Governance, Risk & Compliance (GRC) Manager

Monachus helps early-stage startups build scalable systems for compliance, security, and operations. Without the chaos. We're a small, high-trust team based in Vancouver, BC, and our clients are spread across North America. We work closely with founders and technical teams who are moving fast and need security and compliance done right, not just done.

"Monachus" is Latin for monk, meaning diligent, dedicated, wise. If you care about doing high-quality work, being hands-on in the world of compliance, learning constantly, and having real ownership over outcomes, this is the kind of place where that actually happens.

We're hiring a GRC Manager who brings structure, precision, and strategic thinking to every client engagement. You'll be the person startups turn to when they need to navigate SOC 2, ISO 27001, and vendor assessments with confidence, and the person internally who helps us run tighter, smarter processes.

This is a full-time, hybrid role based in Vancouver. At six months, success looks like: clients trust you, and timelines are moving in an environment where the pace is real and clients' expectations are high. If you do your best work with structure and autonomy in equal measure, this is the right environment for you.

• Lead audits from start to finish. Manage SOC 2, ISO 27001, and related projects.

• Act as a trusted partner. Communicate clearly and proactively with clients.

• Own the details. Track timelines, gather evidence, validate remediations, and keep things moving.

• Make informed decisions. Assess risk and advise on compliance posture.

• Respond to vendor requests. Complete RFPs and questionnaires with accuracy and speed.

• Write meaningful policies. Draft SOPs and frameworks that reflect real operations.

• Train and guide. Deliver tailored compliance education for teams.

• Streamline where possible. Spot opportunities to improve processes and make things more efficient without overcomplicating.

• Collaborate across teams. Work with auditors, founders, and technical stakeholders.

• Stay informed. Track regulatory changes and help clients stay ahead.

Experience & Background

• Have 5+ years leading compliance audits (SOC 2, ISO 27001, etc.)

• Have worked with US-based clients and understand industry-standard cybersecurity frameworks

• Have experience responding to vendor assessments and security questionnaires

• Communicate clearly with both technical and non-technical audiences

• Think strategically and can explain the "why" behind your recommendations

• Understand startup environments and can adapt your approach accordingly

• Have a bachelor's degree in business, tech, or a related field (Master's preferred)

• Enjoy improving processes and finding leaner ways to get things done

Tools & Systems

• Are comfortable using structured systems like task trackers to manage work

• Know your way around cloud infrastructure, SDLC, and compliance tooling

You’ll Thrive Here If You

• Constantly look for ways to improve systems, workflows, and delivery quality

• Collaborate well and prioritize alignment over ego

• Can take direction, follow operating systems, and improve them instead of fighting them

• Move fast without sacrificing quality

• Take ownership and operate with high accountability

• Enjoy building scalable processes and improving how work gets done

• Are curious about new tools and technologies and actively experiment with AI to improve how work gets done

Why Monachus

• Direct impact with startup founders and leadership teams

• Small, high-trust team with autonomy

• Strong focus on quality, structure, and continuous improvement

• Work that values originality, depth, and thoughtful execution over templates or audit checklists

Send your resume, a short note about your interest in the role, and any relevant links (GitHub, portfolio, LinkedIn) to:

📧 work@monachus.co

Subject: Application - GRC Manager

Applications are reviewed on a rolling basis. We review every application. If you're a fit, someone from our team will reach out within 5 business days to introduce themselves and share next steps.