Compliance Program Manager

Superhuman offers a dynamic hybrid working model for this role. This flexible approach gives team members the best of both worlds: plenty of focus time along with in-person collaboration that helps foster trust, innovation, and a strong team culture.

Grammarly is now part of Superhuman, the AI productivity platform on a mission to unlock the superhuman potential in everyone. The Superhuman suite of apps and agents brings AI wherever people work, integrating with over 1 million applications and websites. The company’s products include Grammarly’s writing assistance, Coda’s collaborative workspaces, Mail’s inbox management, and Go, the proactive AI assistant that understands context and delivers help automatically. Founded in 2009, Superhuman empowers over 40 million people, 50,000 organizations, and 3,000 educational institutions worldwide to eliminate busywork and focus on what matters. Learn more at superhuman.com and about our values here.

Superhuman is unifying its compliance posture across its product family into a single, cohesive program. As a Compliance Program Manager, you will own audit execution, control testing, and vendor risk management across the multi-product environment. This is a great role for a mid-level GRC professional ready to move beyond single-entity compliance into audit consolidation, cross-framework coordination, and strategic initiatives.

This is a high-impact opportunity to shape, not just maintain, Superhuman’s multi-product compliance program. You’ll help unify the organization’s compliance posture into a single, cohesive strategy while operating across a broad range of frameworks, including AI management. You’ll join a small, high-ownership team that actively uses LLMs and AI agents to automate and elevate GRC workflows. Your work will be highly visible to Legal and Engineering leadership, giving you direct influence over how we scale a modern, AI-forward compliance program across a rapidly growing product portfolio.

In this role, you will:

• Own audit evidence collection, validation, and documentation across audit cycles, managing scheduling, coordination, and stakeholder engagement.
• Support multi-entity audit programs across products at varying maturity levels, including consolidation and gap analysis.
• Design and execute control testing procedures across SOC 2, ISO 27001, ISO 27017/27018, ISO 27701, PCI DSS, and ISO 42001.
• Identify control gaps, document findings, and drive remediation with control owners.
• Lead vendor security assessments, including SOC report reviews, questionnaire responses, risk tiering, and review scheduling.
• Maintain the policy document library, drive review cycles, and draft/update policies with guidance from senior team members.
• Serve as a trusted point of contact for compliance questions, customer-facing inquiries, trust questionnaires, and evidence sharing.
• Coordinate cross-functionally with control owners, Legal, and Engineering leadership.

• 3+ years in GRC, compliance, or IT audit.
• Bachelor’s degree in Information Systems, Business, Computer Science, or related field (or equivalent experience).
• Hands-on experience with core compliance frameworks (e.g., SOC 2, ISO 27001, PCI DSS).
• Effective cross-functional communicator who can influence stakeholders.
• Working knowledge of AWS (compute, storage, IAM, security controls).
• Clear, structured technical writing and documentation skills.
• Ability to learn new tools quickly and translate technical concepts for non-technical audiences.
• SaaS or technology industry background is a plus.
• Familiarity with Git workflows and CI/CD practices, as well as exposure to AI governance or AI-focused standards (such as ISO 42001), is a plus.
• Professional certifications (such as CISA, CISSP, or ISO 27001 Lead Auditor) and experience with modern GRC platforms (e.g., Anecdotes, Vanta, Drata) are a plus, but not required.
• Has a demonstrated ability to work independently with minimal guidance, proactively manages tasks and priorities across multiple projects, analyzes and executes work efficiently, collaborates effectively with cross-functional teams, and thrives in fast-paced, results-driven environments.

• Professional growth: We believe that autonomy and trust are key to empowering our team members to do their best, most innovative work in a way that aligns with their interests, talents, and well-being. 
• A connected team: Superhuman builds a product that helps people connect, and we apply this mindset to our own team. Our remote-first, hybrid model enables a highly collaborative culture rooted in our values. We work to foster belonging among team members in a variety of ways. This includes our team member resource groups, Superhuman Circles, which promote connection among those with shared identities including BIPOC and LGBTQIA+ team members, women, and parents. We also celebrate our colleagues and accomplishments with global, local, and team-specific programs. 
• Comprehensive benefits for candidates based in Ukraine: Superhuman offers all team members competitive pay along with a benefits package encompassing life care (including mental health care and risk benefits) and ample and defined time off. We also offer support to set up a home office, wellness and pet care stipends, learning and development opportunities, and more.

At Superhuman, we value our differences, and we encourage all—especially those whose identities are traditionally underrepresented in tech organizations—to apply. Superhuman is an equal opportunity company. We do not discriminate on the basis of race or ethnic origin, religion or belief, color, gender expression or identity, sexual orientation, sexual identity, national origin, citizenship, age, marital status, veteran status, disability status, criminal prosecution, judgment in a criminal case, or any other characteristic protected by law.

For more details about the personal data Superhuman collects during the recruitment process, for what purposes, and how you can address your rights, please see the Superhuman Data Privacy Notice for Candidates here. 

#LI-Remote