Retool · 1 month ago
GRC Lead
New York
Full-time
Hybrid
Senior Level, Lead/Staff
8+ years expRetool's Trust Team is seeking an experienced GRC Lead to build and scale their governance, risk, and compliance program. The role involves owning compliance programs, developing security policies, and partnering with teams to ensure compliance enables business operations.
Enterprise SoftwareProductivity ToolsSoftwareSoftware Engineering
Responsibilities
Own and mature our compliance programs (SOC 2, ISO 27001, and future frameworks), including audit preparation, evidence collection, and auditor relationships
Build and operate our customer assurance function, maintaining Trust Program documentation, managing security questionnaire responses, and supporting customer security reviews
Develop and govern security policies, standards, and procedures, ensuring alignment between documented controls and operational reality
Stand up and run our third-party risk management program, assessing vendor security posture across the procurement lifecycle
Establish risk management practices including risk identification, assessment, treatment tracking, and executive reporting
Partner with Engineering and Product teams to embed compliance considerations into development workflows without creating friction
Define metrics and reporting that demonstrate program effectiveness to senior leadership
Qualification
Required
8+ years in GRC, security compliance, or related roles, with experience building programs, not just operating within established ones
Deep expertise in SOC 2, ISO 27001, and familiarity with adjacent frameworks (NIST CSF and SSDF, etc.)
Experience supporting B2B SaaS sales cycles through customer security reviews and Trust documentation
Strong technical fluency, such that you can read a system architecture diagram and have credible conversations with engineers
Comfort with ambiguity and the ability to prioritize ruthlessly in a fast-moving environment
Excellent written and verbal communication, with the ability to translate compliance requirements into business terms
A builder's mindset for a company of builders: you think about automation, efficiency, and scalability, not just completeness
Preferred
Experience with FedRAMP, FISMA, or FIPS 140-2/3 compliance requirements
Familiarity with privacy frameworks (GDPR, CCPA) and their intersection with security compliance
Hands-on experience with GRC platforms (Vanta, Drata, Delve, etc.) and a perspective on how to use tooling to scale
Previous experience at a high-growth B2B SaaS company, particularly one selling to security-conscious enterprises
Relevant certifications (CISA, CRISC, CISSP, CIPP, or similar)
Experience building or contributing to customer-facing trust centers or security portals
Company
Retool
Retool is a software development company that offers solutions in AI apps, documentation, developer tools, and external apps.
201-500 employees
H1B Sponsorship
Retool has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (13)
2024 (12)
2023 (5)
2022 (13)
2021 (4)
2020 (1)
Funding
Current Stage
Growth StageTotal Funding
$141MKey Investors
Sequoia Capital
2022-07-27Series C· $45M
2021-12-22Series C· $20M
2020-10-20Series B· $50M
Leadership Team
David Hsu
Founder, CEO
Recent News
2026-01-24
2026-01-23
2026-01-21
Company data provided by crunchbase