Are you ready to step into a high-impact role at a fast-growing, engineering-led SaaS company? We’re looking for a motivated GRC Manager to take ownership in a fully remote, cloud-native environment. This is your chance to build, evolve, and scale a foundational function within a lean, technical, and highly innovative team.
Location: Australia or New Zealand - remote first.
About The Company We’re an Australian tech company operating entirely in the cloud. Our culture is engineering-first, remote-first, and deeply technical.
The Opportunity This GRC Manager is not about maintaining the status quo - it’s about taking ownership. You’ll be stepping into a space that needs structure, strategy, and proactive risk management. You’ll handle everything from SOC 2 compliance to risk appetite definition, vendor management, and customer security assurance. If you enjoy a blend of strategic planning and hands-on execution, this role is built for you.
What You’ll Do - Build and mature enterprise risk frameworks, including identification, assessment, and remediation of key risks.
- Define the company’s risk appetite and establish risk management processes across the organisation.
- Design and implement GRC policies aligned with business objectives and regulatory expectations.
- Collaborate with engineering and operations teams to ensure Disaster Recovery and Business Continuity Plans are current and tested.
- Take ownership of SOC 2 Type 2 audits, including evidence collection, testing, and remediation tracking.
- Administer internal compliance automation tools for continuous monitoring.
- Implement automated workflows for risk tracking, vendor assurance, and control ownership.
- Oversee third-party risk assessments for vendors and service providers.
- Embed compliance practices into engineering and DevOps workflows.
What You Bring - 5-8 years of hands-on GRC experience, ideally within SaaS or cloud-native organisations.
- Experience with SOC 2 and standard risk management frameworks.
- Comfortable being both a manager and a doer, rolling up your sleeves while shaping the strategy.
- Familiarity with cloud environments (AWS), SaaS architectures, and DevOps practices.
- Experience with compliance automation platforms
- Desirable: familiarity with FedRAMP, AI compliance standards, or other emerging frameworks.
Why You’ll Love This Role - Opportunity to define and scale a proactive, world-class GRC function.
- Work with highly technical, clever people in a lean, fast-moving company.
- Remote-first, flexible culture
- Competitive salary, potential equity, and a sign-on bonus.
- Be part of something that will make a real impact from day one.
This is a unique chance to join a SaaS start-up at a pivotal stage, where your decisions will shape the future of risk and compliance across the business.
How to apply: Click apply or submit your CV to jasmine@decipherbureau.com for a 100% confidential, informal conversation where your privacy will absolutely be respected.
Decipher Bureau and the clients we partner with are committed to creating a diverse environment and are proud to be equal-opportunity employers. All qualified applicants will be considered for employment without attention to race, colour, religion, sex, sexual orientation, gender identity, national origin, veteran, or disability status.