Similar Jobs
Big Data • Cloud • Software • Generative AI • Big Data Analytics
The Global GRC Manager will oversee compliance initiatives, manage audits and vendor security, and ensure adherence to regulatory requirements in a fast-paced environment.
Top Skills:
CisaCismCisspCriscGdprIso 27001NistSoc 2
Cloud • Computer Vision • Information Technology • Sales • Security • Cybersecurity
Conduct research on mobile threats, analyze cyber campaigns, reverse engineer malware, produce intelligence reports, and collaborate with teams for threat detection.
Top Skills:
DebuggersDecompilersDisassemblersMalware AnalysisPythonReverse Engineering
Cloud • Computer Vision • Information Technology • Sales • Security • Cybersecurity
The ISSO will enhance security and compliance for federal cloud environments, manage ATO processes, conduct audits, and oversee incident responses.
Top Skills:
Aws GovcloudCC++Ci/CdEndpoint SecurityFedrampFismaJavaScriptNist Sp 800-53PythonRmfSIEM
ABOUT RETOOL
Nearly every company in the world runs on custom software for critical operations like tracking performance metrics, handling customer support workflows, building admin dashboards, and countless other processes you might not have even thought of. But most companies don't have adequate resources to properly invest in these tools, leading to a lot of old and clunky internal software or, even worse, users still stuck in manual and spreadsheet flows.
At Retool, we’re building the first enterprise AppGen platform: software that transforms natural language into production-ready code, integrates directly with business data, and meets the highest standards of security and governance. AI is redefining what it means to build software—and who gets to build it. The definition of “developer” now includes analysts, operators, and domain experts creating solutions directly. As the pool of builders widens, so does the complexity of what they need to build. The opportunity is enormous, but so is the challenge of enabling this larger community to build production-grade software safely. That means AI that understands real business data, enforces enterprise policies automatically, and empowers teams to create once and reuse everywhere with shared, trusted components.
Over 100 million hours of work has been automated by developers and domain experts using our platform, freeing them to focus on creative problem-solving and strategic initiatives that drive real business value. The people closest to knowing what needs to be built can now safely create custom solutions within enterprise guardrails. And that's a mission worth striving for.
Let's build the future together!
WHY WE’RE LOOKING FOR YOU
Retool's Trust Team is seeking an experienced GRC Lead to build and scale our governance, risk, and compliance program. Today, we maintain SOC 2 Type II and ISO 27001 certifications, but we're looking for someone who sees compliance not as a checkbox exercise, but as the foundation of customer trust and operational excellence.
In this role, you'll own the maturity journey from being just "compliant" to enabling true program excellence through building the processes, policies, and evidence infrastructure that let us confidently say what we do and demonstrably do what we say. You'll work at the nexus of security, legal, engineering, and go-to-market teams to ensure our compliance posture enables rather than constrains the business, and engineering to build safely at-speed.
This is a hands-on role with strategic scope. You'll shape GRC strategy, scale our assurance capabilities, and build the operational muscle that enables Retool to earn and maintain customer trust at scale.
At Retool, we're not just building a product—we're building a company where security is foundational to everything we do. If you're passionate about leading a critical function in a dynamic, innovative environment, we'd love to hear from you.
IN THIS ROLE, YOU WILL:
- Own and mature our compliance programs (SOC 2, ISO 27001, and future frameworks), including audit preparation, evidence collection, and auditor relationships
- Build and operate our customer assurance function, maintaining Trust Program documentation, managing security questionnaire responses, and supporting customer security reviews
- Develop and govern security policies, standards, and procedures, ensuring alignment between documented controls and operational reality
- Stand up and run our third-party risk management program, assessing vendor security posture across the procurement lifecycle
- Establish risk management practices including risk identification, assessment, treatment tracking, and executive reporting
- Partner with Engineering and Product teams to embed compliance considerations into development workflows without creating friction
- Define metrics and reporting that demonstrate program effectiveness to senior leadership
THE SKILLSET YOU'LL BRING:
- 8+ years in GRC, security compliance, or related roles, with experience building programs, not just operating within established ones
- Deep expertise in SOC 2, ISO 27001, and familiarity with adjacent frameworks (NIST CSF and SSDF, etc.)
- Experience supporting B2B SaaS sales cycles through customer security reviews and Trust documentation
- Strong technical fluency, such that you can read a system architecture diagram and have credible conversations with engineers
- Comfort with ambiguity and the ability to prioritize ruthlessly in a fast-moving environment
- Excellent written and verbal communication, with the ability to translate compliance requirements into business terms
- A builder's mindset for a company of builders: you think about automation, efficiency, and scalability, not just completeness
NICE TO HAVE:
- Experience with FedRAMP, FISMA, or FIPS 140-2/3 compliance requirements
- Familiarity with privacy frameworks (GDPR, CCPA) and their intersection with security compliance
- Hands-on experience with GRC platforms (Vanta, Drata, Delve, etc.) and a perspective on how to use tooling to scale
- Previous experience at a high-growth B2B SaaS company, particularly one selling to security-conscious enterprises
- Relevant certifications (CISA, CRISC, CISSP, CIPP, or similar)
- Experience building or contributing to customer-facing trust centers or security portals
For candidates based in the United States, the pay range(s) for this role is listed below and represents base salary range for non-commissionable roles or on-target earnings (OTE) for commissionable roles. This salary range may be inclusive of several career levels at Retool and will be narrowed during the interview process based on a number of factors such as (but not limited to), scope and responsibilities, the candidate’s experience and qualifications, and location.
Additional compensation in the form(s) of equity and/or commission are dependent on the position offered. Retool provides a comprehensive benefit plan, including medical, dental, vision, and 401(k). Pay and benefits are subject to change at any time, consistent with the terms of any applicable compensation or benefit plans.
The base pay range for this role is $198,300 – $288,225 per year.
Retool offers generous benefits to all employees and hybrid work location. For more information, please visit the benefits and perks section of our careers page!
Retool is currently set up to employ all roles in the US and specific roles in the UK. To find roles that can be employed in the UK, please refer to our careers page and review the indicated locations.
Retool San Francisco, California, USA Office
Retool's headquarters is in San Francisco's Mission District within walking distance to the 16th St. Bart station, great coffee shops, and SF institutions like Dandelion Chocolate and Tartine Manufacturing. We have dedicated parking, secure bike storage, and 24/7 onsite security.
What you need to know about the San Francisco Tech Scene
San Francisco and the surrounding Bay Area attracts more startup funding than any other region in the world. Home to Stanford University and UC Berkeley, leading VC firms and several of the world’s most valuable companies, the Bay Area is the place to go for anyone looking to make it big in the tech industry. That said, San Francisco has a lot to offer beyond technology thanks to a thriving art and music scene, excellent food and a short drive to several of the country’s most beautiful recreational areas.
Key Facts About San Francisco Tech
- Number of Tech Workers: 365,500; 13.9% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: Google, Apple, Salesforce, Meta
- Key Industries: Artificial intelligence, cloud computing, fintech, consumer technology, software
- Funding Landscape: $50.5 billion in venture capital funding in 2024 (Pitchbook)
- Notable Investors: Sequoia Capital, Andreessen Horowitz, Bessemer Venture Partners, Greylock Partners, Khosla Ventures, Kleiner Perkins
- Research Centers and Universities: Stanford University; University of California, Berkeley; University of San Francisco; Santa Clara University; Ames Research Center; Center for AI Safety; California Institute for Regenerative Medicine
