Governance, Risk, and Compliance (GRC) Lead

About Zowie:At Zowie, we’re revolutionizing how businesses interact with their customers. We’re creating a future where AI Agents handle 100% of customer service interactions—delivering instant, personalized, and exceptional experiences.
We believe AI Agents represent the next major technological shift, and Zowie is positioned to lead the charge. Leading consumer brands like GetYourGuide, DocMorris, Monos, Monica Vinader, Decathlon, Media Markt already trust our AI Agents to be on the front line of their customer care efforts, handling millions of conversations monthly.
This is a foundational role at Zowie - as Governance, Risk, and Compliance (GRC) Lead, you will be responsible for building, implementing, and managing Zowie’s GRC program. You will ensure we meet our regulatory obligations, manage risks effectively, and maintain the trust of our customers by demonstrating a strong commitment to security and compliance. You will be the central point of contact for all GRC-related activities, working cross-functionally to embed best practices throughout the organization.
As a GRC Lead at Zowie, you'll have:- The opportunity to build and own the GRC function in a rapidly growing AI company in the enterprise B2B space.- Direct impact on the company's ability to scale, secure enterprise clients, and build trust.- Collaborative and innovative work environment in a company positioned on the cutting edge of innovation in enterprise AI applications.
Sounds interesting? Let's have a conversation!

What you'll do:

• Governance, Risk and Compliance Program Development & Implementation: Take ownership of Zowie’s existing GRC program, including its strategy, framework, policies, standards, and procedures, and drive its continuous improvement and adaptation to our B2B SaaS environment.
• Compliance Management: Lead and manage compliance efforts for key industry frameworks and regulations, including but not limited to: SOC 2 Type 2, GDPR, HIPAA, DORA (Digital Operational Resilience Act).
• Audit Oversight: Plan, coordinate, and oversee internal and external audits (e.g., SOC 2). Act as the primary point of contact for external auditors. Manage the collection of audit evidence and coordinate remediation efforts for any identified findings.
• Coordination of security questionnaires and due diligence requests: Develop and manage a streamlined process for responding to customer and prospect security questionnaires and due diligence requests. Maintain a knowledge base of security and compliance information to support the sales process.
• Risk Management: Maintain Zowie’s risk register. Work with stakeholders to identify, assess, treat, and monitor risks across the organization. Report on risk posture to leadership.
• Incident Management and Business Continuity: Oversee and contribute to the development, implementation, and testing of Zowie’s incident management framework, ensuring alignment with compliance obligations (e.g., GDPR breach notification, DORA ICT incident reporting). Play a key role in the maintenance, testing, and continuous improvement of Zowie’s Business Continuity and Disaster Recovery (BCDR) plans.
• Policy & Documentation Management: develop, review, and update information security policies and procedures to ensure they are current, effective, and well-communicated.
• Stakeholder Reporting & Communication: manage and fulfill reporting responsibilities regarding GRC matters to customers, regulatory bodies, and internal stakeholders, ensuring transparency and compliance.
• Cross-Functional Collaboration: work closely with Engineering, Product, Sales, Legal, HR, and other teams to integrate GRC principles into their processes. Provide GRC expertise and guidance to internal stakeholders.
• Vendor Risk Management: Take ownership of Zowie’s vendor risk management program.

Ideally, you'll bring with you:

• Builder Mentality: You are excited by the opportunity to build and shape a GRC program from the ground up. You are proactive, resourceful, and can operate effectively in an environment where processes are still being defined.
• Strong Sense of Ownership: You take full responsibility for your work, see tasks through to completion, and are committed to achieving successful outcomes for the GRC program and the company.
• AI native: You incorporate AI into your daily work, allowing you to achieve unparalleled productivity.
• Exceptional Prioritization Skills: You can navigate a complex landscape of requirements, understand business objectives, and prioritize GRC efforts to deliver maximum impact.
• Strong Communication & Collaboration: You can clearly articulate complex GRC concepts to diverse audiences (technical and non-technical) and build strong working relationships across all levels of the organization to foster a culture of compliance.
• Pragmatism & Business Acumen: You understand the realities of a growing SaaS business and can implement robust GRC controls in a practical way that supports, rather than hinders, business agility and innovation.
• Sufficient Technical Aptitude: You possess a good understanding of SaaS architecture, cloud environments (e.g., AWS, Azure, GCP), and general IT concepts to effectively assess risks and controls.
• Relevant Experience: You have a proven track record in similar GRC roles, ideally within B2B SaaS companies, and direct experience with the frameworks critical to Zowie.

We are:• Ambitious and innovative. We never settle. We always look for better ways of doing things. • Like a sports team. We take ownership of our work and believe in personal accountability. At the same time, we work together, support each other, and focus on winning as a team. • Unafraid of change. The market we're in is changing rapidly and we thrive in this ever-evolving environment. • Growing fast. You’ll have a lot of autonomy and impact as we grow.