Product GRC SME

TL;DR

Product GRC SME: Developing and maintaining multi-framework GRC solutions for thousands of customers, bridging Product Management, Engineering, Design, Sales, and Customer Success with an accent on aligning solutions with security, privacy, and risk frameworks and real-world customer needs. Focus on designing, validating, and improving compliance-related content and capabilities and providing strategic input to shape the product roadmap.

Location: Flexible work hours and location

Salary: $158K - $186K

Company

hirify.global helps businesses earn and prove trust by providing a platform to monitor and verify security continuously.

What you will do

• Build and maintain compliance frameworks for standards such as SOC 2, ISO/IEC 27001 & 27701, HIPAA, PCI DSS, NIST CSF, NIST SP 800-53, and regional regulations.
• Design crosswalks and mappings (framework‑agnostic) and create and steward an internal common‑control approach informed by industry catalogs.
• Elevate content quality and usability by defining standards for control wording, evidence specificity, testing method, and reviewer guidance.
• Drive end‑to-end GRC product enablement by building modular content, guidance, and templates for risk management, issue & corrective action management, and policy management.
• Act as a product advisor across discovery & design, partnering with PM/Design to support feature discovery and review UI/UX for control, evidence, and review workflows.
• Partner with Product to drive roadmap, translating customer and market needs into GRC requirements.

Requirements

• Experience: 5-7+ years in GRC and/or Information Security with hands‑on implementation or assessment across multiple frameworks.
• Education (preferred) - Bachelor’s degree in Computer Science; advanced degree a plus.
• Deep understanding of controls, risks, testing approaches, evidence standards, and program operations.
• Product mindset with the ability to translate requirements into productizable capabilities.
• Technical & automation (AI‑augmented) skills to build leverage with lightweight tools, LLMs, and automation workflows.
• Certifications (preferred, not required) - One or more of: CISA, CISSP, CCSK/CCSK+, ISO 27001 Lead Implementer/Lead Auditor, CIPM/CIPT, PCI‑ISA/QSA.

Nice to have

• Experience with privacy regulations (GDPR/CCPA), risk quantification (e.g., FAIR), audit/assessor background, or B2B SaaS content/enablement.

Culture & Benefits

• Industry-competitive compensation.
• 100% covered medical, dental, and vision benefits with dependents coverage.
• Flexible work hours and location.
• Open PTO policy.
• 11 paid holidays in the US.
• Offices in SF, NYC, London, Dublin, and Sydney.