Mattermost Logo

Mattermost

GRC Manager

Posted 13 Days Ago
Remote
Hiring Remotely in United States
139K-168K Annually
Senior level
Remote
Hiring Remotely in United States
139K-168K Annually
Senior level
Own and modernize the companys governance, risk, and compliance program across federal and commercial markets. Lead certification and surveillance cycles, run risk and third-party vendor programs, apply GRC engineering and AI for automation and continuous controls monitoring, coordinate external audits, manage customer security assurance, and grow a scalable GRC team.
The summary above was generated by AI
Mattermost is the leading collaborative workflow platform for defense, intelligence, security, and critical infrastructure. Trusted by the U.S. Department of War and Fortune 500s, our platform runs on-premises and in private clouds, delivering secure messaging, file sharing, workflow automation, audio/screenshare, and project management—all with full data and operational control. Mattermost powers high-stakes workflows across mission planning, real-time, real-world operations, DevSecOps, incident response, and cyber defense—enabling secure collaboration from tactical edge and DDIL environments to enterprise HQ. Teams operate across web, desktop, and mobile, with embedded interoperability for Microsoft Teams, Outlook, and Microsoft 365.
To learn more, visit www.mattermost.com

Mattermost is hiring a GRC Manager to own and modernize our governance, risk, and compliance program across both federal and commercial markets.

This is a program-ownership role for someone who brings a modern, engineering-led approach to compliance — harnessing GRC engineering and AI to reduce manual effort and scale our programs. You will own Mattermost's compliance posture end to end, accountable for our federal readiness and commercial certifications, and you will modernize how we run them: automated, continuously monitored, and AI-native.

You will do the hands-on compliance work while coordinating across internal stakeholders in engineering, infrastructure, and IT who implement controls, the external auditors who assess them, and the customers whose trust rests on the outcome. As the program scales, you will grow and lead the team behind it.

What You'll Do

  • Own and modernize Mattermost's compliance programs across federal and commercial markets
  • Lead readiness, certification, and surveillance cycles across both programs
  • Operate the risk management program end to end — from identification and assessment through treatment and acceptance
  • Own the third-party and vendor risk management program, including security assessments and supply chain risk
  • Apply GRC engineering and automation to replace manual evidence collection with continuous controls monitoring
  • Build AI-native workflows to accelerate and improve the quality of recurring compliance work
  • Maintain the control library, system security plans, POA&Ms, and policies
  • Coordinate external audits from scoping through remediation
  • Accelerate deal cycles by owning customer security questionnaires, trust center content, and reusable compliance artifacts
  • Grow and lead the GRC team as the program scales

What We're Looking For

  • Bachelor's degree in computer science, information security, or related field — or significant professional GRC and compliance experience
  • Proven senior-level experience in governance, risk, and compliance, security compliance, or IT audit, including direct ownership of a certification or authorization program
  • Experience with U.S. Federal standards including CMMC and NIST series (800-171 / 800-53)
  • Experience with ISO 27001 and SOC 2 Type II
  • Experience operating a formal risk management program
  • Experience running a third-party and vendor risk management program
  • Experience owning customer-facing security assurance, including security questionnaires and trust center content
  • Working knowledge of security controls for cloud environments (AWS, GCP, and/or Azure)
  • Excellent written and verbal communication skills

Nice to Have

  • Professional GRC certifications such as CISA, CRISC, CISM, CISSP, or CIPP
  • Experience working with AI platforms such as Claude, OpenAI, or Gemini
  • Experience with compliance automation tooling such as Vanta or Drata, and continuous controls monitoring
  • Direct experience applying AI or LLM-based workflows to GRC tasks
  • Proficiency in no-code automation or scripting languages
  • Past success in critical infrastructure industries including defense, cybersecurity, communications, or manufacturing

How Success Is Measured

  • CMMC Level 2 gap assessment and readiness roadmap delivered within first 90 days
  • SOC 2 Type II and ISO 27001 audit cycles completed on time without slippage
  • Manual evidence collection replaced with automated, continuously monitored controls
  • Customer security questionnaires and trust center content maintained to unblock deal cycles
  • GRC team grown and operating as a scalable, program-driven function

Why Mattermost

  • Mission-driven work: Your contributions directly support the organizations and missions that depend on secure, reliable collaboration
  • Remote-first culture: Work from anywhere with a globally distributed, high-trust team built for autonomy and ownership
  • Open source at the core: Be part of a vibrant developer community shaping the future of secure collaboration
  • AI-forward environment: We actively adopt and build AI-enabled workflows — you'll work with and on cutting-edge tooling
  • Unique scope: Own the compliance program end to end across both federal and commercial markets at a high-growth Series B company

Compensation

Mattermost takes a market-based approach to pay. Actual compensation may vary based on location, skills, experience, qualifications, and market conditions.

Target Salary Range: $139,254-$168,318

U.S. Eligibility & Compliance

This role requires U.S. citizenship. Candidates must be located in the United States and eligible to obtain and maintain a U.S. government security clearance. For more information visit Security Clearances — United States Department of State

Applicants must meet eligibility requirements for access to export-controlled information as defined by U.S. export control laws, including EAR and ITAR. For more information visit the Bureau of Industry and Security and the Directorate of Defense Trade Controls.


Mattermost is an EEO Employer, we are a remote-first, open-source company.
 
We are continually working to expand our hiring in more countries and regions, ensuring compliance with local laws and regulations, which takes time.
 
Mattermost values your unique perspective—we welcome all applicants. We encourage individuals from all backgrounds to apply and are committed to assessing candidates based on their skills and qualifications. We do not tolerate discrimination against staff or applicants based on race, religion, national origin, age, disability, pregnancy status, veteran status, or other personal characteristics.
 
If you require accommodations during the interview process, please let us know—we’re happy to assist.

Similar Jobs

Yesterday
Remote
United States
Senior level
Senior level
Artificial Intelligence • Information Technology • Software
Serve as a virtual CISO for a client portfolio: build executive relationships, lead security program and compliance roadmaps (SOC 2, ISO 27001, NIST, HIPAA, CMMC), guide risk assessments and remediation, represent clients in high-stakes calls, manage 3–5 analysts, leverage GRC platforms (Vanta/Drata/SecureFrame), and support practice development and pre-sales.
Top Skills: AWSAzureCcpaCmmcDoraDrataFedrampGCPGdprHipaaHitrustIso 27001Iso 42001Nist 800-171Nist 800-53Nist CsfSecureframeSoc 2Vanta
6 Days Ago
Remote
U.S.
207K-244K Annually
Senior level
207K-244K Annually
Senior level
Software
Lead strategy and roadmap for Vanta's GRC Platform, build shared platform primitives (search, imports/exports, custom fields, approval workflows), drive AI-first product redesigns, partner cross-functionally to prioritize and deliver platform features, define model evaluation, and measure adoption and business impact for enterprise customers.
Top Skills: AIAPIsBackend InfrastructureData Modeling
6 Days Ago
Remote
USA
110K-143K Annually
Senior level
110K-143K Annually
Senior level
Fintech • Payments • Financial Services
Manage and implement enterprise GRC programs using a GRC tool to enforce cyber laws, standards, and certifications (PCI DSS, NIST, SOC1/2). Oversee attestations, third-party risk, contract reviews, IT audit coordination, KPI reporting, and stakeholder education to mitigate cyber risk and ensure compliance.
Top Skills: Control AutomationDrataGrc ToolNist Ai RmfNist CsfOnetrustOptroPci DssSoc1/2Vanta

What you need to know about the Boston Tech Scene

Boston is a powerhouse for technology innovation thanks to world-class research universities like MIT and Harvard and a robust pipeline of venture capital investment. Host to the first telephone call and one of the first general-purpose computers ever put into use, Boston is now a hub for biotechnology, robotics and artificial intelligence — though it’s also home to several B2B software giants. So it’s no surprise that the city consistently ranks among the greatest startup ecosystems in the world.

Key Facts About Boston Tech

  • Number of Tech Workers: 269,000; 9.4% of overall workforce (2024 CompTIA survey)
  • Major Tech Employers: Thermo Fisher Scientific, Toast, Klaviyo, HubSpot, DraftKings
  • Key Industries: Artificial intelligence, biotechnology, robotics, software, aerospace
  • Funding Landscape: $15.7 billion in venture capital funding in 2024 (Pitchbook)
  • Notable Investors: Summit Partners, Volition Capital, Bain Capital Ventures, MassVentures, Highland Capital Partners
  • Research Centers and Universities: MIT, Harvard University, Boston College, Tufts University, Boston University, Northeastern University, Smithsonian Astrophysical Observatory, National Bureau of Economic Research, Broad Institute, Lowell Center for Space Science & Technology, National Emerging Infectious Diseases Laboratories

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account