GRC Manager

About Blacksmith

• We started by building infrastructure to run CI workloads really fast. Our first product helps companies run GitHub Actions substantially faster and cheaper by owning and operating our own global fleet of bare-metal machines rather than renting generic cloud VMs.

• Today, we orchestrate tens of millions of Firecracker VMs each month, running CI for 2,000+ companies and hit ~$10M in ARR in less than 2 years.

• We operate thousands of bare-metal machines across multiple regions, regularly schedule 50k+ vCPUs concurrently, and run a petabyte-scale Ceph cluster that we manage ourselves.

• We’ve raised $13.5M across Seed and Series A, led by Google Ventures (GV), and we’re intentionally building a small, but exceptional team.

• Blacksmith was founded by a team with deep systems and scaling experience, including building search/ads infrastructure at Faire, and operating large distributed systems at Cockroach Labs. Our GTM is led by Jon Boyer, formerly Head of Sales at Zapier.

• We’re now extending the same CI infrastructure into a broader platform: running agent sandboxes at scale and building our own background coding agent on top of it.

What You'll Do

• Own compliance at Blacksmith. You will design and implement the Blacksmith policies and controls from scratch.

• Run GRC and compliance operations. You’ll manage SOC 2 compliance & ensure audit readiness. You’ll also ensure GDPR compliance.

• Assess, qualify and implement a GRC technology stack that ensures we maintain best practice.

• Own customer and vendor risk. You’ll be responsible for all customer and prospect compliance questionnaires, reviews and due diligence.

• Ensure that the business stays ahead of evolving regulatory changes & changes in risk assessment as we move further into the enterprise market.

• Educate the leadership team and wider business on GRC best practice and the Blacksmith standards for compliance.

• Potentially lead the preparation for further industry certifications (ISO27001 etc.) in the future.
  

You’re a good fit if you have

• Significant experience in GRC & compliance within a high growth, technology startup environment.

• You must be able to demonstrate how you have owned building 0-1 compliance processes and best practices. Ideally you’ll have a blend of experience building 0-1 as well as picking up compliance in flight.

• Deep experience with SOC 2 Type II audits and compliance programs. You've built or significantly improved a compliance program, not just maintained one.

• Strong knowledge of the GRC & compliance technology landscape, with a good understanding of what a best in class GRC technology stack should look like.

• Comfortable being hands on. This is an execution role, from answering questionnaires to writing policies you should be the person who wants to deliver.

• Exceptional communicator.

Compensation and benefits

• Medical, Vision, and Dental insurance.

• Competitive base + equity.

• 401K match.

• Unlimited PTO.

• Annual offsite.

• Early-exercise stock options