Manager, GRC Subject Matter Experts, Product

📋 Description

• • Lead a team of GRC Subject Matter Experts responsible for the lifecycle, quality, and product integration of Vanta’s compliance frameworks, tests, and content including SOC 2, ISO 27001/27701, HIPAA, PCI DSS, NIST, FedRAMP, and emerging regulations.
• • Hire, mentor, and develop SMEs across commercial and government frameworks, test authoring, framework quality uplift, and maintenance, ensuring technical depth and content quality meet high standards.
• • Establish and govern Vanta’s end-to-end framework release process in partnership with Product and Engineering, defining the playbook for scoping, building, reviewing, and shipping new frameworks, updates, automated tests, and crosswalks.
• • Own program management for GRC content initiatives including new framework launches, updates, update notes, customer escalations, content requests, PMM material reviews, and licensing/pricing input.
• • Drive quality uplift efforts for older commercial frameworks to ensure consistent, modern standards for control wording, evidence specificity, and testing methods across Vanta’s full library.
• • Set strategic direction for crosswalks and mappings across security and privacy frameworks, including canonical control IDs, mapping confidence levels, and evidence data dictionaries, and partner with Engineering to operationalize these in-product.
• • Act as a senior product advisor to Product Management and Design, contributing to discovery, PRD authoring, UI/UX reviews, and usability testing for GRC product features such as risk management, POA&M, policy management, access reviews, Trust Center, and third-party risk management.
• • Champion AI-assisted compliance by coaching SMEs to translate domain knowledge into machine-readable specs, evaluation sets, and guardrails, and partner with Engineering and ML teams to ship LLM-powered guidance and automation.
• • Represent the GRC framework portfolio externally by partnering with Sales, Customer Success, and Product Marketing to contribute to pricing, packaging, licensing, and customer-facing materials—including frameworks like HITRUST.
• • Serve as the senior escalation point for customer issues related to framework interpretation, scoping, and content accuracy, ensuring consistent and accurate responses to complex compliance inquiries.
• • Track and report KPIs to Security and Product leadership including framework release velocity, content quality, adoption rates, time-to-evidence, and customer impact using data to prioritize work.
• • Break down ambiguous and competing priorities across framework launches, updates, test authoring, and quality uplift into actionable decisions, balancing customer demand, market opportunity, and engineering capacity.
• • Maintain open feedback loops within the team and across functions—communicating priorities, risks, and progress clearly to ICs, engineers, GTM partners, customers, and executives.
• • Foster a stable, motivated team environment with clear operating rhythms, delegating effectively to build ownership and capability while proactively addressing team health issues with the People Business Partner.
• • Promote accountability and psychological safety by treating mistakes as learning opportunities, communicating progress transparently, and addressing misses directly without blame.
• • Contribute to the broader GRC product surface by ensuring SMEs are embedded in product development workflows, providing expert input on features dependent on compliance content and expertise.
• • Stay ahead of shifts in the regulatory landscape, customer needs, and product direction, adjusting team priorities to maintain alignment with Vanta’s overall strategy.
• • Utilize AI tools such as LLMs and pair-programming assistants to accelerate drafting of specs, mappings, and test logic, while establishing safe-use guidelines and reusable patterns for the team.
• • Work with large datasets and spreadsheets to ensure precision in control wording, mapping accuracy, and evidence specificity.
• • Provide input on GRC product features requiring deep domain expertise, ensuring technical accuracy and customer relevance in all compliance-related product outputs.