GRC Program Manager, Product and Customer Trust

📋 Description

• • Own and improve the customer trust operating model by defining intake, triage, escalation paths, SLAs, metrics, and quality review processes in partnership with Product, Security, Legal, Privacy, GTM, and Field Security teams.
• • Support strategic customer trust needs including responding to security questionnaires, facilitating customer calls, updating the Trust Center, and providing high-priority deal support for enterprise customers.
• • Partner with cross-functional teams to prepare accurate, approved trust materials for product launches and regulated product changes, ensuring external narratives align with internal controls.
• • Build reusable customer-facing narratives, FAQs, evidence paths, and whitepapers to reduce one-off work while maintaining strict control over security and compliance claims.
• • Ensure all external security and compliance claims are demonstrably supported by internal processes, controls, and documentation to maintain credibility with customers, auditors, and regulators.
• • Scale product launch reviews to prevent GRC from becoming a bottleneck, integrating assurance workflows into the product development lifecycle without compromising rigor.
• • Develop data handling guidance and paved paths for product teams to ensure alignment between internal practices and external commitments regarding user data.
• • Leverage automation and AI-native workflows—including Codex and related tooling—to improve speed, consistency, and scalability of assurance processes and reduce manual review overhead.
• • Turn recurring customer discovery requests into reusable content, product feedback loops, evidence improvements, and signals for control gaps to continuously strengthen the GRC function.
• • Maintain accurate and actionable information for customers, auditors, and regulators about how OpenAI handles user data, ensuring transparency without overstatement.
• • Translate complex technical security concepts into clear, precise, and accessible language for non-technical audiences including Sales, Field Security, Customer Success, and enterprise buyers.
• • Drive operational excellence in GRC by building scalable systems, metrics, and automation that enable high-volume assurance without sacrificing quality or accuracy.
• • Ensure product launches are aligned with regulatory expectations and enterprise trust requirements, particularly in regulated verticals such as Healthcare, Financial Services, and Advertising.
• • Act as a trusted advisor to GTM teams, providing approved, accurate, and legally vetted security and compliance narratives to enable customer acquisition and retention.
• • Distinguish between what can be answered directly, what requires review by Product/Security/Legal, and what should not be claimed externally, exercising strong judgment in external communications.
• • Continuously refine and evolve the GRC operating model to meet emerging regulatory expectations and the demands of enterprise-scale product deployments.