PitchMeAI
Sigma

Governance, Risk & Compliance (GRC) Manager

Sigma · San Francisco, CA

  • On site
  • Full-time
  • $215,000 / year
  • San Francisco, CA

Job highlights

  • Lead GRC programs for Sigma.
  • Build enterprise-wide GRC framework.
  • Manage risk, compliance, and governance.
  • Collaborate with cross-functional teams.
  • Enable business growth securely and confidently.

About the role

About Sigma

Sigma is the AI apps and analytics platform connected to the cloud data warehouse. Using Sigma, business and technical teams can build intelligent, production-ready AI apps that accelerate and automate operational workflows. Sigma provides a spreadsheet interface, SQL and Python editors, visual builders, and native AI to help teams turn live data into interactive applications, analysis, reports, and embedded experiences.

Sigma announced its $200M in Series D financing in May 2024, to continue transforming BI through its innovations in AI infrastructure, data application development, enterprise-wide collaboration, and business user adoption. Spark Capital and Avenir Growth Capital co-led the Series D funding round, with additional participation from a group of past investors including Snowflake Ventures and Sutter Hill Ventures.The Series D funding, raised at a valuation 60% higher than the company’s Series C round three years ago, promises to further accelerate Sigma’s growth.

Come join us!

Why Join Sigma

This is an opportunity to build a world-class GRC program that doesn't just check boxes but genuinely enables the business to pursue opportunities with confidence. You'll work across the entire organization, have direct access to the General Counsel, and make a tangible impact on how Sigma manages risk and creates value for customers.

Job Summary

Sigma is seeking an experienced Governance, Risk, and Compliance (GRC) Manager to lead and scale our governance, risk, and compliance programs. This role is based in our San Francisco or upcoming New York office and reports to the General Counsel. You'll have the opportunity to build a strategic, enterprise-wide GRC function that enables business growth while managing organizational risk. You'll partner with Legal, Engineering, Product, Sales, Operations, and leadership to develop a comprehensive GRC framework that protects Sigma's interests, supports our strategic objectives, and builds stakeholder trust. You'll mature our governance structures, implement scalable risk management processes, and ensure compliance with applicable regulatory requirements—all while enabling the business to move quickly and confidently.

What You'll Do

Governance
  • Design and implement governance frameworks, including reporting, policy governance, and control oversight.
  • Establish and maintain enterprise policies, standards, and procedures across technology, security, privacy, and operational functions.
  • Build and lead a governance committee structure that provides appropriate oversight and decision-making.
  • Create governance dashboards and metrics to provide visibility into program maturity and effectiveness.
  • Partner with leadership to align governance activities with business strategy and risk appetite.
Risk Management
  • Develop and operate a comprehensive Enterprise Risk Management (ERM) program.
  • Conduct regular enterprise-wide risk assessments and maintain a dynamic risk register.
  • Build and maintain business continuity and disaster recovery programs, including regular testing and tabletop exercises.
  • Implement third-party risk management processes, including vendor risk assessments, contract reviews, and ongoing monitoring.
  • Create risk treatment plans and track remediation activities across the organization.
  • Facilitate risk-informed decision-making at all levels of the organization.
  • Coordinate with functional leaders to ensure risks across all business areas are identified and managed appropriately.
Compliance
  • Own audit and certification programs including SOC 2, ISO 27001, HIPAA, and other relevant standards.
  • Develop and maintain compliance monitoring programs to track regulatory changes and work with the legal team to assess impact.
  • Partner with HR and Legal to support labor & employment compliance programs, including workplace safety, anti-discrimination, wage and hour requirements, and multi-jurisdictional employment regulations.
  • Monitor and ensure adherence to industry-specific regulatory requirements relevant to Sigma's business operations.
  • Manage security awareness training programs enterprise-wide.
  • Conduct internal audits and assessments to validate control effectiveness.
  • Coordinate external audits and assessments with third-party auditors.
Business Enablement
  • Support sales and customer success teams with compliance documentation and security inquiries.
  • Develop customer-facing materials that articulate Sigma's risk management and compliance posture.
  • Complete and manage responses to customer security questionnaires and assessments (VSAs, SIGs, custom questionnaires).
  • Enable efficient deal cycles by maintaining ready-to-use compliance artifacts, trust center content, and documentation.
  • Partner with Sales Engineering and Solutions teams to address prospect security and compliance requirements.

What You Bring

Required
  • 4+ years of experience in governance, risk management, and/or compliance roles, preferably in SaaS or technology companies.
  • Demonstrated experience building or significantly maturing a GRC program from the ground up.
  • Track record of successfully leading certification audits (SOC 2, ISO 27001, HIPAA, or similar).
  • Experience implementing risk management frameworks (COSO, ISO 31000, NIST RMF, or similar).
  • Strong knowledge of data privacy regulations and their practical application (GDPR, CCPA, etc.).
  • Experience developing and maintaining information security and privacy policies, procedures, and control frameworks.
  • Strong business acumen with ability to translate risk and compliance requirements into business value.
  • Excellent communication skills with ability to influence stakeholders at all levels, including leadership.
  • Proven ability to manage multiple priorities and stakeholders in a fast-paced, high-growth environment.
  • Collaborative mindset and commitment to enabling business success while managing risk.
Preferred
  • Experience with GRC platforms (ServiceNow GRC, Archer, LogicGate, or similar).
  • Hands-on experience with cloud environments (GCP, AWS, Azure) from a compliance and security perspective.
  • Experience with labor & employment compliance or cross-functional collaboration with HR on regulatory matters.
  • Familiarity with multi-state or international employment regulations.
  • Experience with continuous compliance automation tools (Vanta, Drata, Secureframe, Tugboat, or similar).
  • Professional certifications such as CRISC, CISA, CISM, CGEIT, CISSP, or CIPP.
  • Experience in high-growth SaaS or technology companies.
  • Background in both technical and operational risk management.
  • Experience working in organizations with distributed or remote teams.
  • Familiarity with security frameworks such as NIST CSF, CIS Controls, or OWASP.

Benefits For Our Full-Time Employees

  • Equity
  • Generous health benefits
  • Flexible time off policy. Take the time off you need!
  • Paid bonding time for all new parents
  • Traditional and Roth 401k
  • Commuter and FSA benefits
  • Lunch Program
  • Dog friendly office

Equal Opportunity Employer Statement

Sigma Computing is an equal opportunity employer. We are committed to building a smart and strong team regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender, gender identity or expression, or veteran status. We look forward to learning how your experience can enable all of us to grow.

Key skills/competency

  • Governance, Risk, and Compliance (GRC)
  • Enterprise Risk Management (ERM)
  • Compliance Audits (SOC 2, ISO 27001, HIPAA)
  • Risk Management Frameworks (COSO, NIST)
  • Data Privacy Regulations (GDPR, CCPA)
  • Policy Development
  • Information Security
  • Third-Party Risk Management
  • Business Continuity Planning
  • Risk Assessment

Skills & topics

How to get hired

Technical preparation

Study SOC 2, ISO 27001, and HIPAA requirements.,Familiarize with NIST RMF and COSO frameworks.,Review GDPR, CCPA, and other privacy regulations.,Understand cloud compliance in AWS, GCP, Azure.

Behavioral questions

Describe building a GRC program from scratch.,How have you influenced senior leadership on risk?,Give an example of managing multiple priorities.,How do you balance risk management and business growth?

Frequently asked questions

What are the key responsibilities for the Governance, Risk, and Compliance Manager at Sigma?
The Governance, Risk, and Compliance (GRC) Manager at Sigma will design and implement governance frameworks, develop and operate an Enterprise Risk Management (ERM) program, own audit and certification programs (SOC 2, ISO 27001, HIPAA), and support sales teams with compliance documentation. This role is crucial for enabling business growth while managing organizational risk.
What qualifications are required for the GRC Manager position at Sigma?
Sigma requires at least 4 years of experience in governance, risk management, or compliance roles, preferably within SaaS or technology companies. You should have a demonstrated ability to build or mature a GRC program, a track record of leading certification audits, and experience with risk management frameworks. Strong knowledge of data privacy regulations and excellent communication skills are also essential.
What are the preferred qualifications for the GRC Manager role at Sigma?
Preferred qualifications include experience with GRC platforms like ServiceNow GRC or Archer, hands-on experience with cloud environments (GCP, AWS, Azure), and familiarity with continuous compliance automation tools. Professional certifications such as CRISC, CISA, CISM, CGEIT, CISSP, or CIPP are highly valued, as is experience in high-growth SaaS companies or with distributed/remote teams.
What is the reporting structure for the GRC Manager at Sigma?
The Governance, Risk, and Compliance Manager at Sigma reports directly to the General Counsel, indicating a high level of visibility and access to senior leadership.
How does Sigma use AI in its hiring process for the GRC Manager role?
Sigma utilizes artificial intelligence tools to assist in candidate screening and assessment for roles like the GRC Manager. These AI tools are designed to complement human decision-making rather than replace it, helping to identify suitable candidates efficiently.
What is the salary range for the GRC Manager position at Sigma?
The base salary range for the GRC Manager position at Sigma is $190,000 to $215,000 annually. Compensation may vary based on qualifications, skills, and experience, and the role is also eligible for stock options and a comprehensive benefits package.
Does Sigma offer remote work options for the GRC Manager position?
Sigma has an in-office work environment in its San Francisco and New York offices. Therefore, this Governance, Risk, and Compliance Manager role is not a remote position, requiring presence in one of the specified offices.
What kind of impact can a GRC Manager make at Sigma?
A GRC Manager at Sigma has the opportunity to build a world-class GRC program that genuinely enables the business to pursue opportunities with confidence. You will work across the entire organization, have direct access to the General Counsel, and make a tangible impact on how Sigma manages risk and creates value for customers.
Governance, Risk & Compliance (GRC) Manager at Sigma | Apply at Sigma | Jobs near San Francisco | PitchMeAI