Governance, Risk, and Compliance Lead

Summary

Join Zowie, a company revolutionizing business-customer interactions through AI Agents, as their Governance, Risk, and Compliance (GRC) Lead. This foundational role involves building, implementing, and managing Zowie's GRC program, ensuring regulatory compliance, effective risk management, and customer trust. You will be the central point of contact for all GRC activities, collaborating across teams to embed best practices. The role offers the opportunity to build a GRC function from the ground up in a rapidly growing AI company, directly impacting scalability and client acquisition. You will work in a collaborative and innovative environment at the forefront of enterprise AI applications. This position requires a builder mentality, strong ownership, exceptional prioritization skills, and strong communication and collaboration abilities.

Responsibilities

• Governance, Risk and Compliance Program Development & Implementation: Take ownership of Zowie’s existing GRC program, including its strategy, framework, policies, standards, and procedures, and drive its continuous improvement and adaptation to our B2B SaaS environment
• Compliance Management: Lead and manage compliance efforts for key industry frameworks and regulations, including but not limited to: SOC 2 Type 2, GDPR, HIPAA, DORA (Digital Operational Resilience Act)
• Audit Oversight: Plan, coordinate, and oversee internal and external audits (e.g., SOC 2). Act as the primary point of contact for external auditors. Manage the collection of audit evidence and coordinate remediation efforts for any identified findings
• Coordination of security questionnaires and due diligence requests: Develop and manage a streamlined process for responding to customer and prospect security questionnaires and due diligence requests. Maintain a knowledge base of security and compliance information to support the sales process
• Risk Management: Maintain Zowie’s risk register. Work with stakeholders to identify, assess, treat, and monitor risks across the organization. Report on risk posture to leadership
• Incident Management and Business Continuity: Oversee and contribute to the development, implementation, and testing of Zowie’s incident management framework, ensuring alignment with compliance obligations (e.g., GDPR breach notification, DORA ICT incident reporting). Play a key role in the maintenance, testing, and continuous improvement of Zowie’s Business Continuity and Disaster Recovery (BCDR) plans
• Policy & Documentation Management: develop, review, and update information security policies and procedures to ensure they are current, effective, and well-communicated
• Stakeholder Reporting & Communication: manage and fulfill reporting responsibilities regarding GRC matters to customers, regulatory bodies, and internal stakeholders, ensuring transparency and compliance
• Cross-Functional Collaboration: work closely with Engineering, Product, Sales, Legal, HR, and other teams to integrate GRC principles into their processes. Provide GRC expertise and guidance to internal stakeholders
• Vendor Risk Management: Take ownership of Zowie’s vendor risk management program

Preferred Qualifications

• Builder Mentality: You are excited by the opportunity to build and shape a GRC program from the ground up. You are proactive, resourceful, and can operate effectively in an environment where processes are still being defined
• Strong Sense of Ownership: You take full responsibility for your work, see tasks through to completion, and are committed to achieving successful outcomes for the GRC program and the company
• AI native : You incorporate AI into your daily work, allowing you to achieve unparalleled productivity
• Exceptional Prioritization Skills: You can navigate a complex landscape of requirements, understand business objectives, and prioritize GRC efforts to deliver maximum impact
• Strong Communication & Collaboration: You can clearly articulate complex GRC concepts to diverse audiences (technical and non-technical) and build strong working relationships across all levels of the organization to foster a culture of compliance
• Pragmatism & Business Acumen: You understand the realities of a growing SaaS business and can implement robust GRC controls in a practical way that supports, rather than hinders, business agility and innovation
• Sufficient Technical Aptitude: You possess a good understanding of SaaS architecture, cloud environments (e.g., AWS, Azure, GCP), and general IT concepts to effectively assess risks and controls
• Relevant Experience: You have a proven track record in similar GRC roles, ideally within B2B SaaS companies, and direct experience with the frameworks critical to Zowie