GRC Manager

Groupon is a marketplace where customers discover new experiences and services everyday and local businesses thrive. To date we have worked with over a million merchant partners worldwide, connecting over 16 million customers with deals across various categories. In a world often dominated by e-commerce giants, we stand out as one of the few platforms uniquely committed to helping local businesses succeed on a performance basis.

Groupon is on a radical journey to transform our business with relentless pursuit of results. Even with thousands of employees spread across multiple continents, we still maintain a culture that inspires innovation, rewards risk-taking and celebrates success. The impact here can be immediate due to our scale and the speed of our transformation. We're a "best of both worlds" kind of company. We're big enough to have the resources and scale, but small enough that a single person has a surprising amount of autonomy and can make a meaningful impact.

The GRC Manager – Information Security Management leads the design, implementation, and ongoing improvement of controls and risk mitigation strategies to protect Groupon’s infrastructure, information systems, and digital payment environments. This role defines and operationalises governance frameworks, security policies, and compliance protocols to safeguard critical assets and ensure alignment with industry standards and regulatory requirements (e.g., ISO 27001, NIST, SOC 2, SOX, GDPR). The manager is responsible for identifying cybersecurity objectives, setting measurable goals and metrics, and ensuring appropriate protective technologies and processes are in place—spanning access controls, encryption, firewalls, and threat detection systems. They oversee incident response, vulnerability management, and forensic investigations, providing strategic and tactical guidance to senior leadership on potential risks and business impacts. Additionally, this role manages audits, maintains compliance documentation, and leads cross-functional collaboration across Legal, Engineering, and Risk functions. The GRC Manager recruits, develops, and manages team members to ensure the effective and efficient operation of the GRC programme.

GRC Manager – Key Qualifications

🎓 Education

• Bachelor’s degree in Information Security, Computer Science, Business Administration, Law, or a related field.
• Advanced degree (MBA, JD, or MS in Information Security) is a plus.

📜 Certifications

• One or more of the following strongly preferred:
  • CISSP – Certified Information Systems Security Professional
  • CISM – Certified Information Security Manager
  • CRISC – Certified in Risk and Information Systems Control
  • CISA – Certified Information Systems Auditor
  • CGRC (formerly CAP) – Certified in Governance, Risk and Compliance
  • ISO 27001 Lead Auditor/Implementer

🛠️ Skills & Experience

• 5–8+ years of experience in GRC, risk management, information security, compliance, or audit, preferably in a technology or e-commerce company.
• Experience implementing and maintaining GRC frameworks (NIST CSF, ISO 27001, SOC 2, SOX, GDPR, etc.).
• Strong familiarity with security controls, IT general controls, and risk assessment methodologies.
• Experience using GRC platforms (e.g., ServiceNow GRC, Archer, OneTrust, LogicGate).
• Understanding of cloud environments (AWS, GCP) and associated security and compliance concerns.
• Ability to evaluate regulatory and contractual obligations, map controls, and assess risk exposure.
• Ability to lead internal/external audits and engage with cross-functional teams (Legal, Engineering, HR, Product).
• Excellent written and verbal communication skills for working with technical and non-technical audiences.

🤝 Leadership & Soft Skills

• Demonstrated ability to lead cross-functional initiatives and influence senior stakeholders.
• High attention to detail with strong analytical and problem-solving skills.
• Strategic thinking paired with hands-on execution.
• Ability to prioritise multiple initiatives in a fast-paced environment.

Groupon is an AI-First Company
We’re committed to building smarter, faster, and more innovative ways of working—and AI plays a key role in how we get there. We encourage candidates to leverage AI tools during the hiring process where it adds value, and we’re always keen to hear how technology improves the way you work. If you’re passionate about AI or curious to explore how it can elevate your role—you’ll be right at home here.

Groupon’s purpose is to build strong communities through thriving small businesses. To learn more about the world’s largest local e-commerce marketplace, click here. You can also find out more about us in the latest Groupon news as well as learning about our DEI approach. If all of this sounds like something that’s a great fit for you, then click apply and join us on a mission to become the ultimate destination for local experiences and services.

Beware of Recruitment Fraud: Groupon follows a merit-based recruitment process without charging job seekers any fees. We've noticed an increase in recruitment fraud, including fake job postings and fraudulent interviews and job offers aimed at stealing personal information or money. Be cautious of individuals falsely representing Groupon's Talent Acquisition team with fake job offers. If you encounter any suspicious job offers or interview calls demanding money, recognize these as scams. Groupon is not responsible for losses from such dealings. For legitimate job openings (and a sneak peek into life at Groupon), always check our official career website at Groupon Careers