Senior GRC Program Manager jobs in United States
cer-icon
Apply on Employer Site
company-logo

Bumble Inc. · 10 hours ago

Senior GRC Program Manager

positionAustin, TX
timeFull-time
remoteHybrid
senioritySenior Level
date6+ years exp

Bumble Inc. is an equal opportunity employer focused on building secure, AI-driven systems that empower connection and trust globally. They are seeking a Senior Security GRC Program Manager to lead their PCI, SOX, ITGC, and GDPR programs, driving audit excellence, automation maturity, and compliance alignment across their products and infrastructure.

Computer Software
badNo H1Bnote

Responsibilities

Own Bumble’s Core Compliance Programs: Lead end-to-end management of PCI, SOX, ITGC, and GDPR frameworks — from annual audit planning through evidence collection, remediation, and executive reporting
Drive Audit Efficiency & Automation: Partner with Security Engineering, Finance IT, and Product teams to automate evidence workflows, control attestations, and testing pipelines via tools such as Drata, Vanta, or ServiceNow GRC
Lead SOX & ITGC Program Delivery: Co-own SOX ITGC compliance with Finance IT, directly manage external audit partners, and maintain strong control hygiene across identity, change management, and infrastructure layers
Oversee PCI Compliance Operations: Maintain Bumble’s PCI program scope, manage annual assessments, and coordinate with payments and infrastructure teams to ensure ongoing adherence and minimal audit fatigue
Steward GDPR Alignment: Partner with Legal, Privacy, and Data Engineering to operationalize GDPR requirements, ensuring data protection principles and privacy-by-design controls are consistently validated
Report Risk & Remediation Metrics: Build dashboards and KPI reports that provide visibility into audit readiness, control performance, and remediation progress for executive stakeholders

Qualification

PCI complianceSOX complianceITGC complianceGDPR complianceCloud architecturesGRC tools integrationData flow mappingCISA certificationCISM certificationCISSP certificationCRISC certificationISO Lead AuditorCollaborationCommunication

Required

6+ years of experience in Security GRC, audit, or compliance within a cloud-native or technology-driven environment
Proven ownership of PCI, SOX, ITGC, and GDPR compliance programs — from planning through audit closure
Demonstrated success driving measurable improvements in audit efficiency, control maturity, or automation adoption
Strong working knowledge of cloud architectures (AWS, GCP) and common ITGC control areas — including access management, change management, and incident response
Experience integrating GRC tools with engineering systems (e.g., CI/CD pipelines, Jira, Slack, or identity platforms like Okta)
Ability to design or refine control automation workflows and collaborate with engineers on technical control implementation
Practical understanding of data flow mapping and system-of-record validation to support GDPR evidence and privacy controls
Track record of leading multi-stakeholder audits (Finance, Legal, Engineering, Privacy) and aligning diverse teams on deadlines and deliverables
Skilled at presenting complex audit or risk topics to executive leadership using concise, data-driven insights
Capable of drafting clear, audit-ready documentation and control narratives without excessive bureaucracy
Seeks opportunities to replace manual audit processes with system-driven controls
Understands how to balance compliance requirements with engineering velocity
Measures success through reduced audit fatigue, improved evidence hygiene, and faster remediation cycles
Builds trust with auditors and internal stakeholders through transparency and consistency

Preferred

Hands-on experience automating evidence collection or audit testing workflows
Familiarity with data protection impact assessments (DPIAs) and GDPR privacy operations
Experience building or maintaining risk registers, executive dashboards, or compliance OKRs/KPIs
Certifications such as CISA, CISM, CISSP, CRISC, or ISO Lead Auditor
Background in payments, fintech, or regulated SaaS environments

Benefits

$10,000 lifetime benefit opportunity to all employees and their partners around the world.
Family leave to support you and your loved ones when needed (including victims of domestic abuse or violent crime).
26 weeks paid leave for the primary caregiver following the birth, adoption, surrogacy or foster care of a child.
The secondary caregiver will also receive 26 weeks paid leave after 1 year of employment.
Unlimited paid time off.
Once a year, we have a company-wide week off.
Every Friday we try to have a no meeting, no deadline, no email and no Slack rule on a Friday.

Company

Bumble Inc.

twittertwitter
Glassdoor3.6
company-logo
Bumble Inc. is the parent company of Bumble Date, BFF, and Badoo.
dateFounded in 2014
location
Austin, Texas, US
people-size501-1000 employees
web-link
https://team.bumble.com

Funding

Current Stage
Late Stage

Leadership Team

leader-logo
Whitney Wolfe Herd
Founder and CEO
linkedin
leader-logo
Anu Subramanian
CFO
linkedin

Recent News

Gizmodo
Bumble Founder Shares Odd Future of Dating: Your AI Dates My AI
2024-05-12
MarketScreener
Bumble forecasts quarterly revenue below estimates
2024-05-09
Investing.com
Bumble beats first-quarter revenue estimates, shares surge
2024-05-09
Company data provided by crunchbase