ZipRecruiter

Log In

1

Grc Product Manager Jobs (NOW HIRING)

Vanta

Product GRC SME

$171K - $201K/yr

The GRC Subject Matter Experts play a critical role in delivering high-quality, scalable content ... Acting as a bridge between Product Management, Engineering, Design, Sales, and Customer Success ...

Vanta

Manager, GRC Subject Matter Experts, Product

$230K - $311K/yr

As the Manager of the GRC Product Subject Matter Experts team at Vanta, you will lead the team responsible for the lifecycle, quality, and product integration of Vanta's frameworks, tests, and ...

Vanta

Group Product Manager, GRC Workflows

$221K - $260K/yr

Experience with access management, identity, GRC, security, or compliance products * Open to using AI to amplify their skills and strengthen their work - demonstrating curiosity, a willingness to ...

Origami Risk LLC

$145K - $185K/yr

... Product Managers across a suite of Origami products or modules, ensuring a cohesive vision and execution strategy. The GPM for Governance, Risk, & Compliance (GRC) is responsible for ensuring the ...

Origami Risk LLC

Group Product Manager (GRC)

$145K - $185K/yr

... Product Managers across a suite of Origami products or modules, ensuring a cohesive vision and execution strategy. The GPM for Governance, Risk, & Compliance (GRC) is responsible for ensuring the ...

New

Vanta

Senior Product Designer, GRC

$197K - $232K/yr

You'll work closely with Engineering and Product Managers to create interfaces that bring clarity ... You will report to our Director of Design within the Governance, Risk, and Compliance (GRC) Product ...

Adobe

GRC Strategy and Insights Lead

San Jose, CA

... product strategy, and market expansion goals * Influence cross-functional alignment and shape multi ... Manage audit strategy across programs and align GRC strategy with revenue-generating certifications.

Adobe

GRC Strategy and Insights Lead

Lehi, UT

... product strategy, and market expansion goals * Influence cross-functional alignment and shape multi ... Manage audit strategy across programs and align GRC strategy with revenue-generating certifications.

Adobe, Inc.

GRC Strategy and Insights Lead

San Jose, CA · On-site

... product strategy, and market expansion goals * Influence cross-functional alignment and shape multi ... Manage audit strategy across programs and align GRC strategy with revenue-generating certifications.

Adobe

GRC Strategy and Insights Lead

Seattle, WA

... product strategy, and market expansion goals * Influence cross-functional alignment and shape multi ... Manage audit strategy across programs and align GRC strategy with revenue-generating certifications.

Adobe

GRC Strategy and Insights Lead

New York, NY · On-site

... product strategy, and market expansion goals * Influence cross-functional alignment and shape multi ... Manage audit strategy across programs and align GRC strategy with revenue-generating certifications.

Hyperproof

Senior Product Manager

Seattle, WA · Remote

$129K - $150K/yr

Hyperproof is hiring a Senior Product Manager to join our strong and growing team ... About us Hyperproof is on a mission to transform the Governance, Risk, and Compliance (GRC) world ...

next page

Showing results 1-20

All JobsGrc Product JobsGrc Product Manager Jobs

Grc Product Manager information

See salary details

$51.5K

$159.4K

$197K

How much do grc product manager jobs pay per year?

As of Jun 13, 2026, the average yearly pay for grc product manager in the United States is $159,405.00, according to ZipRecruiter salary data. Most workers in this role earn between $141,000.00 and $197,000.00 per year, depending on experience, location, and employer.

What are the key skills and qualifications needed to thrive as a GRC Product Manager, and why are they important?

To excel as a GRC (Governance, Risk, and Compliance) Product Manager, you need a solid understanding of risk management frameworks, regulatory requirements, and product lifecycle management, usually backed by a degree in business, information security, or a related field. Familiarity with GRC platforms (such as RSA Archer, ServiceNow GRC, or LogicGate), Agile methodologies, and relevant certifications like CISSP or PMP is highly valuable. Strong interpersonal skills, strategic thinking, and the ability to communicate complex concepts clearly are crucial for collaborating across technical and non-technical teams. These competencies ensure the effective development and delivery of GRC solutions that meet organizational and regulatory needs.

How does a GRC Product Manager typically collaborate with cross-functional teams to deliver effective governance, risk, and compliance solutions?

As a GRC Product Manager, you'll work closely with engineering, legal, compliance, and risk management teams to ensure product features align with evolving regulatory requirements and organizational risk frameworks. Regular collaboration involves gathering input from stakeholders, translating compliance needs into product requirements, and facilitating user feedback sessions to refine solutions. You'll also coordinate with sales and customer success teams to educate clients on GRC product updates and support successful implementation. This cross-functional approach is essential for delivering robust, user-friendly GRC tools that address both business and regulatory needs.

What is the difference between Grc Product Manager vs Compliance Analyst?

AspectGrc Product ManagerCompliance Analyst
CredentialsCertifications like CISA, CRISC, PMP often preferredCertifications such as CISA, CIA, or compliance-specific training common
Work EnvironmentCollaborates with product teams, stakeholders, and IT departmentsWorks within compliance departments, audits, and regulatory teams
Industry UsageUsed across finance, healthcare, and tech sectors for risk and compliance productsPrimarily in finance, healthcare, and corporate sectors focusing on regulatory adherence

The Grc Product Manager focuses on developing and managing governance, risk, and compliance products, working closely with cross-functional teams. In contrast, the Compliance Analyst primarily ensures adherence to regulations through audits and monitoring. Both roles require compliance knowledge and certifications but differ in scope and responsibilities.

What are GRC Product Managers?

GRC Product Managers are professionals responsible for overseeing the development and management of products related to Governance, Risk, and Compliance (GRC) within an organization. They work at the intersection of business, technology, and regulatory requirements to ensure that GRC software or solutions meet both customer needs and compliance standards. Their role involves gathering requirements, prioritizing features, working with cross-functional teams, and staying updated on evolving regulations to continuously improve their GRC products.
More about Grc Product Manager jobs
What cities are hiring for Grc Product Manager jobs? Cities with the most Grc Product Manager job openings:
What states have the most Grc Product Manager jobs? States with the most job openings for Grc Product Manager jobs include:
What job categories do people searching Grc Product Manager jobs look for? The top searched job categories for Grc Product Manager jobs are:
Grc Product Manager jobs near you
Infographic showing various Grc Product Manager job openings in the United States as of June 2026, with employment types broken down into 79% Full Time, 19% Part Time, and 2% Contract. Highlights an 77% Physical, 9% Hybrid, and 14% Remote job distribution, with an average salary of $159,405 per year, or $76.6 per hour.
Product GRC SME

Product GRC SME

Vanta

Remote

$171K - $201K/yr

Full-time

Medical, Dental, Vision, Retirement, PTO

Posted 27 days ago

Job description

At Vanta, our mission is to help businesses earn and prove trust.We believe that security should be monitored and verified continuously, and we empower companies to practice better security and prove it with ease. Vanta has a kind and talented team, and while some have prior security experience, many have been successful at Vanta without it.
As Vanta rapidly grows and moves upmarket, we're working with increasingly sophisticated customers who have complex security and compliance needs across a wide range of industries and geographies. The GRC Subject Matter Experts play a critical role in delivering high-quality, scalable content and product guidance to help these companies effectively manage their GRC programs.
As Vanta's newest GRC Subject Matter Expert, you'll be responsible for developing and maintaining multi-framework GRC solutions used by thousands of customers. Acting as a bridge between Product Management, Engineering, Design, Sales, and Customer Success, you'll ensure our solutions align with key security, privacy, and risk frameworks and real-world customer needs. You'll play a pivotal role in designing, validating, and improving compliance-related content and capabilities while providing strategic input to shape Vanta's GRC product roadmap.
You'll join Vanta's Security organization, which provides essential security operational services, is directly involved in the software development process, sets policies and standards regarding enterprise-wide security requirements, and offers advisory services to enable our business to thrive while effectively managing risk. If you're someone who has high initiative and enjoys solving complex problems with real customer impact, we'd love to hear from you!
What you'll do as a GRC SME at Vanta:
  • Build and maintain compliance frameworks - Lead the creation, enhancement, and lifecycle management of controls, evidence requirements, and implementation guidance for standards such as SOC 2, ISO/IEC 27001 & 27701, HIPAA, PCI DSS, NIST CSF, NIST SP 800-53, and regional regulations (e.g., GDPR/CCPA). Author clear control rationales, acceptance criteria, and customer-facing guidance.
  • Design crosswalks and mappings (framework‑agnostic) - Create and steward an internal common‑control approach informed by industry catalogs (e.g., SCF, UCF, or similar). Maintain bidirectional crosswalks across industry leading security and privacy regulatory frameworks. Define canonical control IDs, mapping confidence, and evidence data dictionaries; version crosswalks with changelogs and traceability to source authority. Partner with Engineering to operationalize mappings in‑product (integrations, automated tests, exceptions/exemptions, continuous monitoring workflows).
  • Elevate content quality and usability - Define standards for control wording, evidence specificity, testing method, and reviewer guidance. Establish content QA processes, audits, and metrics (e.g., adoption, time-to-evidence, completion rates) to continually improve outcomes.
  • Drive end‑to‑end GRC product enablement - Build modular content, guidance, and templates for risk management (methodologies, scoring, KRIs), issue & corrective action management (POA&M), policy management (lifecycle, attestations), access reviews (SoD, recertification flows), customer trust / Trust Center artifacts, and third‑party risk management (TPRM) (due diligence, monitoring, contract clauses).
  • Act as a product advisor across discovery & design - Partner with PM/Design to support feature discovery (customer interviews, JTBD, task analysis), review UI/UX for control, evidence, and review workflows, run usability tests, and author PRDs/acceptance criteria grounded in auditor and customer needs.
  • Author automated tests & continuous monitoring - Translate controls/compliance knowledge and infrastructure contexts (cloud services, SaaS apps, on‑prem, endpoints, networks, CI/CD) into spec‑level automated tests and detectors in Vanta. Define test logic, data sources/integrations (APIs, logs, configs), edge cases, and acceptance criteria; pair with Engineering to implement, validate, and maintain detectors with versioned mappings to frameworks for continuous monitoring.
  • Partner with Product to drive roadmap - Translate customer and market needs into GRC requirements, propose experiments, and validate solutions through discovery with Design/UX Research. Influence prioritization using data and field insights; own a backlog for framework/content improvements.
  • Enable AI‑assisted compliance - Partner with Engineering/ML to design and ship LLM‑powered guidance and automation. Translate SME knowledge into machine‑readable specs (schemas, ontologies, prompts), define gold‑standard evaluation sets and acceptance criteria, and implement quality/safety guardrails (red‑teaming, refusal policy, privacy controls). Instrument features to monitor accuracy and drift in production.
  • Synthesize feedback loops - Analyze input from customers, auditors/assessors, partners, and internal teams to identify gaps, resolve issues, and deliver iterative updates quickly and safely.

How to be successful in this role:
  • Experience - 5-7+ years in GRC and/or Information Security with hands‑on implementation or assessment across multiple frameworks (e.g., SOC 2, ISO 27001/27701, HIPAA, PCI DSS, NIST CSF/800‑53). Experience with cloud environments and SaaS is strongly preferred. Federal experience (e.g., FedRAMP) is a plus but not required.
  • Education (preferred) - Bachelor's degree in Computer Science; advanced degree a plus.
  • GRC craft - Deep understanding of controls, risks, testing approaches, evidence standards, and program operations (policies, risk registers, issues/POA&M management, vendor risk, continuous monitoring).
  • Product mindset - Ability to translate requirements into productizable capabilities; comfort with experimentation and data‑driven prioritization.
  • Technical & automation (AI‑augmented) - Build leverage with lightweight tools, LLMs, and automation workflows:
  • Use AI pair‑programming tools (e.g., GitHub Copilot, Cursor) to accelerate drafting of specs, mappings, queries, and test logic.
  • Own simple automations that stitch together Sheets/Airtable, APIs, and webhooks to remove toil (e.g., mapping QA, evidence normalization, exception routing).
  • Design AI‑augmented workflows across teams (e.g., LLM‑assisted control guidance, assessor Q&A triage, remediation suggestions) and measure outcomes (precision/recall, time‑to‑evidence, FP/FN rates).
  • Establish safe‑use guidelines and reusable patterns for prompts/agents (versioning, evaluation, privacy) and enable adoption with playbooks and templates.
  • Analytical & detail‑oriented - Skilled at precise control wording, mapping accuracy, and evidence specificity; comfortable working in spreadsheets and large data sets (lookups, pivots).
  • Communication & collaboration - Excellent written and verbal skills; able to partner effectively with engineers, designers, GTM teams, auditors, and customers.
  • Self-motivated and independent - Able to work autonomously while contributing to team success.
  • Helpful and resourceful - Willing & excited to support cross-functional teams and improve compliance content.
  • Adaptable in a fast-paced environment - Skilled at managing change, solving problems proactively, and taking initiative.
  • Nice‑to‑have - Experience with privacy regulations (GDPR/CCPA), risk quantification (e.g., FAIR), audit/assessor background, or B2B SaaS content/enablement.
  • Certifications (preferred, not required) - One or more of: CISA, CISSP, CCSK/CCSK+, ISO 27001 Lead Implementer/Lead Auditor, CIPM/CIPT, PCI‑ISA/QSA.
  • Open to using AI to amplify their skills and strengthen their work - demonstrating curiosity, a willingness to learn, and sound judgment in applying AI responsibly to improve efficiency and impact

What you can expect as a Vanta'n:
  • Industry-competitive salary and equity
  • Comprehensive medical, dental, and vision coverage, with 100% of employee-only benefit premiums covered for most medical plans
  • 16 weeks paid Parental Leave for all new parents
  • Health & wellness stipend
  • Remote workspace, internet, and cellphone stipend
  • Commuter benefits for team members who report to the SF and NYC office
  • Family planning benefits
  • Matching 401(k) contribution with immediate vesting
  • Flexible PTO policy, plus 80 hours of Sick Time
  • 11 company-paid holidays
  • Virtual team building activities, lunch and learns, and other company-wide events!
  • Offices in SF, NYC, London, Dublin, Tel Aviv, and Sydney

To provide greater transparency to candidates, we share base pay ranges for all US-based job postings regardless of state. We set standard base pay ranges for all roles based on function, level, and country location, benchmarked against similar-stage growth companies. Final offer amounts are determined by multiple factors and may vary based on candidate location, skills, depth of work experience, and relevant licenses/credentials.
#LI-remote
At Vanta, we are committed to hiring diverse talent of different backgrounds and as such, it is important to us to provide an inclusive work environment for all. We do not discriminate on the basis of race, gender identity, age, religion, sexual orientation, veteran or disability status, or any other protected class. As an equal opportunity employer, we encourage and welcome people of all backgrounds to apply.
About Vanta
We started in 2018, in the wake of several high-profile data breaches. Online security was only becoming more important, but we knew firsthand how hard it could be for fast-growing companies to invest the time and manpower it takes to build a solid security foundation. Vanta was inspired by a vision to restore trust in internet businesses by enabling companies to improve and prove their security. From our early days automating security monitoring for compliance standards like SOC 2, HIPAA and ISO 27001 to creating the world's leading Trust Management Platform, our vision remains unchanged.
Now more than ever, making security continuous-not just a point-in-time check- is essential. Thousands of companies rely on Vanta to build, maintain and demonstrate their trust- all in a way that's real-time and transparent.
Referral Instructions
If you are being referred for the role, please contact that person to apply on your behalf.

Apply