Mattermost is the leading collaborative workflow platform for defense, intelligence, security, and critical infrastructure. Trusted by the U.S. Department of War and Fortune 500s, our platform runs on-premises and in private clouds, delivering secure messaging, file sharing, workflow automation, audio/screenshare, and project management—all with full data and operational control. Mattermost powers high-stakes workflows across mission planning, real-time, real-world operations, DevSecOps, incident response, and cyber defense—enabling secure collaboration from tactical edge and DDIL environments to enterprise HQ. Teams operate across web, desktop, and mobile, with embedded interoperability for Microsoft Teams, Outlook, and Microsoft 365. To learn more, visit www.mattermost.com Mattermost is hiring a GRC Manager to own and modernize our governance, risk, and compliance program across both federal and commercial markets. This is a program-ownership role for someone who brings a modern, engineering-led approach to compliance — harnessing GRC engineering and AI to reduce manual effort and scale our programs. You will own Mattermost's compliance posture end to end, accountable for our federal readiness and commercial certifications, and you will modernize how we run them: automated, continuously monitored, and AI-native. You will do the hands-on compliance work while coordinating across internal stakeholders in engineering, infrastructure, and IT who implement controls, the external auditors who assess them, and the customers whose trust rests on the outcome. As the program scales, you will grow and lead the team behind it. What You'll Do Own and modernize Mattermost's compliance programs across federal and commercial markets Lead readiness, certification, and surveillance cycles across both programs Operate the risk management program end to end — from identification and assessment through treatment and acceptance Own the third-party and vendor risk management program, including security assessments and supply chain risk Apply GRC engineering and automation to replace manual evidence collection with continuous controls monitoring Build AI-native workflows to accelerate and improve the quality of recurring compliance work Maintain the control library, system security plans, POA
Read Less