Technical GRC Specialist - Capacity

Who we are

Our mission at Capacity is to help teams do their best work through our AI-powered support automation platform. Capacity provides everything you need to automate support and business processes in one powerful omni-channel platform.

We believe that each individual voice, perspective and background brings inherent value to enhance our product, serve our customers and generate more ideas to solve complex problems. By continuing to hire talented, driven and humble teammates, we have the opportunity to see Capacity become a premier brand enterprise SaaS platform.

Capacity has raised over $100 million dollars from over 150 investors, giving us the opportunity to make ambitious investments in our team and big bets on our future. Our total addressable market is enormous. Any company that wants to grow revenue, reduce costs, and improve customer and employee satisfaction is an opportunity for Capacity to shine.

Why this job is exciting

The role:

We are looking for an experienced software-as-a-service (SaaS) security practitioner to join our growing Governance, Risk & Compliance (GRC) team. This role will primarily take ownership of our security hardening standards and our Third-Party Risk Management (TPRM), focusing on proactive improvements in cybersecurity, ensuring audit readiness, and scaling GRC processes through automation.

This is a high-impact role suited to someone who wants to influence cybersecurity at scale, enjoys working cross-functionally, and is able to balance strong risk management with commercial pragmatism.

You will work closely with operational stakeholders across the organization, helping strengthen our overall security posture, including vendor assurance, while enabling the business to move safely and quickly.

Responsibilities:

In this role, you will be responsible for the following:

Security Hardening & Technical GRC

• Provide hands-on support in the assessment, improvement, and maintenance of technical security baselines based on industry best practices (e.g., NIST, CIS, ISO). You will ensure these configurations satisfy global regulatory mandates (e.g., HIPAA, GDPR).
• Leverage automated tools to monitor security and compliance posture.
• Act as a GRC interface with Infrastructure and Engineering teams to ensure hardening requirements are technically feasible and effectively implemented.

Third-Party Risk Management

• Manage and continuously improve the company’s Third-Party Risk Management programme across suppliers, vendors and strategic partners.
• Own end-to-end due diligence processes for new and existing vendors, including inherent risk assessments, security/privacy reviews and ongoing monitoring.
• Review vendor assurance documentation such as ISO 27001 certificates, SOC 2 reports, penetration test summaries, policies and compliance evidence.
• Identify, document and communicate vendo