Security Technical Program Manager

Grammarly team members in this role must be based in the United States or Canada.

The opportunity 

Every day, tens of millions of people and 50,000 professional teams rely on Grammarly’s AI-enabled communication assistance to help them communicate confidently and achieve their goals. Our team members have the autonomy to take on exciting challenges in pursuit of our mission to improve lives by improving communication. Together, we’re building on more than a decade of steady growth and profitability. We’re defining the communication assistance category for individuals, enterprises, and developers with tailored service offerings: Grammarly Premium, Grammarly Business, Grammarly for Education, and Grammarly for Developers. All of this begins with our team collaborating in an inclusive, values-driven, and learning-oriented environment.

User trust is at the heart of everything we do. To achieve our ambitious goals, we’re looking for a senior level Security Technical Program Manager (TPM) to join our Governance, Risk, and Compliance (GRC) team at Grammarly. This person will work within the Security organization and report to the Head of GRC. They will partner cross-functionally to lead and execute initiatives aimed at improving our security and compliance posture through a risk-based approach. They will spearhead efforts to build out Grammarly's cybersecurity risk management program, and partner closely with team members that manage governance of policies and procedures and internal/external audits. Their primary focus will be leading efforts for proactive risk identification/mitigation and increasing the maturity of our programs. 

The GRC team solves complex compliance challenges, improves processes, and drives greater efficiencies across the security assurance organization. This role will enable growth and help us scale our internal compliance processes to meet the regulatory expectations of customers worldwide by driving innovative campaigns cross-functionally across the organization.

Grammarly’s engineers and researchers have the freedom to innovate and uncover breakthroughs—and, in turn, influence our product roadmap. The complexity of our technical challenges is growing rapidly as we scale our interfaces, algorithms, and infrastructure. Read more about our stack or hear from our team on our technical blog.

Your impact

As Security Technical Program Manager, you will:

• Build an enterprise-wide risk management framework which enables executive leadership to proactively identify risks and treatment plans to ensure company objectives are met.
• Drive cybersecurity and enterprise risk management assessments and maintain the centralized risk register with threats, vulnerabilities, controls/mitigating factors, scores, and treatment plans for executive leadership visibility and planning.
• Drive cross-functional initiatives to improve our security and compliance posture to meet increasing compliance obligations and customer commitments.
• Assess planned product features to ensure compliance with privacy principles.
• Provide technical controls implementation guidance to Engineering and Security teams related to security requirements/standards. 
• Lead efforts to increase the maturity level of our controls environment and optimize audit processes to be at scale.

We’re looking for someone who

• Embodies our EAGER values—is ethical, adaptable, gritty, empathetic, and remarkable.
• Is able to collaborate in person 3 weeks per quarter, traveling if necessary to the hub where the team is based.
• Is a senior level TPM with hands-on experience in leading large-scale, cross-functional initiatives aimed at improving overall security posture and aligning with company objectives.
• Has implemented risk management frameworks such as NIST RMF and performed cybersecurity assessments such as NIST CSF, using quantitative or semi-quantitative scoring models.
• Has a proven record of identifying gaps/weaknesses in an organization's security posture, assessing risk level, proposing practical treatment plans and control designs, and working closely with engineers to implement the plans while providing technical compliance guidance.
• Has a strong understanding of the following security standards: SOC Type 2, ISO 27001/27017/27018, PCI DSS, HIPAA, GPDR, CSA CCM, and NIST 800-53 (FedRAMP Moderate is a plus).
• Builds strong relationships with peers across the company to evangelize a security and risk-based culture.
• Can effectively influence at all levels of the organization

Support for you, professionally and personally

• Professional growth: We believe that autonomy and trust are key to empowering our team members to do their best, most innovative work in a way that aligns with their interests, talents, and well-being. We also support professional development and advancement with training, coaching, and regular feedback.
• A connected team: Grammarly builds a product that helps people connect, and we apply this mindset to our own team. Our remote-first hybrid model enables a highly collaborative culture supported by our EAGER (ethical, adaptable, gritty, empathetic, and remarkable) values. We work to foster belonging among team members in a variety of ways. This includes our employee resource groups, Grammarly Circles, which promote connection among those with shared identities including BIPOC and LGBTQIA+ team members, women, and parents. We also celebrate our colleagues and accomplishments with global, local, and team-specific programs. 
• Comprehensive benefits: Grammarly offers all team members competitive pay along with a benefits package encompassing excellent health care (including mental health and fertility benefits) and ample and defined time off. We also offer support to set up a home office, caregiver and pet care stipends, wellness stipends, 401(k) matching (US only), admission discounts, learning and development opportunities, and more.
• For North America–based employment: Grammarly takes a market-based approach to compensation, meaning pay may vary depending on your location. Our US and Canada locations are categorized into compensation zones based on each geographic region’s cost of labor index. Base pay may vary considerably depending on job-related knowledge, skills, and experience. Our compensation packages include equity; a wide range of medical, dental, vision, disability, and life insurance options; retirement benefits; and parental leave. We offer twenty days of paid time off per year (global), eleven days of paid holidays per year (US and Canada), and unlimited sick days (global). 

The expected salary ranges for this position are outlined below by compensation zone and may be modified in the future. 

United States:

Canada: 

We encourage you to apply

At Grammarly, we value our differences, and we encourage all—especially those whose identities are traditionally underrepresented in tech organizations—to apply. We do not discriminate on the basis of race, religion, color, gender expression or identity, sexual orientation, ancestry, national origin, citizenship, age, marital status, veteran status, disability status, political belief, or any other characteristic protected by law. Grammarly is an equal opportunity employer, a participant in the US Federal E-Verify program (US), and abides by the Employment Equity Act (Canada).

Grammarly currently supports the long-term work of team members in the following US states: Arizona, California, Colorado, Florida, Georgia, Illinois, Maine, Massachusetts, Minnesota, Nevada, New Jersey, New York, North Carolina, Oregon, Pennsylvania (Kennett Township, New London Township, Pittsburgh City, Shaler Township), South Carolina, Texas, Utah, Virginia, and Washington, as well as the District of Columbia 

Grammarly currently supports the long-term work of team members in the following Canadian provinces: British Columbia, Ontario 

Please note that EEOC is optional and specific to US-based candidates.

#NA