InfoSec & GRC Program Manager

InRule Technology®, Inc. is a PE-backed SaaS company with hundreds of customers in more than 40 countries. Our integrated Decision Intelligence Platform (DIP) combines decisioning, process automation, and machine learning to help IT and business leaders make better decisions faster, operationalize AI, and improve complex processes.
We are trusted by some of the world’s largest banks, insurance companies, healthcare organizations, and governments for mission-critical applications. By making automation accessible, InRule increases productivity, drives revenue, and delivers exceptional business outcomes.
Reporting to the Director of Technical Operations, the InfoSec & GRC Program Manager will drive planning and execution of our global Governance, Risk, Compliance (GRC) initiatives and audits. At InRule, this is a vital role that collaborates closely with other departments to ensure compliance with regulations and industry standards while efficiently supporting security due diligence processes with current and prospective customers.
Key Responsibilities

• Coordinate, conduct, and function as primary contact for all internal and external audits.
• Delegate control ownership to relevant participants across departments, monitor compliance status, and follow up to ensure timely completion of recurring compliance requirements related to SOC2, ISO27001, ISO 42001, GDPR, HIPAA, and other relevant frameworks.
• Lead or participate in gap assessment for ISO 42001 (AI Management System) to evaluate readiness and alignment with the new standard.
• Support the company’s alignment with the EU AI Act, ensuring AI governance controls are documented, risk-assessed, and integrated with existing information security management systems.
• Work with the Data Protection Officer (DPO) to execute data deletion requests, maintain our privacy policy and track data sub-processors.
• Conduct risk assessments and software vulnerability assessments to identify potential cybersecurity threats; document and follow-up on security-related findings.
• In preparation for external audits, support monitoring, evidence collection, gap assessments, and reviews as needed.
• Conduct periodic reviews and audits of internal policies, controls and processes; publish findings outlining successes and opportunities for improvement. 
• Partner with business stakeholders (including Sales, Product, IT and Engineering management) to identify risks, propose mitigation strategies and inform on emerging security threats and trends.
• Develop and maintain standard GRC documentation, such as policy and procedure documents or project plans.
• Manage and document scalable processes and automation to support our growth and compliance initiatives.
• Develop and assess operating effectiveness of controls.
• Assist in completion of customer assurance activities, such as security questionnaires.
• Perform vendor security and AI governance evaluations of existing and new vendors.

Required Skills and Experience

• At least 5+ years of experience managing or maturing ISO27001 and/or SOC2 compliance at a software company, preferably within a high-growth Cloud/SaaS environment
• Experience working with external auditors to efficiently drive an audit cycle to successful completion
• Ability to identify gaps, create mitigation plans, and work with control owners to implement changes
• Experience interacting with current and prospective customers to help navigate the security review process
• Strong communication skills with the ability to build relationships across departments and cultures as part of a global distributed team
• Experience using compliance and security tools; experience with Vanta highly desired
• Excellent interpersonal, communication, and presentation skills, including findings and report writing experience
• Experience completing customer security questionnaires 
• Ability to execute with urgency and attention to detail
• Experience working with cloud technologies, preferably Azure

Desired Skills and Experience

• Demonstrated experience conducting a gap assessment or readiness evaluation for ISO 42001, or other relevant frameworks.
• Familiarity with the EU AI Act and the ability to translate its regulatory requirements into actionable internal controls and processes.
• Relevant information security or AI governance certifications (e.g., CISM, ISO 27001 Lead Implementer, ISO 42001 Practitioner) a strong plus

Location

• Chicago, IL or Remote (preference for Central/Eastern Time Zone)
  Residence in the US is required

Compensation & Benefits

• Competitive Salary: $150K-$170K Base per year. Commensurate with experience and industry standards.
• Benefits: Includes comprehensive health insurance, 401(k) retirement, paid time off, and opportunities for professional development

Join us at InRule Technology and play a key role in shaping the user experience of our industry-leading decision management software. Together, we will create delightful solutions that empower our customers to make better, more informed decisions.