Cresta Recognized for Real-Time Coaching and Management in Independent Research ReportGET THE REPORT
The logo of Cresta.ai, the AI powered sales team coach
September 21, 2021

Governance, Risk, & Compliance Manager

Full-Time · San Francisco or Remote · Security · Apply Now
Interested in defining how AI shapes the future of work? Cresta is on a mission to make every knowledge worker 100x as effective, 10x faster and 10x better. Cresta is focused on using AI to help the workforce, not replace them. Cresta uses our patented Expertise AI to uncover expert insights from every conversation and put those insights into action with real-time coaching during customer conversations. 

We’re growing fast! Spun out of the Stanford AI lab and chaired by Google-X founder Sebastian Thrun, Cresta launched in 2020. Since then, we’ve grown revenue and our team by 300%! We’ve assembled a world-class team of AI and ML experts, go-to-market leaders, and top-tier investors and advisors including Andreessen Horowitz, Greylock Partners, Sequoia, and former AT&T CEO John Donovan. Our valued customers include brands like Intuit, Porsche, Adobe, and Dropbox and we have been recognized as a startup to watch by Business Insider, Forbes, and Gartner to name a few. We have huge ambitions and are looking for stellar candidates who have an entrepreneurial mindset and are excited to use cutting-edge AI to solve real-world business problems.

Cresta is seeking a motivated individual with solid compliance experience to start the GRC function and support a growing global data protection and cybersecurity effort. With the right candidate this role will  eventually include people management responsibilities where you’d grow the team.


What you'll do:

  • Perform security risk assessments to identify gaps, come up with recommendations and drive the gaps to completion
  • Streamline SOC2, PCI, ISO, and HIPAA audit processes. Perform internal audits, keep the necessary documentation reviewed and updated as required for audits
  • Perform security compliance audits for new regions to comply with local regulations as the company expands internationally
  • Perform/Create annual onboarding trainings to educate personnel and re-iterate security and compliance requirements
  • Develop metrics to track security program effectiveness and to report riskInterface with with both technical (engineering) and non technical (sales/marketing) teams
  • Respond to customer RFIs, questions, and technical documentation requests
  • Assist with sales and marketing material representing product security and compliance


  • What we look for:

  • 4+ years of experience in compliance management with responsibilities for GRC
  • 4+ years of program management, with experience in affecting technology decisions
  • End to end experience going through SOC2 Type 2, ISO 27001 & 27701, PCI, and HIPAAExperience in a hands-on technical role, with basic understanding of software implementation and integration
  • A track record of building relationships and credibility with business leads, external partners, and regulators through collaborative and independent programs
  • Experience managing competing efforts and requirements


  • Apply Now