About the Role:

Redpanda is looking for an accomplished and forward-thinking GRC Program Manager to establish and grow our governance, risk and compliance initiatives. In this newly-created role, you will consolidate security, privacy, compliance and risk management functions, partnering closely with HR, IT, Security Engineering and the rest of the internal teams. You will be responsible for defining and executing compliance initiatives, establishing and cultivating a strategic vision to unlock business value.

You are:

• Passionate about enabling corporate policies and practices to deliver security, privacy and compliance value to the business
• Equally comfortable as a self-starter, capable of rolling up your sleeves and partnering with leaders across the business
• Accountable, yet able to delegate as a trusted partner with other leaders and stakeholders
• Practical in ruthless prioritization to maximize business value and resolute in execution
• Eager to thrive in a remote-first, fast-growing, global SaaS start-up company 

You Will:

• Maintain SOC2 and HIPAA compliance and design/facilitate future compliance initiatives supporting business objectives
• Maintain subject matter expertise of applicable privacy laws and regulations and align corporate practices as required
• Maintain and administer compliance tooling, evidence and associated documentation
• Coordinate internal and third party compliance audits for security and privacy, liaising between third party auditors and internal staff
• Partner with internal business function leaders (e.g., IT, Security Engineering, vendor procurement, People & Talent, etc.) to deliver successful, business-enabling security, privacy and risk management practices 
• Develop, update, and/or maintain standard operating procedures, including any associated KPIs and reporting
• Coordinate consistent, accurate and efficient responses to prospective and existing customer security questionnaires
• Orchestrate regular review of the corporate risk matrix
• Provide functional expertise to support the organization's risk identification, assessment and treatment processes
• Serve as corporate Data Protection Officer (DPO)

You Have:

• 4 years of experience in security, privacy and/or compliance roles supporting software development, ideally in an enterprise SaaS context
• Deep knowledge of compliance frameworks and regulations including: SOC2, HIPAA, GDPR, PCI/DSS
• Proven ability to implement/manage security, privacy and risk management compliance programs
• Demonstrated ability to deliver results collaboratively in a matrix reporting structure through establishing shared strategic vision
• Keen interest and experience working remotely with a 100% distributed team
• Strong verbal and written communication skills and demonstrated technical competency, with adaptability to address targeted audiences from diverse teams and roles (individual contributors to executives)
• An ability to empathize with your fellow employees, designing and negotiating policies and procedures that enable needed business outcomes while minimizing friction and overhead

Please highlight if applicable to you:

• Specific experience with SOC2, HIPAA, or GDPR 

U.S. base salary range for this role is $187,000 - $220,000 (CA, NY, WA) and $178,000 - $210,000 (other US locations) . Our salary ranges are determined by role, level, and location. As a remote-first company, we strive to consider each candidate's job-related skills, location, experience, relevant education or training to determine individual base salary. Your talent partner will share more about the specific salary range for your preferred location during the hiring process.