GRC Program Manager

Lead GRC Program Manager

US TX Austin

Finance – Information Security Governance, Risk & Compliance (GRC) /

Employee - Regular/Permanent /

Hybrid

Apply for this job

About Bumble

At Bumble, we’re building secure, AI-driven systems that empower connection and trust globally. Security and privacy are at the heart of that mission.

We’re seeking a Lead Security GRC Program Manager to lead our PCI, SOX, ITGC, and GDPR programs, driving audit excellence, automation maturity, and cross-functional compliance alignment across Bumble’s products and infrastructure.

This role is ideal for someone who thrives in fast-moving environments and knows how to transform compliance from a checkpoint into a scalable, automated enabler of trust.

Please note: We are unable to offer Visa transfers or Visa sponsorship

What You’ll Do

• Own Bumble’s Core Compliance Programs:
  • Lead end-to-end management of PCI, SOX, ITGC, and GDPR frameworks — from annual audit planning through evidence collection, remediation, and executive reporting.
• Drive Audit Efficiency & Automation:
  • Partner with Security Engineering, Finance IT, and Product teams to automate evidence workflows, control attestations, and testing pipelines via tools such as Drata, Vanta, or ServiceNow GRC.
• Lead SOX & ITGC Program Delivery:
  • Co-own SOX ITGC compliance with Finance IT, directly manage external audit partners, and maintain strong control hygiene across identity, change management, and infrastructure layers.
• Oversee PCI Compliance Operations:
  • Maintain Bumble’s PCI program scope, manage annual assessments, and coordinate with payments and infrastructure teams to ensure ongoing adherence and minimal audit fatigue.
• Steward GDPR Alignment:
  • Partner with Legal, Privacy, and Data Engineering to operationalize GDPR requirements, ensuring data protection principles and privacy-by-design controls are consistently validated.
• Report Risk & Remediation Metrics:
  • Build dashboards and KPI reports that provide visibility into audit readiness, control performance, and remediation progress for executive stakeholders.

Must-Haves

• Program Leadership Experience:
  • 6+ years of experience in Security GRC, audit, or compliance within a cloud-native or technology-driven environment.
  • Proven ownership of PCI, SOX, ITGC, and GDPR compliance programs — from planning through audit closure.
  • Demonstrated success driving measurable improvements in audit efficiency, control maturity, or automation adoption.
• Technical Acumen:
  • Strong working knowledge of cloud architectures, including hands-on experience operating in GCP environments. Experience with AWS is a plus. Candidates should also have a strong grasp of common ITGC control areas, including access management, change management, and incident response.
  • Experience integrating GRC tools with engineering systems (e.g., CI/CD pipelines, Jira, Slack, or identity platforms like Okta).
  • Ability to design or refine control automation workflows and collaborate with engineers on technical control implementation.
  • Practical understanding of data flow mapping and system-of-record validation to support GDPR evidence and privacy controls.
• Execution & Communication:
  • Track record of leading multi-stakeholder audits (Finance, Legal, Engineering, Privacy) and aligning diverse teams on deadlines and deliverables.
  • Skilled at presenting complex audit or risk topics to executive leadership using concise, data-driven insights.
  • Capable of drafting clear, audit-ready documentation and control narratives without excessive bureaucracy.
• Mindset & Operating Style:
  • Automation-first: Seeks opportunities to replace manual audit processes with system-driven controls.
  • Business-aligned: Understands how to balance compliance requirements with engineering velocity.
  • Outcome-driven: Measures success through reduced audit fatigue, improved evidence hygiene, and faster remediation cycles.
  • Collaborative: Builds trust with auditors and internal stakeholders through transparency and consistency.

Nice-to-Haves

• Hands-on experience automating evidence collection or audit testing workflows.
• Familiarity with data protection impact assessments (DPIAs) and GDPR privacy operations.
• Experience building or maintaining risk registers, executive dashboards, or compliance OKRs/KPIs.
• Certifications such as CISA, CISM, CISSP, CRISC, or ISO Lead Auditor.
• Background in payments, fintech, or regulated SaaS environments.

Global benefits

• Maven Fertility
  We offer a $10,000 lifetime benefit opportunity to all employees and their partners around the world.
• Family & compassionate paid leave
  Family leave to support you and your loved ones when needed.
• 26 weeks parental leave
  26 weeks paid leave for the primary caregiver following the birth, adoption, surrogacy or foster care of a child.
• Unlimited paid time off
  Take the time you need when you need it.
• Company-wide week off
  Once a year, we have a company-wide week off.
• Focus Fridays
  Every Friday we try to have a no meeting, no deadline, no email and no Slack rule on a Friday so you can focus without distraction.

Check out more of our local benefits here

About Us

Bumble Inc. is the parent company of Bumble Date, BFF, and Badoo. The Bumble platform enables people to build healthy and equitable relationships, through Kind Connections.

Inclusion at Bumble Inc.

Bumble Inc. is an equal opportunity employer and we strongly encourage people of all ages, colour, lesbian, gay, bisexual, transgender, queer and non-binary people, veterans, parents, people with disabilities, and neurodivergent people to apply.

AI in Bumble Inc. Hiring

At Bumble, we may use AI tools to support parts of our recruitment process.

Bumble Inc. Home Page