Skip to content
 Subscribe to our Smart Commerce Newsletter for expert advice on growing your ecommerce business. Sign Up
  • English
  • Deutsch
  • 简体中文
Back to List

GRC Manager


IT, Security & Infrastructure


Atlanta, Bellevue, Chicago, Los Angeles

GRC Manager

GRC Manager

The opportunity:

Flexport helps more than 10,000 clients and suppliers lead all aspects of their supply chain operations. Started in 2013, we've raised over $1.3B from investors that include the SoftBank Vision Fund, Founders Fund, Google Ventures and Y Combinator.

With offices and infrastructure on three continents, our team is as global as our client base and we’re excited to continue building a product and service they love. Wherever you are, whichever role you play, you’re guaranteed to share your day with passionate and resourceful team members.

We are looking for a bright, passionate and dedicated individual to join our Security Compliance team to help Flexport establish itself as the most trusted company in the global trade ecosystem. You will collaborate closely with Security, Operations, Engineering, Legal, Finance, and Executive Management to implement security safeguards, manage security risk, lead security audits, build and maintain trust with our customers and users, drive continual process improvements, and creating industry leading trust and assurance programs. As the GRC Manager at Flexport, you will be responsible for and lead the audit certification lifecycles for current and future compliance initiatives. You will help to drive our certification roadmaps based on customer requirements while ensuring committed assessments are delivered on schedule. It also includes responsibility for managing critical security- and compliance-related projects.

You will:

  • Build, enforce, and maintain a common controls framework that aligns with applicable security policies, standards and regulations (e.g. ISO 27001, SOC 1/2, SOX ITGCs) and drive adoption of the program within the organization.
  • Scope and manage security and privacy certification and accreditation activities for multiple frameworks, including, but not limited to, ISO 27001 / 27017 / 27018 / 27701, SOC 1/2, NIST 800-53, Cloud Security Alliance Framework, EU Privacy - GDPR, and Privacy Shield. Additionally, serve in a project management capacity to ensure that appropriate teams are involved in audit and control testing activities.
  • Build and automate processes to achieve continuous compliance over technology control environment
  • Leverage automated compliance tools to monitor and report on compliance against security policies and standards, and related control activities.
  • Build relationships with other Flexport teams such as broader Security team, IT, Infrastructure, Engineering, Legal, and People team, to accomplish Security Compliance Team goals and ensure audit readiness and security compliance across the organization.
  • Develop and maintain security documentation including policies, standards, procedures, and security white papers.
  • Lead risk assessments to identify security risks across business functions, products, and systems. Oversee risk register and ongoing risk treatment lifecycle, including exceptions.
  • Lead internal audits of our security program and partner with internal stakeholders.
  • Identify the root cause of control gaps and exceptions and suggest remediation steps
  • Coordinate the quarterly User Access reviews process including information gathering, management responses tracking, and results review to follow through on corrective actions.
  • Lead organizational security and privacy awareness efforts, and implement a measured and managed awareness program.
  • Measure security program maturity and build plans for increasing maturity through projects, capabilities, and controls.
  • Provide Security Leadership with status and performance reporting related to compliance risk and control effectiveness.
  • Participate in security and compliance responses to RFPs and lead customer-driven security evaluations.
  • Partner with sales and legal teams to build and maintain customer trust.

You should have:

  • Candidate must be able to assimilate knowledge quickly, understand stakeholder's business challenges/risks, and act as a trusted advisor to lead change, policy adoption and monitor compliance against policies and standards.
  • Bachelor‘s Degree in Computer Information Systems or related field, preferred.
  • 6+ years in security compliance, risk management, IT audit, or information security assurance.
  • Strong knowledge of security risk management and leading internal/external audits/certification programs
  • In-depth knowledge of one or more industry and/or compliance regulations – ISO 27001, SOC 1/2, NIST 800-53,  PCI-DSS, HIPAA, International Privacy requirements (Europe, EU Privacy, PAC Rim including Privacy Shield).
  • Experience leading multiple audit efforts to successful outcomes, and maintaining successful outcomes in subsequent year audits.
  • Experience leading security risk assessments, maintaining risk registers, with a successful track record of company-wide collaboration/influencing to prioritize and remediate risks.
  • In-depth knowledge of information security audit, risk management and policy compliance.
  • Knowledge of, or experience working with, Cloud technologies/environments, AWS or other related cloud experience.
  • Knowledge of security tools and solutions such as Firewalls, IPS, Encryption and security monitoring, etc.
  • Strong listening and presentation skills necessary to understand, communicate with, and persuade, a wide range of audiences.
  • Strong cross-functional team program management abilities, including managing multiple assessments concurrently with different stakeholders and timelines.
  • Track record of taking initiative, having the ability to work independently, and be comfortable thriving in ambiguity.
  • The ability to travel globally, including China.
  • A "compliance first" attitude to keep our regulators happy and enthusiastic about Flexport since we operate in a heavily regulated industry

About Flexport:

At Flexport, we believe global trade can move the human race forward. That’s why it’s our mission to make it easy and accessible for everyone. We’re shaping the future of a $8.6T industry with solutions powered by innovative technology and exceptional people. Today, companies of all sizes—from emerging brands to Fortune 500s—use Flexport technology to move more than $19B of merchandise across 112 countries a year. 

The recent global supply chain crisis has put Flexport center stage as we continue to play a pivotal role in how goods move around the world. At a valuation of $8 billion, we’re experiencing record growth and are proud to have the support of the best investors in the game who believe in our mission, solutions and people. Ready to tackle global challenges that impact business, society, and the environment? Come join us.

Worried about not having any logistics experience?

Don’t be! Our mission is to make global trade easy for everyone. That’s why it’s important to bring people from diverse backgrounds and experiences together with our industry veterans to help move the global logistics industry forward.

We know this industry is complex. That’s why we invest in education starting day one with Flexport Academy, a one week intensive onboarding program designed specifically to set every new Flexport employee up for success. 

At Flexport, our ability to fulfill our mission of making global trade easy for everyone relies on having a diverse, dedicated and engaged workforce. That is why Flexport is committed to creating and nurturing an environment where anyone can be their authentic self. All qualified applicants will receive consideration for employment regardless of race, color, religion, sex, national origin, age, physical and mental disability, health status, marital and family status, sexual orientation, gender identity and expression, military and veteran status, and any other characteristic protected by applicable law.

Find Your Role at Flexport