Mattermost
Mattermost is hiring a GRC Manager to own and modernize our governance, risk, and compliance program across both federal and commercial markets.
This is a program-ownership role for someone who brings a modern, engineering-led approach to compliance — harnessing GRC engineering and AI to reduce manual effort and scale our programs. You will own Mattermost’s compliance posture end to end, accountable for our federal readiness and commercial certifications, and you will modernize how we run them: automated, continuously monitored, and AI-native.
You will do the hands-on compliance work while coordinating across internal stakeholders in engineering, infrastructure, and IT who implement controls, the external auditors who assess them, and the customers whose trust rests on the outcome. As the program scales, you will grow and lead the team behind it.
What You’ll Do
- Own and modernize Mattermost’s compliance programs across federal and commercial markets
- Lead readiness, certification, and surveillance cycles across both programs
- Operate the risk management program end to end — from identification and assessment through treatment and acceptance
- Own the third-party and vendor risk management program, including security assessments and supply chain risk
- Apply GRC engineering and automation to replace manual evidence collection with continuous controls monitoring
- Build AI-native workflows to accelerate and improve the quality of recurring compliance work
- Maintain the control library, system security plans, POA&Ms, and policies
- Coordinate external audits from scoping through remediation
- Accelerate deal cycles by owning customer security questionnaires, trust center content, and reusable compliance artifacts
- Grow and lead the GRC team as the program scales
What We’re Looking For
- Bachelor’s degree in computer science, information security, or related field — or significant professional GRC and compliance experience
- Proven senior-level experience in governance, risk, and compliance, security compliance, or IT audit, including direct ownership of a certification or authorization program
- Experience with U.S. Federal standards including CMMC and NIST series (800-171 / 800-53)
- Experience with ISO 27001 and SOC 2 Type II
- Experience operating a formal risk management program
- Experience running a third-party and vendor risk management program
- Experience owning customer-facing security assurance, including security questionnaires and trust center content
- Working knowledge of security controls for cloud environments (AWS, GCP, and/or Azure)
- Excellent written and verbal communication skills
Nice to Have
- Professional GRC certifications such as CISA, CRISC, CISM, CISSP, or CIPP
- Experience working with AI platforms such as Claude, OpenAI, or Gemini
- Experience with compliance automation tooling such as Vanta or Drata, and continuous controls monitoring
- Direct experience applying AI or LLM-based workflows to GRC tasks
- Proficiency in no-code automation or scripting languages
- Past success in critical infrastructure industries including defense, cybersecurity, communications, or manufacturing
How Success Is Measured
- CMMC Level 2 gap assessment and readiness roadmap delivered within first 90 days
- SOC 2 Type II and ISO 27001 audit cycles completed on time without slippage
- Manual evidence collection replaced with automated, continuously monitored controls
- Customer security questionnaires and trust center content maintained to unblock deal cycles
- GRC team grown and operating as a scalable, program-driven function
Why Mattermost
- Mission-driven work: Your contributions directly support the organizations and missions that depend on secure, reliable collaboration
- Remote-first culture: Work from anywhere with a globally distributed, high-trust team built for autonomy and ownership
- Open source at the core: Be part of a vibrant developer community shaping the future of secure collaboration
- AI-forward environment: We actively adopt and build AI-enabled workflows — you’ll work with and on cutting-edge tooling
- Unique scope: Own the compliance program end to end across both federal and commercial markets at a high-growth Series B company
Compensation
Mattermost takes a market-based approach to pay. Actual compensation may vary based on location, skills, experience, qualifications, and market conditions.
Target Salary Range: $139,254-$168,318
U.S. Eligibility & Compliance
This role requires U.S. citizenship. Candidates must be located in the United States and eligible to obtain and maintain a U.S. government security clearance. For more information visit Security Clearances — United States Department of State
Applicants must meet eligibility requirements for access to export-controlled information as defined by U.S. export control laws, including EAR and ITAR. For more information visit the Bureau of Industry and Security and the Directorate of Defense Trade Controls.
To apply for this job please visit job-boards.greenhouse.io.
Explore Mattermost online
Working in United States
Weather right now in United States: checking… · Local time:
The United States of America (USA), also known as the United States (U.S.) or America, is a country primarily located in North America. It is a federal republic consisting of 50 states and a federal capital district, Washington, D.C. The 48 contiguous states border Canada to the north and Mexico to the south, with the semi-exclave of Alaska in the northwest and the archipelago of Hawaii in the Pacific Ocean. The United States also asserts sovereignty over five major island territories and various uninhabited islands in Oceania and the Caribbean. It is a megadiverse country, with the world's th
🇺🇸 Relocation safety for US: Exercise Normal Caution — via Warnely, CC BY 4.0
Market context
- Similar listings in United States 2
Job details above are provided by the employer/source. The sections on this page are compiled from public data sources with AI assistance.
Accommodations: if you need a workplace accommodation to apply for or perform this job, see ADA.gov or EEOC.gov for guidance on your rights and how to request one.
Keep exploring on Get A Job.ai
Not quite the right fit? Your next opportunity is a click away.
- Browse all jobs
- More jobs by category
- Remote jobs you can do from anywhere
- Research typical pay for this role
- Set a job alert so new matches reach you first
- Upload your resume to apply faster
Hiring instead? Post a job and reach candidates searching right now.
