Sales Professional, remote anywhere in the USA.
Close mid-market and enterprise GRC deals end-to-end for CISOs, VPs of Risk, and Directors of Compliance. Full cycle, real frameworks, named solutions engineer behind you, no SDR hand-off games.
- Remote, USA (anywhere)
- Full-time
- $90k–$130k OTE (base + variable, depends on experience)
- Travel ~10% (customer onsites + 1-2 trade shows per year)
You will close real compliance buyers, not chase noise.
A typical day starts with two or three discovery calls, usually with a VP of Risk or a Director of Compliance who already runs an audit calendar and is sick of stitching ISO 27001, SOC 2, and HIPAA evidence together in spreadsheets. By lunchtime you are running a tailored demo with our solutions engineer, walking the buyer through how RiskWatch handles one of their actual frameworks, not a generic slide deck. The afternoon is proposal work, procurement back-and-forth, and pipeline review.
You will own 30 to 45 active deals at any time, ranging from $50k to $500k ACV, and you will personally take each one from first call through signed order form. We do not split SDR and AE roles, the person who does discovery is the person who closes, because compliance buyers hate being passed around.
You will become genuinely fluent in the frameworks our customers actually buy for: ISO 27001, SOC 2 Type II, HIPAA, PCI DSS, NIST 800-53 and 800-171, CMMC, GDPR, and NYDFS Part 500. Not surface-level talking points, real working knowledge, because our buyers can tell the difference inside 90 seconds. We give you the training, the call recordings, and time to ride along with onboardings before you sell anything.
You will join a small sales team reporting to the VP Sales, with a named solutions engineer paired to your demos, a named CSM who picks up every customer you close, and direct access to the product team when a prospect asks something you cannot answer. Pipeline reviews are weekly, forecast meetings are honest, and we do not run "rip-and-replace" plays against incumbents we cannot actually beat.
Seven outcomes you will own from week one.
Run full-cycle deals
Own each opportunity from inbound MQL or outbound first-touch through discovery, demo, POC, procurement, security review, and signed order form. No hand-off between SDR and AE.
Lead discovery calls that surface real pain
Ask the questions that uncover the actual audit calendar, the current toolchain, the spreadsheets people hate, and the cost of the status quo. We will train you on the framework specifics.
Co-run demos with your solutions engineer
Tailor every demo to the buyer's primary framework and one or two of their adjacent ones. Show the survey engine, the evidence vault, and the cross-mapping live, not in slides.
Manage 30 to 45 deals in pipeline
Keep CRM clean, forecast within 10%, and call your own deals honestly in weekly reviews. We would rather know a deal slipped early than be surprised at quarter close.
Hit and beat a quarterly quota
Target is $1.2M to $1.6M new ARR per year depending on territory. Variable pay accelerates above plan. No cap on commission.
Partner with customer success on landed deals
Stay in the room for the first 30 days of every customer you close. We track gross retention obsessively and your variable plan rewards customers who stick.
Bring the field back into the company
Feed objections, lost-deal reasons, and competitor signals back to product, marketing, and the founder weekly. We change positioning, content, and roadmap based on what you hear.
Must-haves for a serious conversation.
- 3+ years selling B2B SaaS into security, compliance, audit, or risk buyers. CISOs, VP Risk, VP Compliance, and Directors of GRC should be names you have already pitched.
- A track record closing $50k to $500k ACV deals, with the math to back it: deals per quarter, average ACV, and lifetime quota attainment.
- Comfort talking about ISO 27001, SOC 2, HIPAA, PCI DSS, and NIST without faking it. You do not need to be a former auditor, you do need to have done the reading.
- Discovery calls that surface real pain, not feature checklists. We will ask you to walk us through a recent discovery you ran and what you uncovered.
- Honest forecasting and clean CRM hygiene. You can call your own deals within 10% of actual and you keep the system of record current.
- Comfortable in a small team. No team of analysts to delegate to, no enablement function to outsource your slide deck. You write your own follow-ups and you ride along with onboardings.
Nice to have, not required.
- Prior CISSP, CISA, CRISC, or ISO 27001 Lead Auditor certification. You will not need it to sell here, but it accelerates buyer trust on technical calls.
- Prior experience at another GRC vendor (Drata, Vanta, OneTrust, ServiceNow GRC, LogicGate, AuditBoard, Resolver). Bonus if you lost deals to RiskWatch and want to flip sides.
- Named-account selling experience into Fortune 1000, federal contractors, or regulated mid-market (healthcare, banking, energy, defense supply chain).
- A real network of CISOs and compliance leaders you could call cold on day one.
Compensation and support, plain English.
Compensation
$90k to $130k OTE depending on experience, split as base plus uncapped variable. Quarterly accelerators above plan. No cap on commission.
Equity
Every full-time employee gets equity. Meaningful upside if we keep doing what we have been doing for the last two decades.
Health, retirement, time off
Medical, dental, vision for you and dependents. 401(k) with employer match. Unlimited PTO with a two-week minimum so it is not theoretical.
Named solutions engineer
You do not run demos alone. A senior SE is paired to your deals and joins every technical call from discovery onward.
Named CSM relationship
Every customer you close gets a named CSM on day one. You stay in the room for 30 days, then your variable plan rewards retention.
30-60-90 onboarding plan
Two weeks of structured product, framework, and call-recording immersion. Shadow live demos in weeks 2 and 3. First quota target in month 4, not month 1.
23 years of compliance work, distilled into one platform.
RiskWatch has spent more than two decades inside the binders, spreadsheets, and clipboards of compliance teams, and we built a platform that thinks the way assessors actually work. Survey-based depth, multi-framework by default, white-glove implementation. We are profitable, customer-funded, and trusted by 500+ compliance teams across healthcare, banking, energy, manufacturing, government, and aerospace on six continents. The team that builds it is the team that runs it, and that includes the person closing deals.
Three things, one email.
Email careers@riskwatch.com with the subject line "Sales Professional, USA Remote". Attach your resume and a one-paragraph note on why RiskWatch specifically, not just any GRC sales role. We read every application and reply within five business days.
RiskWatch is an equal opportunity employer. We do not discriminate on the basis of race, color, religion, national origin, sex, gender identity, sexual orientation, age, marital status, veteran status, disability, or any other status protected by law. We hire on the strength of your work, the way you treat customers and teammates, and your ability to do the job described above.