Program Manager, Governance, Risk And Compliance

OverviewMongoDB's mission is to empower innovators to create, transform, and disrupt industries by unleashing the power of software and data.We enable organizations of all sizes to easily build, scale, and run modern applications by helping them modernize legacy workloads, embrace innovation, and unleash AI.Our industry-leading developer data platform, MongoDB Atlas, is the only globally distributed, multi-cloud database and is available in more than 115 regions across AWS, Google Cloud, and Microsoft Azure.Atlas allows customers to build and run applications anywhere—on premises, or across cloud providers.With offices worldwide and over 175,000 new developers signing up to use MongoDB every month, it's no wonder that leading organizations, like Samsung and Toyota, trust MongoDB to build next-generation, AI-powered applications.MongoDB aligns its practices to multiple compliance frameworks in order to support our customer's needs and help them to meet their regulatory and policy objectives.As we continue to grow and expand our compliance frameworks scope, the GRC team is building a resilient and scalable Program to help MongoDB navigate through the complexity and ambiguity of the compliance, regulatory, financial and technology risk landscape.Working closely with Commercial and Public Compliance sector teams, the GRC Program Manager role will lead the maintenance effort of the Common Controls Framework, focus on optimizing and scaling of our GRC compliance processes and help to define roadmaps and necessary capabilities for future GRC programs.The GRC Program Manager should be experienced in information security and compliance research, planning and delivering projects and programs, including 'hands-on' delivery and transition to Business as Usual and driving process modeling and improvements.The successful candidate should have demonstrated an experience with compliance control mapping, performing gap analysis and capturing, defining and communicating requirements.In addition, experience in process and product development in a Cloud environment would be most beneficial.This position is a unique opportunity to explore a robust scope of information security frameworks and be innovative in designing our scaling strategy.We're looking for someone who is excited to take initiative and willing to learn.We are looking to speak to candidates who are based in Dublin for our hybrid working model.Position ExpectationsManage the Common Controls Framework (CCF) lifecycle, including design, implementation, maintenance, and continuous improvementLead the quarterly and annual CCF control review processes, coordinating cross-functional input to assess control effectiveness, validate ownership, and capture updates across all applicable frameworks.Use findings to drive remediation, improve control maturity, and inform audit readiness and program reportingLead cross-functional coordination with engineering, security, product, legal, privacy, and operations teams to align control implementation and monitoringServe as the connective tissue across multiple compliance frameworks (e.g., FedRAMP, NIST ******, ISO *****, SOC 2, HIPAA, PCI, GDPR)Drive control harmonization, ensuring all relevant frameworks are mapped and aligned to minimize duplication of effort and audit fatigueBuild and maintain a centralized controls library, including ownership assignment, testing cadence, and evidence automationPartner with security and GRC teams to establish and track key performance indicators (e.g., control maturity, testing success rate, audit readiness)Act as the liaison to external auditors and assessors during evidence collection, walkthroughs, and remediation trackingLead program reviews, reporting status to executive leadership and identifying areas for program enhancementEvangelize a compliance-as-a-service model, helping teams integrate security and compliance into development workflowsFeed relevant data points into the information risk assessment process (ex: identifying gaps that may translate to risks; identifying low maturity assessment scores that may translate to risk)Collaborate with compliance team leads on defining roadmaps and necessary capabilities for future GRC programsSupport operational activities such as control performance assessment via NIST CSF Maturity assessment and monitoring of effectiveness of the GRC ProgramsSupport the GRC functions to help drive through ad-hoc deliverables as requiredLead efforts to ensure GRC tooling is updated with pertinent information and configured appropriately to allow for scalable growthPerform cross functional supportive activities related to maintaining standard compliance operationsThe right candidate for this role will have:7+ years of experience in program or project management, ideally in security, compliance, or risk-heavy domainsCreate and maintain procedures and documentation for CCF management, including updates, quarterly control reviews, evidence handling, and stakeholder coordinationStrong working knowledge of security frameworks (FedRAMP, NIST ******, SOC 2, ISO *****, etc.)Own and optimize our GRC / audit tool, ensuring effective control mapping, evidence management, and automation to support scalable, audit-ready compliance operationsExperience designing or operationalizing a centralized/common control framework across multiple compliance obligationsProven ability to run cross-functional programs in a matrixed organizationFamiliarity with technical control domains: access management, change management, monitoring/logging, vulnerability management, configuration baselinesStrong written and verbal communication skills; comfortable presenting to technical and executive stakeholdersExperience supporting or managing internal or external auditsSuccess MeasuresThe GRC Program Manager will be successful in this role when they can execute the following strategic tasks:People: Collaborate with leads to understand our customer's compliance requests and necessary gaps to addressOrganization: Ability to manage multiple parallel efforts and prioritize resources based upon understanding and interpreting business needCommunication: Successfully communicate your recommendations and rationale to both technical and non-technical managementResearch: Gather and analyze feedback from internal stakeholders and develop pragmatic recommendations with respect to compliance initiativesCustomer Service: Ensure MongoDB's GRC Program operates efficiently with minimal interruption to MongoDB teams.Provide great customer service when interfacing with other MongoDB TeamsTo drive the personal growth and business impact of our employees, we're committed to developing a supportive and enriching culture for everyone.From employee affinity groups, to fertility assistance and a generous parental leave policy, we value our employees' wellbeing and want to support them along every step of their professional and personal journeys.Learn more about what it's like to work at MongoDB, and help us make an impact on the worldMongoDB is committed to providing any necessary accommodations for individuals with disabilities within our application and interview process.To request an accommodation due to a disability, please inform your recruiter.MongoDB is an equal opportunities employer.#J-*****-Ljbffr