GRC Manager

Job Description

Uplight is creating a new category of energy. We make software that manages energy resources in homes and businesses-including things like smart thermostats, electric vehicles, solar panels, storage batteries, heat pumps, and even people's behavior-to generate, shift, or save energy to balance the grid, making it more efficient and reliable. This creates clean energy capacity that can be used by the power grid instead of burning more fossil fuels. Our solutions accelerate the transition to clean energy and save money for energy customers.

We are looking for a GRC Manager to drive our company forward, and help us lead the clean energy revolution!

How you will make an impact

The GRC Manager translates strategic direction into actionable workflows, coordinates cross-functional teams, supports evidence lifecycle management, maps frameworks to controls to implementation, leads readiness activities, and ensures all GRC processes operate smoothly and efficiently. This role requires strong coordination, documentation, audit, and control-testing capabilities, paired with working technical fluency to understand control implications without performing system administration.

• Leadership: Leads the GRC program and a team of security professionals.
• Governance: Develop, document, and implement internal policies and procedures to ensure compliance with industry standards and legal requirements. Map requirements to controls and manage the company's execution of the controls.
• Risk Management: Conduct regular enterprise-wide risk assessments, maintain a risk register, and develop mitigation strategies for identified threats. Co-lead Risk Management committees.
• Compliance: Lead audits and manage compliance efforts for frameworks such as SOC 2, ISO 27001, PCI-DSS, NERC-CIP, and privacy principles. Manage CAPAs for non-compliance.
• Third-Party Risk: Manage vendor risk management processes, including vendor assessments and contract reviews.
• Sales-cycle Support: Manage security and privacy responses to client questions and questionnaires, including RFPs, RFIs, annual risk reviews, and ad-hoc communication requests.
• Business Continuity: Manage and update business continuity and disaster recovery documentation, including BIAs, plan revisions, team rosters, and dependencies. Plan, coordinate, and document annual exercises, such as tests, tabletops, and other exercises.
• Awareness & Training: Oversee rollout of cybersecurity and privacy awareness campaigns and required annual training and policy attestations. Monitor participation, ensure compliance, and support content preparation aligned with company and regulatory requirements.
• Metrics: Build and manage security and privacy metrics program
• Technology & Reporting: Select and manage GRC software tools to automate processes, monitor controls, and provide reports to executives.
• Collaboration: Collaborate with IT, Security, Legal, and People teams to drive risk-informed decision-making and build a culture of compliance.

We hire on value alignment first. The ideal candidate is someone who has a demonstrated passion for security and for leaving the world better than they found it. If you feel you'd be a good fit with us, consider applying.

What you bring to Uplight

• Experience: Previous experience in GRC, risk management, or internal audit, often with a mid-level leadership background.
• Framework Knowledge: Proficiency in frameworks like SOC2, NIST CSF, ISO 27001, and NERC-CIP.
• Analytical Skills: Strong ability to analyze risk data and translate complex regulations into actionable controls.
• Communication: Excellent communication skills to interact with stakeholders and lead team efforts.
• Experience with 3rd party/vendor risk management processes
• Experience in working with sales teams to complete Requests for Proposals and security questionnaires
• Understanding of GRC processes such as policy management, risk assessment, and IT audits
• Exposure to public cloud and cloud security concepts in environments like AWS, Azure or GCP
• Exceptional verbal and written communication skills

Bonus Points

• GRC or Privacy certifications (e.g. CISA, CIPP, etc)

Why Join Uplight in Leading the Fight Against Climate Change?

At Uplight, we're not just offering a job - we're offering a chance to be part of the solution to one of the world's biggest challenges. As a certified B Corporation, we're deeply committed to both social and environmental responsibility. Here's why you should join our team of passionate Uplighters:

• Make a Meaningful Impact: Your work directly impacts our mission of decarbonization and building a more sustainable future.
• Grow Your Career: We offer ample advancement opportunities, robust learning and development programs, and a supportive team environment that fosters collaboration and innovation.
• Thrive: We offer comprehensive benefits, including flexible time off, generous parental leave, a wellness stipend, and work flexibility to help you thrive both personally and professionally.
• Belong to an Inclusive Community: We celebrate diversity and foster an inclusive workplace where everyone feels respected, empowered, and heard. Our Employee Resource Groups offer opportunities to connect with colleagues who share your interests and backgrounds.
• Be Part of a Growing Movement: Join a team of dedicated individuals who are passionate about creating a more sustainable future. We offer a collaborative environment where your ideas are valued and your contributions recognized. Together, we can build a brighter tomorrow.

To learn more about our comprehensive benefits package and other perks, visit uplight.com/careers

Salary Range: $160,000 to $180,000

In accordance with the Colorado Equal Pay for Equal Work Act, the approximate annual base compensation range is listed above. The actual offer, reflecting the total compensation package and benefits, will be determined by a number of factors including the applicant's experience, knowledge, skills, and abilities, as well as internal equity among our team.

Uplight provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race (including hair texture and hairstyles), color, religion (including head coverings), age, sex, national origin, disability status (including neurodivergence), genetics, protected veteran status, sexual orientation, gender identity or expression, neurotypicality, or any other characteristic protected by federal, state or local laws.