Lead, Governance, Risk, Compliance & Privacy (GRC)
About Beacon Software Beacon is acquiring and operating a portfolio of vertical SaaS companies. Most private equity firms scale by adding people. We are building Beacon to scale by adding software. The thesis is simple: portfolio operations, value creation, and deal sourcing are bottlenecked by human attention, and an agentic operating system can lift that ceiling by an order of magnitude. We are looking for a GRC leader to build and scale the governance, risk, compliance, and privacy function for a growing portfolio of software companies. This is a founding, high-ownership role for someone who has built before and treats automation and modern AI tooling as the default way to operate.
About the Role
Our GRC function is at an early, formative stage. You would shape it from the foundations and scale it across the portfolio, working directly with our portfolio companies to take them through their own audits and certifications, and designing a program that grows with the business rather than one built for a single audit. The mandate spans security compliance, data privacy, risk, and AI governance. We expect it to be built AI-first: modern automation platforms and LLM-assisted workflows over manual process.
What You'll Do
The role spans two scopes: Beacon. The holdco's enterprise governance program: security policy, AI governance, data governance and privacy, enterprise and third-party risk, and posture reporting. Governance-led, including any frameworks Beacon itself elects to pursue. Portfolio companies. Taking our portfolio companies through their own audits and certifications (SOC 2, ISO 27001, accessibility conformance, and others as their customers require), delivered hands-on as a repeatable service that scales across the portfolio. Underpinning both: a common control architecture that maps a control once to satisfy many standards, AI-first automation, and clear program reporting. Who You Are You have built or substantially matured a GRC program before and taken an organization through SOC 2 Type 2. Typically several years (5+) in GRC, IT governance, or security compliance, though what you have built matters more to us than the count. A builder with a bias for action. When you see a manual process, your first instinct is how to automate it. A strong systems thinker. You design scalable GRC architectures, not one-off fixes for the next audit. Fluent with a compliance automation platform (Vanta, Drata, Secureframe, or similar) and current on AI tooling in practice, not just in theory. Comfortable across both security compliance and data privacy, or able to ramp quickly on regimes you have not personally run. An excellent cross-functional communicator who works through influence and can translate compliance requirements into terms both technical and non-technical teams can act on. A clear writer. Bonus Points Privacy or audit certifications (CIPP, CIPM, CISA, CISSP, or ISO 27001 Lead Auditor or Implementer). Experience with regimes beyond SOC 2 (ISO 27001, PCI DSS, HIPAA, FedRAMP, StateRAMP) and accessibility conformance (WCAG, VPAT). Enough technical fluency to scope what the program needs and partner closely with engineering, even without building the tooling yourself. Multi-entity, private-equity, or holding-company experience. M&A security and privacy diligence experience. Our Values at Beacon Software Humility: We acknowledge that the path to getting to the right answer involves being wrong along the way. We have strong beliefs which are weakly held. We actively seek new ideas and believe we can learn from anyone at any time. Honesty: We are truth seeking in our approach to business problems. Business is a repeat game and we believe that human relationships generate alpha. We understand that trust is earned over a lifetime and can be lost in an instant. Hunger: We play to win. We hold ourselves to high standards and will not be outworked. We take pride in having a deep sense of responsibility to ourselves, each other, our partners, and our customers. We believe to whom much is given much is expected. Horizon: We seek to build a generational software company. This will take decades. We manage our expectations and those of our partners to take advantage of the 8th wonder of the world - compounding growth. How We Use AI in Our Hiring Process: To ensure transparency, we want candidates to know that Beacon Software uses Artificial Intelligence and AI-enabled tools to assist with screening, reviewing, organizing and highlighting profiles and applications that match the key requirements for each role. AI does not make hiring decisions: Every application is reviewed by a member of our team, and all decisions throughout the process are made by humans. We use AI to support efficiency and consistency, not to replace human judgment. We are committed to a fair, thoughtful, and equitable experience for every candidate. Apply To This Job