GRC Lead


San Francisco, CA, US / Remote
  • Job Type: Full-Time
  • Function: IT
  • Industry: Consumer
  • Post Date: 01/14/2022
  • Website:
  • Company Address: 548 Market Street, #35410, San Francisco, CA, 94104

About Grammarly

Grammarly’s digital writing assistant helps more than 20 million people write more clearly and effectively every day. In building a product that scales across multiple platforms and devices, Grammarly works to empower users whenever and wherever they communicate.

Job Description

Grammarly offers a remote-first hybrid working model. Team members can work primarily remotely. Starting in 2022, teams will meet in person every quarter in one of Grammarly’s hubs, currently in San Francisco, Vancouver, New York, and Kyiv. To ensure that teams are able to overlap in their working hours and to meet face-to-face when needed, all team members need to live within three time zones of their direct team.

Grammarly team members who will be collaborating at our San Francisco hub must be based in the United States.

The opportunity 

Grammarly empowers people to thrive and connect, whenever and wherever they communicate. Every day, 30 million people and 30,000 teams around the world use our AI-powered writing assistant. All of this begins with our team collaborating in a values-driven and learning-oriented environment. 

To achieve our ambitious goals, we’re looking for a Security Compliance Lead to join our Governance, Risk, and Compliance team. This role will scale and lead the Security Compliance function at Grammarly. The Security Compliance Lead will help further scale our security compliance program, affirming and increasing trust in our security posture among our existing and prospective customers. This individual will work closely with a wide variety of global teams at Grammarly, including Engineering, Security, IT, Customer Support, Marketing, and Legal. 

Grammarly’s engineers and researchers have the freedom to innovate and uncover breakthroughs—and, in turn, influence our product roadmap. The complexity of our technical challenges is growing rapidly as we scale our interfaces, algorithms, and infrastructure. Read more about our stack or hear from our team on our technical blog.

Your impact

As Security Compliance Lead, you will head the execution of our enterprise roadmap by developing our security compliance program, which will further expand our market coverage in the enterprise sector. 

In this role, you will:

  • Define the strategy that addresses the demands of our existing and future customers.
  • Build a team of professionals to support this strategy.
  • Maintain and further develop Grammarly’s security control framework in line with our values and culture.
  • Enable various teams at Grammarly to be efficient control owners by ensuring the controls address the risks while not imposing additional burdens and bureaucracy. 
  • Build a scalable cybersecurity risk assessment framework.
  • Maintain relationships with independent auditors.
  • Lead internal security audits.
  • Document and communicate our security practices to provide transparency to customers, prospects, and other stakeholders.
  • Further drive compliance efforts to enable us to enter increasingly regulated markets.

Within the first thirty days, you will establish meaningful relationships with your team and peers across the organization, get up to speed on all systems and technologies, and start to make an immediate impact on the compliance program.

By month three, you will own the global strategy for security compliance and take over direct leadership of the function. You will own the strategy and partner directly with the functional leads to understand their challenges and learn the demand. You will start growing the GRC team, which currently consists of one team member. 

By month six and beyond, you will set a long-term strategy for the global compliance program addressing Grammarly’s business objectives. You will design and grow the control framework and the supporting team to meet the needs of Grammarly’s ambitious growth targets. 

We’re looking for someone who

  • Embodies our EAGER values—is ethical, adaptable, gritty, empathetic, and remarkable.
  • Has exposure to the SaaS world and related global compliances with 5+ years of relevant experience.
  • Has 2 years of experience managing people and knows how to attract top talents either from the market or their own network.
  • Has hands-on experience with auditing security frameworks such as SOC 2, ISO 270XX, SOX.
  • Built a compliance program in a highly dynamic environment that is based on Agile principles.
  • Knows how to measure risk appetite and implement adequate compensating controls to support business objectives rather than impose excessive bureaucracy.
  • Is keen on automation and is constantly looking for ways to minimize manual operations.
  • Is strong at complex program management.

Bonus points for

  • BA or BS in a technical field or equivalent experience
  • Any of the following certifications: CISA, CISSP, CISM, or CCSP
  • Experience with business continuity programs and disaster recovery plan implementation

Support for you, professionally and personally

  • Professional growth: We hire people we trust, and we give team members autonomy to do their best work. We also support professional development with training, coaching, and regular feedback.
  • A connected team: Grammarly builds a product that helps people connect, and we apply this mindset to our own team. We have a highly collaborative culture supported by our EAGER values. We also take time to celebrate our colleagues and accomplishments with global, local, and team-specific events and programs.
  • Comprehensive benefits: Grammarly offers all team members competitive pay along with a benefits package that includes superior health care. We also offer support to set up a home office, ample and defined time off, gym and recreation stipends, admission discounts, and more.
  • For Colorado-based employment: The salary range for this position is $174,000 – $259,000/year; however, base pay offered may vary considerably depending on job-related knowledge, skills, and experience. The compensation package includes a wide range of medical, dental, vision, financial, and other benefits, as well as equity.

We encourage you to apply


At Grammarly, we value our differences, and we encourage all—especially those whose identities are traditionally underrepresented in tech organizations—to apply. We do not discriminate on the basis of race, religion, color, gender expression or identity, sexual orientation, national origin, citizenship, age, marital status, veteran status, disability status, or any other characteristic protected by law. Grammarly will consider qualified applicants with criminal histories in a manner consistent with the San Francisco Fair Chance Ordinance. Grammarly is an equal opportunity employer and participant in the U.S. Federal E-Verify program.

Please note that Grammarly’s COVID-19 vaccination policy requires that all team members in North America be vaccinated against COVID-19 to meet in person for Grammarly business or to work from a North America hub location. It is expected that this will be a requirement for this role. Qualified candidates in North America who cannot be vaccinated for medical reasons or because of a sincerely held religious belief may request a reasonable accommodation to this policy. For Ukraine, this policy requires team members to be vaccinated or produce a daily negative COVID-19 test administered at the Kyiv hub to work from the hub or attend in-person meetings.

We use cookies to customize your user experience. Click “Agree” if you agree with our Policy.