Program Manager, Risk & Compliance

Overview

Instacart’s Risk and Compliance team owns our Enterprise Risk Management program and partners across Legal, Finance, Product, Engineering, Operations, Marketing, and Strategy to enable informed decision making as the business scales. We embed risk thinking into planning and execution, align clear ownership, and provide leadership with visibility into top risks, mitigation progress, and tradeoffs.

We’re hiring a Program Manager, Risk and Compliance to drive the operating rhythm of our enterprise risk program, strengthen cross-functional execution, and elevate executive and Board-level communication. In this highly visible role, you will orchestrate complex, company-wide initiatives, translate ambiguity into clear plans, and deliver practical solutions that help teams move faster and safer.

This role is ideal for a builder who thrives in a fast-paced environment, enjoys rolling up their sleeves to create scalable processes, and communicates with clarity and empathy. You’ll work closely with senior leaders and partner teams to surface the right risks at the right time, design pragmatic mitigations, and measure what matters.

About the Job

• Own the end-to-end cadence for Enterprise Risk Management, including risk identification, assessment, prioritization, mitigation planning, and ongoing tracking in a central risk register.
• Drive cross-functional execution across Legal, Finance, Product, Engineering, Operations, Marketing, and Strategy; clarify owners and timelines, unblock decisions, and ensure follow-through to closure.
• Build executive-ready materials (dashboards, briefs, and Board updates) that translate complex risk issues into clear insights, tradeoffs, and recommended actions.
• Design and continuously improve lightweight, scalable processes and tooling (e.g., GRC workflows, issue management, control monitoring) that integrate risk into day-to-day planning and operations.
• Partner with product and engineering to operationalize risk reviews for launches and changes, align on risk appetite and acceptance, and connect mitigations to measurable KPIs/OKRs.

About You

Minimum Qualifications

• 5+ years of experience in enterprise risk management, compliance, internal audit, or program management within technology, fintech, marketplace, or e-commerce environments.
• Bachelor’s degree in business, information systems, engineering, or a related field; or equivalent practical experience.
• Hands-on experience operationalizing ERM frameworks (e.g., COSO ERM, ISO 31000), including building risk registers, facilitation of assessments, and mitigation planning.
• Proven track record leading cross-functional programs with senior stakeholders and presenting concise, executive-ready updates to leadership.
• Experience coordinating at least one external audit or certification effort (e.g., SOX, SOC 2, ISO 27001, PCI, or privacy assessments) from planning through remediation tracking.
• Proficiency building metrics and dashboards in Google Sheets/Excel and BI tools (e.g., Tableau, Looker) to track risk indicators, KPIs, and OKRs.
• Experience working with GRC tools or workflows (e.g., LogicGate, Archer, OneTrust, Vanta) to manage issues, controls, and evidence.
• Excellent written and verbal communication skills with the ability to simplify complexity and influence decisions.

Preferred Qualifications

• 7+ years of relevant experience, including time in a high-growth or rapidly evolving company.
• Professional certifications such as CRISC, CISA, CIA, CISM, or similar risk/compliance credentials.
• Experience designing risk scoring models and taxonomies, as well as leading scenario analysis or stress testing.
• Background in product risk reviews, third-party risk management, and vendor due diligence.
• Ability to query and analyze data using SQL to inform risk insights and reporting.

#LI-Remote