OpenGov is the leader in AI-enabled software for cities, counties, state agencies, and special districts. With a mission to power more effective and accountable government, OpenGov serves 2,000 communities across the United States. OpenGov is built exclusively for the unique asset management, permitting and licensing, procurement and contract management, tax and revenue, budgeting and planning, and financial management needs of the public sector. The OpenGov platform empowers organizations to operate more efficiently, adapt to change, and strengthen public trust.
Learn more or request a demo at opengov.com

QUALIFICATIONS:

• Minimum 5 years of experience in cybersecurity, information security, or compliance, including at least 2 years in a GRC leadership or ownership role.
• Certifications such as ISO 27001 Lead Auditor, CISA, or CRISC are a plus.
• Hands-on experience managing GovRamp and SOC 2 audits, including preparation, execution, and response.
• Expert knowledge of NIST 800-53 (GovRAMP), CIS Controls, risk management methodologies, and data protection best practices.
• Proven success in risk identification, analysis, and reporting through a maintained risk register.
• Excellent communication skills with the ability to present clearly to both technical and non-technical stakeholders.
• Familiarity with GRC platforms such as Drata, Vanta, LogicGate, or similar.
• Self-starter who thrives in fast-paced environments with competing priorities.
  $160k - $200k
  On target ranges above include base plus a portion of variable compensation that is earned based on company and individual performance.
  The final compensation will be determined by a number of factors such as qualifications, expertise, and the candidate’s geographical location.

THE ROLE:

OpenGov is seeking a driven and strategic Manager of Governance, Risk, and Compliance (GRC) to lead and evolve our cybersecurity compliance program. This role is critical in managing risk, ensuring audit readiness, and maintaining alignment with regulatory standards including GovRamp Moderate and SOC 2 Type II. You’ll build and optimize scalable GRC processes, lead cross-functional initiatives, and drive a culture of security, accountability, and continuous improvement across the organization.

KEY RESPONSIBILITIES:

• Own and lead OpenGov’s GRC program strategy, roadmap, and daily operations.
• Manage all phases of internal and external audits (GovRamp, SOC 2), including control design, evidence collection, and remediation tracking.
• Maintain and enhance the enterprise risk register: perform risk assessments, evaluate mitigation efforts, and present risk posture updates to leadership.
• Develop, update, and enforce security and compliance policies, procedures, and standards.
• Conduct third-party/vendor security risk assessments and manage due diligence workflows.
• Collaborate closely with IT, Engineering, and Legal to ensure technical and procedural controls align with compliance obligations.
• Lead initiatives for compliance automation, continuous control monitoring, and process optimization.
• Support training and awareness programs to reinforce compliance culture and security best practices across departments.
• Monitor the regulatory landscape and emerging frameworks to ensure proactive compliance planning.