Governance, Risk, and Compliance Manager

Decagon is the leading conversational AI platform empowering every brand to deliver concierge customer experiences.

Our technology enables industry-defining enterprises like Avis Budget Group, Block’s Cash App and Square, Chime, Oura Health, and Hunter Douglas to deploy AI agents that power personalized, deeply satisfying interactions across voice, chat, email, SMS, and every other channel.

We’re building a future where customer experiences are being redefined from support tickets and hold music to faster resolutions, richer conversations, and deeper relationships. We’re proud to be backed by world-class investors who share that vision, including a16z, Accel, Bain Capital Ventures, Coatue, and Index Ventures, along with many others.

We’re an in-office company, driven by a shared commitment to excellence and velocity. Our values — Just Get It Done, Invent What Customers Want, Winner’s Mindset, and The Polymath Principle — shape how we work and grow as a team.

The Security Engineering team at Decagon protects the platform that powers the most advanced conversational AI agents for enterprise customers across voice, chat, email and SMS. We build the security foundations that enable Decagon's AI agents to handle sensitive customer data with complete trust while defending against sophisticated, AI-enabled threats at massive scale.

Our mission is to secure magical support experiences, ensuring that AI agents and human agents can collaborate safely to help users resolve their issues while maintaining the highest standards of security and privacy.

Join Decagon as a Compliance Manager and play a critical role in securing customer trust as we scale to serve Fortune 500 and international enterprises. Working closely with the head of security and compliance, you'll be responsible for the day-to-day execution of our compliance program and customer security engagements. This is a high-impact role where you'll directly contribute to closing enterprise deals by efficiently managing security communications with customers, supporting compliance audits, and improving our security documentation. Perfect for someone who thrives in a high impact organization with attention to detail, excellent writing skills, and who wants to build expertise in enterprise AI compliance.

• Drive compliance certifications including SOC 2 Type II, ISO 27001, PCI DSS, HIPAA, and CCPA

• Automate or execute compliance evidence collection, ensuring all controls are properly documented and audit-ready

• Maintain and improve security documentation including policies, procedures, and customer-facing security collateral

• Support customer security assessments by preparing materials for security reviews and helping address technical inquiries from Fortune 500 security teams

• Manage security and compliance topics in RFPs end-to-end, coordinating responses across engineering, product, and legal teams to deliver accurate, timely responses to enterprise customers.

• Coordinate with contractors and vendors to maintain response quality and meet timelines during peak sales periods

• Build and optimize repeatable processes to scale our GRC operations to hundreds of enterprise customers

• Partner with sales engineering to understand customer security requirements and proactively prepare responses for common concerns

• Partner with Sales and Customer Success to accelerate deal velocity by proactively addressing customer security concerns with published content

• Collaborate with Security, Engineering, and Product teams to translate compliance requirements into actionable technical controls and ensure new features meet regulatory standards

• Establish vendor risk management programs to assess and monitor third-party security risks across our supply chain

• 3-5 years of GRC experience in high-growth SaaS or technology companies, with direct responsibility for compliance programs

• Proven track record successfully contributing to SOC 2, ISO 27001, or similar enterprise compliance certifications

• Experience in data privacy regulations including CCPA, GDPR, and emerging AI governance frameworks

• Strong project management skills with ability to coordinate cross-functional teams under tight deadlines

• Excellent written and verbal communication skills to translate complex security concepts for diverse audiences

• Working knowledge of technical security controls and ability to collaborate effectively with engineering teams

• Experience with AI/ML compliance frameworks and understanding of unique risks in conversational AI systems

• Background in healthcare or financial services with knowledge of HIPAA or PCI requirements

• Track record of building GRC programs at companies scaling from startup to enterprise

• Experience with GRC platforms like Vanta, Drata, or SecureFrame to automate compliance workflows

• Understanding of cloud security particularly Google Cloud Platform compliance and security features