Governance, Risk & Compliance Manager

At Buildkite, our mission is to unblock every developer on the planet. We’ve rethought how software delivery should work and have built a platform that is fast, reliable, secure, and able to scale to the needs of the most demanding high-growth tech companies globally including Airbnb, Shopify, Canva, PagerDuty, Lyft, and Pinterest.

We’re seeking a motivated Governance, Risk & Compliance (GRC) Manager to join our growing team and help strengthen our governance, risk, and compliance capabilities.

The successful applicant will be responsible for building and running programs that drive proactive risk identification and management, and help us scale with rapidly developing global regulatory frameworks. A key focus will be on maintaining our SOC 2 Type 2 compliance, managing and improving Vanta for continuous compliance, responding to customer security and vendor questionnaires, and supporting the assessment and introduction of additional regulatory frameworks as we scale.

You’ll work closely across the business to ensure that compliance is not just a checkbox, but a foundation for trust and efficiency. This role is ideal for someone who enjoys working in technology and wants a blend of strategic and practical work, as the role will require both planning risk and compliance initiatives and doing the day-to-day work to solve the problems that they find.

Governance, Risk & Policy Management

• Build and mature the enterprise risk management framework, including identification, assessment, and remediation of key risks
• Develop and implement data-driven analysis of risk to identify trends and insights, and assess, measure, and maintain compliance with existing regulatory and third-party frameworks
• Lead the design and implementation of GRC policies, ensuring they remain aligned with business objectives and regulatory expectation
• Work across the business to ensure Disaster Recovery and Business Continuity Plans are current and tested
• Design and implement company-wide training materials.
• Facilitate risk and compliance updates with executive leadership and the board

Continuous Compliance & Vanta Administration

• Coordinate ongoing SOC 2 Type 2 audit cycle, ensuring evidence is complete and accurate
• Liaise with external auditors, coordinate testing, and manage audit requests
• Track and coordinate the remediation of audit findings or control gaps
• Own and manage Vanta as the central tool for continuous compliance and control monitoring
• Maintain integrations across corporate applications, AWS, and production infrastructure
• Track evidence collection, control testing, and remediation workflows
• Manage user access reviews, asset inventory, and control ownership within Vanta

Customer & Vendor Assurance

• Coordinate and respond to customer security questionnaires and due diligence requests
• Support completion of vendor risk assessments for tools and service providers.
• Maintain documentation of standard responses, security posture summaries, and policy references

Compliance Operations & Improvement

• Continuously evaluate new GRC and compliance automation tools to enhance maturity and efficiency
• Monitor regulatory and industry trends relevant to SaaS, AWS cloud environments, and software development
• Partner with Engineering and Security teams to embed compliance into DevOps and CI/CD workflows

🎨 What You Bring

• 7+ years of experience in Governance, Risk, and Compliance, preferably within a SaaS or cloud-native company
• Experience designing and implementing risk management frameworks
• Familiarity with SOC 2, ISO 27001, or other compliance frameworks
• Experience with Vanta or similar compliance automation platforms (e.g., Drata, Secureframe, Tugboat Logic)
• Working understanding of AWS environments, SaaS architectures, and DevOps practices
• Excellent organization and communication skills; able to manage multiple stakeholders and priorities

Additional Experience That’s Useful:

• Exposure to audit processes and evidence collection for external assessments
• Experience handling customer security questionnaires or vendor risk management
• Knowledge of privacy and data protection standards (e.g., GDPR, CCPA)

✨ Why Join BuildkiteAt Buildkite, we value kindness, autonomy, and collaboration. You’ll be part of a remote-first company where your work can make a meaningful impact – empowering engineers worldwide to build and deliver better software faster.

• Competitive compensation, including salary, equity, and benefits package
• Flexible, remote-first culture
• Opportunities for career progression and leadership development
• Help define and scale a proactive, world-class support function
• An inclusive, innovative culture where your ideas influence company direction