Compliance Program Manager

Superhuman offers a dynamic hybrid working model for this role. This flexible approach gives team members the best of both worlds: plenty of focus time along with in-person collaboration that helps foster trust, innovation, and a strong team culture. About Superhuman Grammarly is now part of Superhuman, the AI productivity platform on a mission to unlock the superhuman potential in everyone. The Superhuman suite of apps and agents brings AI wherever people work, integrating with over 1 million applications and websites. The company’s products include Grammarly’s writing assistance, Coda’s collaborative workspaces, Mail’s inbox management, and Go, the proactive AI assistant that understands context and delivers help automatically. Founded in 2009, Superhuman empowers over 40 million people, 50,000 organizations, and 3,000 educational institutions worldwide to eliminate busywork and focus on what matters. Learn more at superhuman.com and about our values here . The Opportunity Superhuman is unifying its compliance posture across its product family into a single, cohesive program. As a Compliance Program Manager, you will own audit execution, control testing, and vendor risk management across the multi-product environment. This is a great role for a mid-level GRC professional ready to move beyond single-entity compliance into audit consolidation, cross-framework coordination, and strategic initiatives. This is a high-impact opportunity to shape, not just maintain, Superhuman’s multi-product compliance program. You’ll help unify the organization’s compliance posture into a single, cohesive strategy while operating across a broad range of frameworks, including AI management. You’ll join a small, high-ownership team that actively uses LLMs and AI agents to automate and elevate GRC workflows. Your work will be highly visible to Legal and Engineering leadership, giving you direct influence over how we scale a modern, AI-forward compliance program across a rapidly growing product portfolio. In this role, you will: Own audit evidence collection, validation, and documentation across audit cycles, managing scheduling, coordination, and stakeholder engagement. Support multi-entity audit programs across products at varying maturity levels, including consolidation and gap analysis. Design and execute control testing procedures across SOC 2, ISO 27001, ISO 27017/27018, ISO 27701, PCI DSS, and ISO 42001. Identify control gaps, document findings, and drive remediation with control owners. Lead vendor security assessments, including SOC report reviews, questionnaire responses, risk tiering, and review scheduling. Maintain the policy document library, drive review cycles, and draft/update policies with guidance from senior team members. Serve as a trusted point of contact for compliance questions, customer-facing inquiries, trust questionnaires, and evidence sharing. Coordinate cross-functionally with control owners, Legal, and Engineering leadership. Qualifications 3+ years in GRC, compliance, or IT audit. Bachelor’s degree in Information Systems, Business, Computer Science, or related field (or equivalent experience). Hands-on experience with core compliance frameworks (e.g., SOC 2, ISO 27001, PCI DSS). Effective cross-functional communicator who can influence stakeholders. Working knowledge of AWS (compute, storage, IAM, security controls). Clear, structured technical writing and documentation skills. Ability to learn new tools quickly and translate technical concepts for non-technical audiences. SaaS or technology industry background is a plus. Familiarity with Git workflows and CI/CD practices, as well as exposure to AI governance or AI-focused standards (such as ISO 42001), is a plus. Professional certifications (such as CISA, CISSP, or ISO 27001 Lead Auditor) and experience with modern GRC platforms (e.g., Anecdotes, Vanta, Drata) are a plus, but not required. Has a demonstrated ability to work independently wi ... (truncated, view full listing at source)