Apply on Employer Site

Swimlane · 1 month ago

GRC Lead

United States

Full-time

Remote

Senior Level, Lead/Staff

10+ years exp

Swimlane is a rapidly growing, innovative startup that provides cloud-scale, low-code security automation for organizations of all industries and sizes. The GRC Lead will own and evolve the security compliance program, manage external audits, and partner with various departments to ensure compliance with security regulations and standards.

ComputerCyber SecurityNetwork SecuritySecuritySoftware

Growth Opportunities

No H1B

Responsibilities

Lead external audit engagements for SOC 2 Type II, ISO 27001, ISO 27701, ISO 42001, and CSA STAR

Own the relationship with external auditors and certification bodies

Develop and drive Swimlane’s compliance maturity roadmap, including future programs such as FedRAMP, CMMC, the EU AI Act, IRAP, and additional emerging frameworks

Monitor evolving regulations, industry standards, and global compliance requirements impacting security, privacy, and AI governance

Develop, maintain, and continuously improve policies, procedures, and plans within Swimlane’s integrated management system (security, privacy, and AI governance)

Coordinate annual policy and documentation reviews in alignment with audit schedules and certification timelines

Assign and reinforce control ownership across business units, ensuring accountability and operational alignment

Provide guidance to teams to ensure organizational processes and business objectives remain compliant with policies and regulatory expectations

Define and track key GRC metrics (KPIs/KRIs), such as policy exceptions, risk register health, audit status, and control performance

Oversee the annual risk assessment and risk treatment planning aligned to ISO 27001, ISO 27701, and ISO 42001 requirements

Conduct targeted risk assessments and gap analyses to support strategic initiatives and emerging risks

Drive continuous improvement of enterprise risk processes and alignment of risk ownership across all departments

Collaborate closely with Engineering and Product teams to embed risk management into roadmaps and development processes

Lead full lifecycle internal audit engagements (planning, execution, reporting, and remediation)

Manage internal audits required for certification under ISO 27001, ISO 27701, and ISO 42001

Implement and configure automation solutions for continuous control monitoring in partnership with GRC engineering resources

Conduct risk assessments and due diligence for all new vendors and technology partners

Maintain a complete and up-to-date third-party inventory and oversee ongoing monitoring activities

Ensure third-party risk practices align with Swimlane’s broader compliance obligations

Own and maintain the company’s external Trust Center, ensuring accurate and up-to-date documentation

Lead the completion of customer security questionnaires, RFPs, and all due diligence processes

Curate, organize, and maintain a repository of GRC documentation for external stakeholders (prospects, customers, partners, auditors)

Serve as the primary SME for GRC topics, requiring strong familiarity with security architecture, engineering controls, and AI-related governance

Facilitate annual updates to the Business Continuity (BC) and Disaster Recovery (DR) plans

Coordinate BC/DR tabletop exercises and ensure alignment to audit and certification requirements

Support validation of cloud service availability, backup restoration, resiliency processes, and incident response playbooks

Deliver and track company-wide security awareness training

Develop role-specific training programs, including secure development, data protection, and acceptable use of AI technologies, aligned with compliance mandates

Qualification

GRC experienceSOC 2 complianceISO 27001 certificationRisk managementAudit managementCompliance tools familiarityProject managementCommunication skills

Required

10+ years of experience in GRC, security compliance, risk management, or a related discipline

Hands-on experience managing SOC 2, ISO 27001, or similar security frameworks and audits

Strong understanding of security controls, compliance requirements, and industry best practices

Experience managing security questionnaires, RFP/RFI responses, or customer security due diligence processes

Excellent project management and organizational skills; ability to prioritize and manage multiple concurrent requests

Strong communication skills and comfort working with both internal stakeholders and external auditors

Location: This role is based in India, and candidates must be current residents of India before applying to be considered

Preferred

Familiarity with compliance or RFP tools is a plus

Benefits

Competitive Benefits & Compensation

Stock Options

Training & Professional Development Opportunities

MacBook Pro

Great Company Culture

We value collaboration and innovation

Give-back Volunteering Opportunities

Company

Swimlane

Swimlane is a developer of a security orchestration and response platform used to deliver security automation to organizations.

Founded in 2014

Louisville, Colorado, USA

201-500 employees

http://www.swimlane.com

Funding

Current Stage

Growth Stage

Total Funding

$182M

Key Investors

Activate Capital PartnersEnergy Impact Partners

2025-06-10Private Equity· $45M

2022-07-06Series C· $70M

2021-01-19Series Unknown· $40M

Leadership Team

Cody Cornell

Co-founder & Chief Executive Officer

Recent News

Business Wire

Swimlane Joins the Wiz Integration Network (WIN) to Bring Agentic AI Automation to Cloud Security Operations

2026-01-16

Best Endpoint Protection Security (EPP) Tools, Software, Solutions & Vendors

Endpoint Security and Network Monitoring News for the Week of November 21st: Swimlane, Palo Alto Networks, Radware, and More

2025-11-23

Business Wire

Swimlane Speeds Security Triage With First-of-Their-Kind AI Agents for Case Management

2025-11-18

Company data provided by crunchbase