility into program maturity and effectiveness
Partner with leadership to align governance activities with business strategy and risk appetite

Risk Management

Develop and operate a comprehensive Enterprise Risk Management (ERM) program
Conduct regular enterprise-wide risk assessments and maintain a dynamic risk register
Build and maintain business continuity and disaster recovery programs, including regular testing and tabletop exercises
Implement third-party risk management processes, including vendor risk assessments, contract reviews, and ongoing monitoring
Create risk treatment plans and track remediation activities across the organization
Facilitate risk-informed decision-making at all levels of the organization
Coordinate with functional leaders to ensure risks across all business areas are identified and managed appropriately

Compliance

Own audit and certification programs including SOC 2, ISO 27001, HIPAA, and other relevant standards
Develop and maintain compliance monitoring programs to track regulatory changes and work with the legal team to assess impact
Partner with HR and Legal to support labor & employment compliance programs, including workplace safety, anti-discrimination, wage and hour requirements, and multi-jurisdictional employment regulations
Monitor and ensure adherence to industry-specific regulatory requirements relevant to Sigma's business operations
Manage security awareness training programs enterprise-wide
Conduct internal audits and assessments to validate control effectiveness
Coordinate external audits and assessments with third-party auditors

Business Enablement

Support sales and customer success teams with compliance documentation and security inquiries
Develop customer-facing materials that articulate Sigma's risk management and compliance posture
Complete and manage responses to customer security questionnaires and assessments (VSAs, SIGs, custom questionnaires)
Enable efficient deal cycles by maintaining ready-to-use compliance artifacts, trust center content, and documentation
Partner with Sales Engineering and Solutions teams to address prospect security and compliance requirements

What You Bring

Required

4+ years of experience in governance, risk management, and/or compliance roles, preferably in SaaS or technology companies
Demonstrated experience building or significantly maturing a GRC program from the ground up
Track record of successfully leading certification audits (SOC 2, ISO 27001, HIPAA, or similar)
Experience implementing risk management frameworks (COSO, ISO 31000, NIST RMF, or similar)
Strong knowledge of data privacy regulations and their practical application (GDPR, CCPA, etc.)
Experience developing and maintaining information security and privacy policies, procedures, and control frameworks
Strong business acumen with ability to translate risk and compliance requirements into business value
Excellent communication skills with ability to influence stakeholders at all levels, including leadership
Proven ability to manage multiple priorities and stakeholders in a fast-paced, high-growth environment
Collaborative mindset and commitment to enabling business success while managing risk

Preferred

Experience with GRC platforms (ServiceNow GRC, Archer, LogicGate, or similar)
Hands-on experience with cloud environments (GCP, AWS, Azure) from a compliance and security perspective
Experience with labor & employment compliance or cross-functional collaboration with HR on regulatory matters
Familiarity with multi-state or international employment regulations
Experience with continuous compliance automation tools (Vanta, Drata, Secureframe, Tugboat, or similar)
Professional certifications such as CRISC, CISA, CISM, CGEIT, CISSP, or CIPP
Experience in high-growth SaaS or technology companies
Background in both technical and operational risk management
Experience working in organizations with distributed or remote teams
Familiarity with security frameworks such as NIST CSF, CIS Controls, or OWASP

Why Join Sigma

This is an opportunity to build a world-class GRC program that doesn't just check boxes but genuinely enables the business to pursue opportunities with confidence. You'll work across the entire organization, have direct access to the General Counsel, and make a tangible impact on how Sigma manages risk and creates value for customers.

Additional Job details

The base salary range for this position is $190k - $215k annually.

Compensation may vary outside of this range depending on a number of factors, including a candidate’s qualifications, skills, competencies and experience. Base pay is one part of the Total Package that is provided to compensate and recognize employees for their work at Sigma Computing. This role is eligible for stock options, as well as a comprehensive benefits package.

About us:

Sigma is the AI apps and analytics platform connected to the cloud data warehouse. Using Sigma, business and technical teams can build intelligent, production-ready AI apps that accelerate and automate operational workflows. Sigma provides a spreadsheet interface, SQL and Python editors, visual builders, and native AI to help teams turn live data into interactive applications, analysis, reports, and embedded experiences.

Sigma announced its $200M in Series D financing in May 2024, to continue transforming BI through its innovations in AI infrastructure, data application development, enterprise-wide collaboration, and business user adoption. Spark Capital and Avenir Growth Capital co-led the Series D funding round, with additional participation from a group of past investors including Snowflake Ventures and Sutter Hill Ventures.The Series D funding, raised at a valuation 60% higher than the company’s Series C round three years ago, promises to further accelerate Sigma’s growth.

Come join us!

Benefits For Our Full-Time Employees:

Equity
Generous health benefits
Flexible time off policy. Take the time off you need!
Paid bonding time for all new parents
Traditional and Roth 401k
Commuter and FSA benefits
Lunch Program
Dog friendly office

Sigma Computing is an equal opportunity employer. We are committed to building a smart and strong team regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender, gender identity or expression, or veteran status. We look forward to learning how your experience can enable all of us to grow_._

Note: We have an in-office work environment in all our offices in SF, NYC, and London.

**Our Privacy Practices **

When you submit a job application on this site, Sigma processes your personal data for the purposes of evaluating your candidacy for employment at Sigma and as otherwise needed throughout the recruitment and hiring process. Please review Sigma’s Candidate Privacy Notice for more details. Please note that your personal data may be transferred to a country other than the one in which it was provided (including to USA, the UK, and Canada).

**Sigma’s use of AI **

This hiring process utilizes artificial intelligence tools to assist in candidate screening and assessment. Our AI tools are designed to complement, not replace, human decision-making.