Grammarly is excited to offer a remote-first hybrid working model. Team members can work primarily remotely in the United States, Canada, Ukraine, Germany, Poland, or Portugal. Conditions permitting, teams will meet in person a few weeks every quarter at one of Grammarly's hubs in San Francisco, Kyiv, New York, Vancouver, and Berlin, or in a workspace in Kraków.

We believe this balanced, flexible approach gives our team members the best of both worlds: plenty of focus time along with in-person collaboration that fosters trust, unlocks creativity, and further fuels innovation.

Grammarly team members in this role must be based in the United States or Canada.

The opportunity 

Every day, tens of millions of people and 50,000 professional teams rely on Grammarly’s AI-enabled communication assistance to help them communicate confidently and achieve their goals. Our team members have the autonomy to take on exciting challenges in pursuit of our mission to improve lives by improving communication. Together, we’re building on more than a decade of steady growth and profitability. We’re defining the communication assistance category for individuals, enterprises, and developers with tailored service offerings: Grammarly Premium, Grammarly Business, Grammarly for Education, and Grammarly for Developers. All of this begins with our team collaborating in an inclusive, values-driven, and learning-oriented environment.

User trust is at the heart of everything we do. To achieve our ambitious goals, we’re looking for a senior level Security Technical Program Manager (TPM) to join our Governance, Risk, and Compliance (GRC) team at Grammarly. This person will work within the Security organization and report to the Head of GRC. They will partner cross-functionally to lead and execute initiatives aimed at improving our security and compliance posture through a risk-based approach. They will spearhead efforts to build out Grammarly's cybersecurity risk management program, and partner closely with team members that manage governance of policies and procedures and internal/external audits. Their primary focus will be leading efforts for proactive risk identification/mitigation and increasing the maturity of our programs. 

The GRC team solves complex compliance challenges, improves processes, and drives greater efficiencies across the security assurance organization. This role will enable growth and help us scale our internal compliance processes to meet the regulatory expectations of customers worldwide by driving innovative campaigns cross-functionally across the organization.

Grammarly’s engineers and researchers have the freedom to innovate and uncover breakthroughs—and, in turn, influence our product roadmap. The complexity of our technical challenges is growing rapidly as we scale our interfaces, algorithms, and infrastructure. Read more about our stack or hear from our team on our technical blog.

Your impact

As Security Technical Program Manager, you will:

  • Build an enterprise-wide risk management framework which enables executive leadership to proactively identify risks and treatment plans to ensure company objectives are met.
  • Drive cybersecurity and enterprise risk management assessments and maintain the centralized risk register with threats, vulnerabilities, controls/mitigating factors, scores, and treatment plans for executive leadership visibility and planning.
  • Drive cross-functional initiatives to improve our security and compliance posture to meet increasing compliance obligations and customer commitments.
  • Assess planned product features to ensure compliance with privacy principles.
  • Provide technical controls implementation guidance to Engineering and Security teams related to security requirements/standards. 
  • Lead efforts to increase the maturity level of our controls environment and optimize audit processes to be at scale.

We’re looking for someone who

  • Embodies our EAGER values—is ethical, adaptable, gritty, empathetic, and remarkable.
  • Is able to collaborate in person 3 weeks per quarter, traveling if necessary to the hub where the team is based.
  • Is a senior level TPM with hands-on experience in leading large-scale, cross-functional initiatives aimed at improving overall security posture and aligning with company objectives.
  • Has implemented risk management frameworks such as NIST RMF and performed cybersecurity assessments such as NIST CSF, using quantitative or semi-quantitative scoring models.
  • Has a proven record of identifying gaps/weaknesses in an organization's security posture, assessing risk level, proposing practical treatment plans and control designs, and working closely with engineers to implement the plans while providing technical compliance guidance.
  • Has a strong understanding of the following security standards: SOC Type 2, ISO 27001/27017/27018, PCI DSS, HIPAA, GPDR, CSA CCM, and NIST 800-53 (FedRAMP Moderate is a plus).
  • Builds strong relationships with peers across the company to evangelize a security and risk-based culture.
  • Can effectively influence at all levels of the organization

Support for you, professionally and personally

  • Professional growth: We believe that autonomy and trust are key to empowering our team members to do their best, most innovative work in a way that aligns with their interests, talents, and well-being. We also support professional development and advancement with training, coaching, and regular feedback.
  • A connected team: Grammarly builds a product that helps people connect, and we apply this mindset to our own team. Our remote-first hybrid model enables a highly collaborative culture supported by our EAGER (ethical, adaptable, gritty, empathetic, and remarkable) values. We work to foster belonging among team members in a variety of ways. This includes our employee resource groups, Grammarly Circles, which promote connection among those with shared identities including BIPOC and LGBTQIA+ team members, women, and parents. We also celebrate our colleagues and accomplishments with global, local, and team-specific programs. 
  • Comprehensive benefits: Grammarly offers all team members competitive pay along with a benefits package encompassing excellent health care (including mental health and fertility benefits) and ample and defined time off. We also offer support to set up a home office, caregiver and pet care stipends, wellness stipends, 401(k) matching (US only), admission discounts, learning and development opportunities, and more.
  • For North America–based employment: Grammarly takes a market-based approach to compensation, meaning pay may vary depending on your location. Our US and Canada locations are categorized into compensation zones based on each geographic region’s cost of labor index. Base pay may vary considerably depending on job-related knowledge, skills, and experience. Our compensation packages include equity; a wide range of medical, dental, vision, disability, and life insurance options; retirement benefits; and parental leave. We offer twenty days of paid time off per year (global), eleven days of paid holidays per year (US and Canada), and unlimited sick days (global). 

The expected salary ranges for this position are outlined below by compensation zone and may be modified in the future. 

United States:

Zone 1: $281,000 - $360,000/year (USD)
Zone 2: $253,000  $324,000/year (USD)
Zone 3: $239,000  $306,000/year (USD)
Zone 4: $225,000  $288,000/year (USD)

Canada: 

Zone 1: 241,000  310,000/year (CAD)
Zone 2: 205,000  264,000/year (CAD)

We encourage you to apply

At Grammarly, we value our differences, and we encourage all—especially those whose identities are traditionally underrepresented in tech organizations—to apply. We do not discriminate on the basis of race, religion, color, gender expression or identity, sexual orientation, ancestry, national origin, citizenship, age, marital status, veteran status, disability status, political belief, or any other characteristic protected by law. Grammarly is an equal opportunity employer, a participant in the US Federal E-Verify program (US), and abides by the Employment Equity Act (Canada).

Grammarly currently supports the long-term work of team members in the following US states: Arizona, California, Colorado, Florida, Georgia, Illinois, Maine, Massachusetts, Minnesota, Nevada, New Jersey, New York, North Carolina, Oregon, Pennsylvania (Kennett Township, New London Township, Pittsburgh City, Shaler Township), South Carolina, Texas, Utah, Virginia, and Washington, as well as the District of Columbia 

Grammarly currently supports the long-term work of team members in the following Canadian provinces: British Columbia, Ontario 

Please note that EEOC is optional and specific to US-based candidates.

#NA

Please note that Grammarly’s COVID-19 vaccination policy requires that all team members in North America be vaccinated against COVID-19 to meet in person for Grammarly business or to work from a North America hub location. It is expected that this will be a requirement for this role. Qualified candidates in North America who cannot be vaccinated for medical reasons or because of a sincerely held religious belief may request a reasonable accommodation to this policy. For Europe, this policy requires team members to be vaccinated or produce a daily negative COVID-19 test administered on-site to work from the hub or attend in-person meetings.

#LI-Hybrid

Apply for this Job

* Required

resume chosen  
(File types: pdf, doc, docx, txt, rtf)
cover_letter chosen  
(File types: pdf, doc, docx, txt, rtf)


Voluntary Self-Identification

For government reporting purposes, we ask candidates to respond to the below self-identification survey. Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.

As set forth in Grammarly’s Equal Employment Opportunity policy, we do not discriminate on the basis of any protected group status under any applicable law.

Race & Ethnicity Definitions

If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection. As a government contractor subject to the Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure the effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categories is as follows:

A "disabled veteran" is one of the following: a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or a person who was discharged or released from active duty because of a service-connected disability.

A "recently separated veteran" means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.

An "active duty wartime or campaign badge veteran" means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.

An "Armed forces service medal veteran" means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.


Form CC-305

OMB Control Number 1250-0005

Expires 05/31/2023

Voluntary Self-Identification of Disability

Why are you being asked to complete this form?

We are a federal contractor or subcontractor required by law to provide equal employment opportunity to qualified people with disabilities. We are also required to measure our progress toward having at least 7% of our workforce be individuals with disabilities. To do this, we must ask applicants and employees if they have a disability or have ever had a disability. Because a person may become disabled at any time, we ask all of our employees to update their information at least every five years.

Identifying yourself as an individual with a disability is voluntary, and we hope that you will choose to do so. Your answer will be maintained confidentially and not be seen by selecting officials or anyone else involved in making personnel decisions. Completing the form will not negatively impact you in any way, regardless of whether you have self-identified in the past. For more information about this form or the equal employment obligations of federal contractors under Section 503 of the Rehabilitation Act, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

How do you know if you have a disability?

You are considered to have a disability if you have a physical or mental impairment or medical condition that substantially limits a major life activity, or if you have a history or record of such an impairment or medical condition.

Disabilities include, but are not limited to:

  • Autism
  • Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, or HIV/AIDS
  • Blind or low vision
  • Cancer
  • Cardiovascular or heart disease
  • Celiac disease
  • Cerebral palsy
  • Deaf or hard of hearing
  • Depression or anxiety
  • Diabetes
  • Epilepsy
  • Gastrointestinal disorders, for example, Crohn's Disease, or irritable bowel syndrome
  • Intellectual disability
  • Missing limbs or partially missing limbs
  • Nervous system condition for example, migraine headaches, Parkinson’s disease, or Multiple sclerosis (MS)
  • Psychiatric condition, for example, bipolar disorder, schizophrenia, PTSD, or major depression

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.