Sr. Governance, Risk, and Compliance Lead - Remote

Overview

We are looking for a Sr. Lead, GRC (Governance, Risk, and Compliance) to strengthen Upwork’s Information Security program by leading audit readiness and compliance operations across global frameworks and vendor requirements.

In Short

• Lead and manage internal and external audits for ISO 27001 and SOC 2 Type 2.
• Own Upwork’s compliance with Microsoft Supplier Security and Privacy Assurance (SSPA).
• Maintain and evolve the Information Security Management System (ISMS).
• Collaborate with Engineering, IT, Legal, and Privacy teams.
• Monitor and report on the enterprise risk register and compliance metrics.
• Act as the primary point of contact for auditors and external stakeholders.
• Track and interpret changes in regulatory and compliance frameworks.

Requirements

• 5+ years of experience in GRC, Information Security, or Compliance.
• Proven expertise with ISO 27001, SOC 2, and third-party compliance programs.
• Demonstrated success managing end-to-end audit processes.
• Strong project management, communication, and analytical skills.
• Relevant certifications such as CISA, CRISC, or ISO 27001 Lead Auditor/Implementer.

Benefits

• Comprehensive medical coverage for you and your family.
• Unlimited PTO.
• 401(k) plan with matching.
• 12 weeks of paid parental leave.
• Employee Stock Purchase Plan.