Governance Risk Compliance Program Manager

We are a team of doers, seasoned engineers, hackers and builders, working on the future of streaming data. Funded by premier investors including GV and Lightspeed, Redpanda is building the streaming data platform for developers. We’re evolving streaming beyond the Apache Kafka® protocol into a unified “engine of record” that delivers a categorical reduction in complexity, wicked-fast performance, onboard Wasm transforms, and transparent tiered storage that gives consumers access to both real-time and historical data from a single API.   About the Role: Redpanda is looking for an accomplished and forward-thinking GRC Program Manager to establish and grow our governance, risk and compliance initiatives. In this newly-created role, you will consolidate security, privacy, compliance and risk management functions, partnering closely with HR, IT, Security Engineering and the rest of the internal teams. You will be responsible for defining and executing compliance initiatives, establishing and cultivating a strategic vision to unlock business value. You are: Passionate about enabling corporate policies and practices to deliver security, privacy and compliance value to the business Equally comfortable as a self-starter, capable of rolling up your sleeves and partnering with leaders across the business Accountable, yet able to delegate as a trusted partner with other leaders and stakeholders Practical in ruthless prioritization to maximize business value and resolute in execution Eager to thrive in a remote-first, fast-growing, global SaaS start-up company  You Will: Maintain SOC2 and HIPAA compliance and design/facilitate future compliance initiatives supporting business objectives Maintain subject matter expertise of applicable privacy laws and regulations and align corporate practices as required Maintain and administer compliance tooling, evidence and associated documentation Coordinate internal and third party compliance audits for security and privacy, liaising between third party auditors and internal staff Partner with internal business function leaders (e.g., IT, Security Engineering, vendor procurement, People & Talent, etc.) to deliver successful, business-enabling security, privacy and risk management practices  Develop, update, and/or maintain standard operating procedures, including any associated KPIs and reporting Coordinate consistent, accurate and efficient responses to prospective and existing customer security questionnaires Orchestrate regular review of the corporate risk matrix Provide functional expertise to support the organization's risk identification, assessment and treatment processes Serve as corporate Data Protection Officer (DPO) You Have: 4+ years of experience in security, privacy and/or compliance roles supporting software development, ideally in an enterprise SaaS context Deep knowledge of compliance frameworks and regulations including: SOC2, HIPAA, GDPR, PCI/DSS Proven ability to implement/manage security, privacy and risk management compliance programs Demonstrated ability to deliver results collaboratively in a matrix reporting structure through establishing shared strategic vision Keen interest and experience working remotely with a 100% distributed team Strong verbal and written communication skills and demonstrated technical competency, with adaptability to address targeted audiences from diverse teams and roles (individual contributors to executives) An ability to empathize with your fellow employees, designing and negotiating policies and procedures that enable needed business outcomes while minimizing friction and overhead Please highlight if applicable to you: Specific experience with SOC2, HIPAA, or GDPR    U.S. base salary range for this role is $187,000 - $220,000 (CA, NY, WA) and $178,000 - $210,000 (other US locations) . Our salary ranges are determined by role, level, and location. As a remote-first company, we strive to consider each candidate's job-related skills, location, experience, relevant education or training to determine individual base salary. Your talent partner will share more about the specific salary range for your preferred location during the hiring process. Redpanda is used by Fortune 1000 enterprises pushing hundreds of terabytes a day, as well as by the solo dev prototyping a React application on her laptop. Think of it as a streaming data API platform that scales with you from the smallest projects to petabytes of data distributed across the globe. Join Redpanda if you’d enjoy being part of a fast-moving, 100% remote organization with team members around the globe and a culture based on trust, transparency, communication, and kindness.  #LI-Remote