Deputy logo

GRC Program Manager

Deputy

Posted about 12 hours ago

Deputy is a global SaaS workforce management company with hubs in Sydney, Melbourne, San Francisco and London, plus team members working remotely across the United States. Our platform serves over 1.5 million workers and 375,000 workplaces across 100+ countries. We are backed by top global investors and recently achieved Unicorn status. 
 
At Deputy, we’re improving the world of work, one shift at a time, for 80% of the world’s workforce: hourly workers. These are the dedicated employees who keep our world running – from baristas to nurses, cleaners to delivery drivers, florists to factory workers. Despite their vital role in society, most workplace technology has focused on those workers who sit behind a desk, but at Deputy, we transform the frontline. When businesses use Deputy, their workplaces thrive – the business is more profitable, compliant, and productive, while the workers are more engaged and happier at work.
 
We're becoming an AI-native company, a commitment that means you'll be empowered (and expected) to use AI tools and thinking in your day-to-day work. You'll have the training, support, and freedom to use AI responsibly and creatively to spark ideas, solve problems faster, and unlock new ways of working.
 
If you’re passionate about creating solutions that put people first and helping businesses and their teams thrive, join us at Deputy and make an impact where it matters most!

The Role

As the GRC Program Manager, you will be empowered with AI to be the sole custodian and operator of Deputy’s integrated governance program. This is a highly impactful, "hands-on" role that requires a unique blend of strategic framework design and tactical, daily execution.

Reporting to the Senior Director of Security, you will be a true GRC Swiss Army Knife—responsible for building, running, and maintaining our comprehensive programs across Security, Privacy, AI Governance, and Data Governance, while simultaneously executing core security certifications (ISO 27001, SOC2, PCI-DSS) and managing high-volume compliance workflows.

### Responsibilities

Program Execution & Framework Management (The Doing):

  • AI , Security & Privacy Controls: Design, implement, and personally monitor the internal controls required to achieve and maintain the ISO 42001 (AI) and ISO 27001 certifications, as well as adherence to the NIST AI and Privacy Frameworks.
  • Audit Execution: Act as the primary hands-on coordinator for all internal and external audits, including evidence collection, control testing, and remediation tracking.
  • Daily Workflow Management: Own and execute the daily operational GRC pipeline, leveraging AI-driven automation tools to efficiently manage third-party vendor risk assessments and customer security questionnaires.

    • Active Stakeholder Integration & Policy:

  • Proactive Engagement: Embed yourself directly into product and engineering lifecycles at the initiation phase. Attend project kick-offs, actively listen, and translate business targets into GRC requirements.
  • Policy Creation & Maintenance: Author, update, and roll out company policies associated with data protection, privacy-by-design, and ethical AI utilization.
  • Business Acumen: Align risk and compliance activities with Deputy's broader operational goals, ensuring GRC is an enabler of business growth rather than an isolated silo.

    • Risk & Trust Enablement:

  • Risk Assessments: Perform comprehensive, cross-functional risk assessments on new systems, internal operations, and product features, providing actionable mitigation steps.
  • Sales Enablement: Serve as the point of escalation for compliance-related customer security inquiries, maintaining standard response repositories to accelerate sales velocity.
    • ### Skills & Experience
  • Experience: 5+ years of hands-on experience in GRC roles within a fast-paced SaaS environment, with a proven track record of executing audits and building compliance workflows from scratch.
  • The "Swiss Army Knife" Mindset: Demonstrated ability to pivot seamlessly between high-level policy writing and granular evidence collection; comfortable operating as an individual contributor who owns both strategy and administrative execution.
  • Framework Expertise: Strong working knowledge of ISO 27001, SOC2, PCI-DSS, and emerging international standards such as ISO 42001 (AI).
  • Communication: Exceptional active listening and interpersonal skills, with a demonstrated ability to influence cross-functional decisions and "read the room" to adapt strategies to company priorities.
  • Nice to have - Certifications: Advanced certifications reflecting both security and privacy execution are highly preferred (CISSP, CIPP/E, CIPM, CISA, CISM, or CRISC).
    • Employee Perks
     
    - Enjoy a flexible work policy (with a work-from-home stipend to set you up for success!)
    - Own A piece of Deputy via our Employee Share Ownership Plan (ESOP) 
    - Take paid parental leave to support you and your family 
    - Stay protected with Group Salary Continuance Insurance
    - Access support through our Employee Assistance Program
    - Enjoy additional leave days — including  study assistance, celebration days and volunteering
    - Join our global working groups focused on collaboration, belonging and connection
    - Get creative at our annual Hackathons
    - Take advantage of our novated leasing for electric vehicles, internet reimbursement and more!
     
     

    Want to see the full job description?

    Sign in to view the complete details and apply to this position.

    Job details

    Workplace

    Office

    Location

    Sydney

    Experience

    SE

    Similar
    Deputy logo

    Deputy

    Jobr Assistant extension

    Get the extension →