Bumble Inc. · 2 weeks ago
Lead GRC Program Manager
US TX Austin
Full-time
Hybrid
Senior Level, Lead/Staff
$145K/yr - $180K/yr
6+ years expBumble Inc. is an equal opportunity employer focused on building secure, AI-driven systems that empower connection and trust globally. They are seeking a Lead Security GRC Program Manager to manage compliance programs such as PCI, SOX, ITGC, and GDPR, driving audit excellence and automation across the company's products and infrastructure.
Computer Software
No H1B
Responsibilities
Lead end-to-end management of PCI, SOX, ITGC, and GDPR frameworks — from annual audit planning through evidence collection, remediation, and executive reporting
Partner with Security Engineering, Finance IT, and Product teams to automate evidence workflows, control attestations, and testing pipelines via tools such as Drata, Vanta, or ServiceNow GRC
Co-own SOX ITGC compliance with Finance IT, directly manage external audit partners, and maintain strong control hygiene across identity, change management, and infrastructure layers
Maintain Bumble’s PCI program scope, manage annual assessments, and coordinate with payments and infrastructure teams to ensure ongoing adherence and minimal audit fatigue
Partner with Legal, Privacy, and Data Engineering to operationalize GDPR requirements, ensuring data protection principles and privacy-by-design controls are consistently validated
Build dashboards and KPI reports that provide visibility into audit readiness, control performance, and remediation progress for executive stakeholders
Qualification
Required
6+ years of experience in Security GRC, audit, or compliance within a cloud-native or technology-driven environment
Proven ownership of PCI, SOX, ITGC, and GDPR compliance programs — from planning through audit closure
Demonstrated success driving measurable improvements in audit efficiency, control maturity, or automation adoption
Strong working knowledge of cloud architectures (AWS, GCP) and common ITGC control areas — including access management, change management, and incident response
Experience integrating GRC tools with engineering systems (e.g., CI/CD pipelines, Jira, Slack, or identity platforms like Okta)
Ability to design or refine control automation workflows and collaborate with engineers on technical control implementation
Practical understanding of data flow mapping and system-of-record validation to support GDPR evidence and privacy controls
Track record of leading multi-stakeholder audits (Finance, Legal, Engineering, Privacy) and aligning diverse teams on deadlines and deliverables
Skilled at presenting complex audit or risk topics to executive leadership using concise, data-driven insights
Capable of drafting clear, audit-ready documentation and control narratives without excessive bureaucracy
Seeks opportunities to replace manual audit processes with system-driven controls
Understands how to balance compliance requirements with engineering velocity
Measures success through reduced audit fatigue, improved evidence hygiene, and faster remediation cycles
Builds trust with auditors and internal stakeholders through transparency and consistency
Preferred
Hands-on experience automating evidence collection or audit testing workflows
Familiarity with data protection impact assessments (DPIAs) and GDPR privacy operations
Experience building or maintaining risk registers, executive dashboards, or compliance OKRs/KPIs
Certifications such as CISA, CISM, CISSP, CRISC, or ISO Lead Auditor
Background in payments, fintech, or regulated SaaS environments
Benefits
$10,000 lifetime benefit opportunity to all employees and their partners around the world.
Family & compassionate paid leave
26 weeks parental leave
Unlimited paid time off
Company-wide week off
Focus Fridays
Company
Bumble Inc.
Bumble Inc. is the parent company of Bumble Date, BFF, and Badoo.
501-1000 employees
Funding
Current Stage
Late StageLeadership Team
Whitney Wolfe Herd
Founder and CEO
Anu Subramanian
CFO
Recent News
2024-05-12
MarketScreener
2024-05-09
2024-05-09
Company data provided by crunchbase