CrawlJobs Logo
Tines Logo Tines · IT - Administration

Director, GRC

United States 250000.00 - 265000.00 USD / Year · Job Posted January 26, 2026
Apply Position
Job Link Share

Job Description

Founded in 2018 with co-headquarters in Dublin and Boston, Tines powers some of the world's most important workflows. Our intelligent workflow platform applies AI, automation, and integration with human ingenuity to drive real business results. Tines serves a diverse range of customers, from startups to public companies. As an integrator across the entire tech stack, Tines is vendor-agnostic integrating with any API-enabled service. This flexibility enables our customers to achieve their highest-priority goals faster. And because Tines is secure and private by design, it’s popular with security, IT, engineering, finance, and other security-focused teams. At Tines, we're driven by our values of Simplicity, Speed, and Soundness. We're committed to delivering exceptional customer experiences while fostering a company culture that nurtures individual curiosity, growth, and integrity.

Job Responsibility

  • Define and execute Tines' multi-year GRC strategy aligned with business objectives
  • Own the compliance roadmap, prioritizing certifications and frameworks based on customer needs and revenue impact
  • Serve as executive sponsor for all compliance programs, providing visibility and reporting to C-suite and Board of Directors
  • Build business cases for compliance investments, demonstrating ROI and competitive advantage
  • Monitor evolving compliance landscape, anticipating regulatory changes
  • Lead, mentor, and grow a team of GRC professionals
  • Scale the team strategically as Tines grows
  • Foster cross-functional collaboration with Engineering, Product, Sales, Legal, IT, Security, and HR teams
  • Drive Tines' FedRAMP authorization to successful completion
  • Establish ongoing FedRAMP continuous monitoring and reauthorization processes
  • Build relationships with government stakeholders, agencies, and partners
  • Maintain and optimize SOC 2 Type II compliance
  • Lead ISO 27001 audits and other framework expansions
  • Establish and mature vendor risk management, third-party risk assessment, and supply chain security programs
  • Implement enterprise risk management processes
  • Own the information security policy framework
  • Manage relationships with external auditors, 3PAOs, and assessors
  • Own the customer security assurance experience, including questionnaire responses, audit coordination, and Trust Center management
  • Partner with Sales and Customer Success to support enterprise deals requiring compliance evidence
  • Build scalable processes to handle increasing volume of security assessments
  • Represent Tines externally at customer meetings, industry events, and with auditors
  • Champion the use of Tines' platform to automate compliance workflows, evidence collection, control testing, and reporting
  • Build a "compliance-as-code" culture
  • Establish metrics and dashboards for real-time compliance posture visibility
  • Serve as an internal advocate and external case study for how automation transforms GRC

Requirements

  • 12+ years of progressive experience in GRC, information security, or risk management
  • At least 5 years in a leadership role
  • Proven track record leading FedRAMP authorization efforts from planning through ATO
  • Deep expertise in multiple compliance frameworks: SOC 2, ISO 27001, FedRAMP, NIST 800-53
  • Experience building and scaling GRC teams and programs in high-growth SaaS or technology companies
  • Strong executive presence with ability to influence C-suite and Board-level stakeholders
  • Demonstrated success managing complex, multi-workstream compliance programs with competing priorities
  • Exceptional communication skills with the ability to translate technical compliance requirements into business value
  • Strategic mindset with hands-on execution capability
  • Experience partnering with Sales, Engineering, Product, and Legal teams to operationalize compliance
  • Applicants must be authorized to work for any employer in the U.S.
  • Must be based in the United States

Nice to have

  • Industry certifications such as CISSP, CISA, CISM, or CRISC
  • Experience achieving FedRAMP authorization for a SaaS platform
  • Background in compliance automation, GRC tooling, or security orchestration
  • Experience with privacy regulations and programs (GDPR, CCPA, data governance)
  • Knowledge of cloud security architecture and controls (AWS, Azure, GCP)
  • Prior experience in a startup or hypergrowth environment (Series B-D stage)
  • Familiarity with DevSecOps, infrastructure-as-code, and modern engineering practices
  • Experience using or implementing workflow automation platforms
  • Active participation in industry groups (CSA, FedRAMP PMO community, etc.)

What we offer

  • Competitive salary
  • Startup equity & extended exercise window
  • Matching retirement plans
  • Home office setup
  • Private healthcare plans
  • 25 days annual leave
  • Extra company holidays
  • Generous parental leave programs
  • Flexibility in how and where you work
  • Phone and home Internet allowance
Tines - All Job Offers

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Suggested Tags: Frontend Developer Secretary Talent Manager Salesforce Administrator Data Analyst
Similar Jobs for

Director, GRC

8 matching positions

Director, Security GRC Program Lead

Meta is seeking a highly skilled Security GRC Program Manager to join our Risk O...
Location
Location
United States , Bellevue
Salary
Salary:
227000.00 - 287000.00 USD / Year
meta.com Logo
Meta
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Significant experience as a leader and contributor in security risk management and compliance, including providing second-line oversight
  • Strong track record of operating effectively and influencing outcomes with Engineering, Product, GRC, and Legal partners
  • Extensive experience with Governance, Risk, and Compliance (GRC) and Legal functions
  • Deep expertise in security, with the ability to holistically understand relevant issues, partners, and products, and go deep on technical details
  • Proven ability to identify critical issues, balance competing priorities, translate technical and regulatory concepts for diverse audiences, and personally drive initiatives to completion
  • In-depth knowledge of complex global regulatory requirements (e.g., GDPR, SEC, PCI-DSS, NYDFS)
  • Demonstrated ability to build strong formal and informal networks with key influencers and decision makers inside and outside the company
  • Experience working in integrated privacy-security environments or familiarity with unified GRC frameworks across multiple risk domains
Job Responsibility
Job Responsibility
  • Lead and deliver on deeply complex, high-impact projects that shape Meta's risk profile and business trajectory
  • Proactively identify long-term, critical, and ambiguous problems, setting a clear vision and strategy for risk management in alignment with company goals
  • Partner with Central Security teams to analyze, streamline, and consolidate issues and risks from all sources (1LoD, 2LoD, 3LoD, external) into a clear, prioritized list for first-line-of-defense consumption and actioning
  • Integrate security risk management with Meta's Security Prioritization Framework (SPF) and contribute to capability maturity assessments to drive risk-based prioritization across the organization
  • Define and maintain clear interfaces and points of contact with the Security organization and other key partners, ensuring efficient governance and communication
  • Prepare regular updates and compliance documents to ensure Meta meets board and regulatory obligations, adapting processes and strategies to evolving regulatory and business environments
  • Drive cross-org execution, collaborating with Risk, Security, Legal, Product, and Engineering functions to deliver results and maximize impact
  • Champion organizational efforts to build and sustain diversity, culture, recruitment, onboarding, mentoring, and development programs, serving as a role model and mentor for others
  • Integrate learnings and best practices from/to sister 2LoD organizations (e.g., Integrity GRC, Privacy GRC), and partner with Product & Engineering teams on necessary second-line-of-defense tooling within the unified GRC framework
What we offer
What we offer
  • bonus
  • equity
  • benefits
Read More
Arrow Right

Director of Security, GRC

Join us in building the future of finance. Our mission is to democratize finance...
Location
Location
United States , Menlo Park; New York
Salary
Salary:
255000.00 - 300000.00 USD / Year
robinhood.com Logo
Robinhood
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Proven senior security leader with over 10 years of experience, specializing in scaling through technology, the management of risk, compliance, and business continuity programs
  • 5+ years of experience working with or within US and international financial regulatory environments
  • Proven track record building and scaling GRC programs in highly regulated, fast-paced industries, focused on automation first tooling
  • Strong verbal and written communication and executive presence, with experience preparing and presenting board-level security updates
  • Professional certifications such as CISSP, CISM, CRISC, or equivalent
  • Familiarity with GRC and program management tools (e.g., Jira, Archer, or ServiceNow)
  • Experience with NIST CSF, 800-53 R5, federal and international security assessments.
Job Responsibility
Job Responsibility
  • Lead the development, automation, and execution of our enterprise security risk management framework, driving mitigation strategies and board-level risk reporting
  • Direct policy development and exception management processes, ensuring effective governance of security standards and exceptions
  • Oversee enterprise business continuity and disaster recovery programs, including execution of simulation exercises and continuous refinement
  • Manage strategic compliance initiatives, coordinating with legal, compliance, and operational teams to meet regulatory requirements and prepare for audits
  • Serve as the primary liaison for security-related board reporting, quantitative risk management, and regulatory engagements, shaping the external and internal narrative on risk
What we offer
What we offer
  • Performance driven compensation with multipliers for outsized impact, bonus programs, equity ownership, and 401(k) matching
  • 100% paid health insurance for employees with 90% coverage for dependents
  • Lifestyle wallet – a highly flexible benefits spending account for wellness, learning, and more
  • Employer-paid life & disability insurance, fertility benefits, and mental health benefits
  • Time off to recharge including company holidays, paid time off, sick time, parental leave, and more
  • Exceptional office experience with catered meals, events, and comfortable workspaces
  • Fulltime
Read More
Arrow Right
New

Controls Manager - Risk Advisory Services

As a Controls Advisory Manager in our Risk Advisory Services (RAS) team, you wil...
Location
Location
United Kingdom , London; Leeds; Greater Manchester
Salary
Salary:
Not provided
bdo.co.uk Logo
BDO UK LLP
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Proven experience delivering controls advisory, internal controls or risk management engagements, ideally within a professional services environment.
  • Strong understanding of internal controls frameworks, including controls design, operating effectiveness, identification of deficiencies and remediation planning (e.g. US SOX, UK Corporate Governance Code or similar frameworks).
  • A relevant professional qualification (e.g. ACA, ACCA, MIIA, CCAB or equivalent).
  • Experience leading engagements at Manager level, including planning, delivery, review and senior stakeholder interaction
  • experience with GRC tools and/or AI testing capabilities would be desirable.
  • A pragmatic, commercial approach to applying risk and controls concepts across different client environments and sectors.
  • Strong communication skills, with the ability to engage credibly with client stakeholders and explain complex issues clearly.
  • Experience managing and developing others, with a collaborative and supportive leadership style, and the ability to balance multiple priorities effectively.
Job Responsibility
Job Responsibility
  • Leading the delivery of controls and risk advisory engagements
  • Managing client relationships
  • Supporting the development of junior team members
  • Working across a range of clients and sectors to help organisations design, implement and enhance their internal control environments
  • Providing pragmatic advice to address control weaknesses and emerging risks
  • Taking day‑to‑day responsibility for engagements, ensuring work is delivered to a high standard, on time and within budget
  • Building trusted relationships with clients
  • Supporting Directors and Partners with work
  • Contributing to the development of the Controls Advisory offering
  • Supporting marketing and business development activity across RAS
Read More
Arrow Right

Director of It

Director of IT / IT Director / Information Technology Director / Director of IT ...
Location
Location
United States , Des Moines
Salary
Salary:
200000.00 USD / Year
https://www.roberthalf.com Logo
Robert Half
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Hands on current, server & networking IT skills
  • Current Technical demonstrated experience in a modern tech stack
  • IT Budget
  • IT Hiring and direct reports
  • Tech Strategic Planning + Day to Day in the weeds
  • Technical Roadmap experience
  • CyberSecurity Roadmap and expertise
  • Azure / Cloud migration + M365 – can lead a Cloud migration
  • Infrastructure – Server + Networking
  • GRC – Governance, Risk & Compliance
Job Responsibility
Job Responsibility
  • Player / Coach type of a role where you must have modern tech stack expertise
  • Straddle both technical AND Leadership
  • Be on the Front Lines working to improve technology for the business
  • Drive Solutions for the business
  • Work with the business and leading the Front lines of operations
  • Strategic AND Technical Lead role in a small IT shop
  • Drive Change
What we offer
What we offer
  • 20% Bonus depending on years of experience
  • Referral Bonuses Paid
  • Benefits available to contract/temporary professionals, including medical, vision, dental, and life and disability insurance
  • Hired contract/temporary professionals are also eligible to enroll in our company 401(k) plan
  • Fulltime
Read More
Arrow Right

CSIRT Director

The CSIRT Director is a cybersecurity leader responsible for the complete owners...
Location
Location
Canada , Montreal
Salary
Salary:
Not provided
sita.aero Logo
SITA
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 15+ years of progressive experience in cybersecurity, with at least 7+ years in a senior leadership role with direct accountability for security operations.
  • 5+ years of direct experience managing large, geographically distributed Security Operations Centers (SOCs) — including multi-site, multi-shift, 24/7/365 operations.
  • Bachelor's degree in computer science, Information Systems, Information Security, or a related discipline
  • or equivalent professional experience.
  • Active professional certification in at least one of the following: CISSP, CISM, CISA, GIAC GSOM, GIAC GCIH, or equivalent.
  • Proven experience managing global teams across multiple time zones and cultures, with a track record of building cohesive, high-performing distributed teams. With demonstrated ownership of an Incident Response Function and Team.
  • Demonstrated ownership of two or more of the following functions: SOC, CTEM / Vulnerability Management, Cyber Threat Intelligence,
  • Strong command of the MITRE ATT&CK framework, NIST CSF, and incident response methodologies (SANS PICERL, NIST 800-61).
  • Executive-level communication skills — ability to translate complex technical threats into business risk language for CISO, C-suite, and Board audiences.
Job Responsibility
Job Responsibility
  • Continuous Threat Exposure Management (CTEM) - Directs the organization's proactive exposure reduction program. This includes attack surface management, vulnerability prioritization, red team / purple team program oversight, penetration testing governance, and the coordination of remediation workflows with IT and engineering stakeholders.
  • Cyber Threat Intelligence (CTI) - Commands the intelligence function responsible for producing finished, operationalized threat intelligence. This includes strategic intelligence briefings to CISO and Board, tactical intelligence feeds into detection platforms, threat actor tracking, sector-specific threat analysis (transportation/aviation/border security), and third-party intelligence partnerships.
  • Incident Response (IR) - Owns the full incident response lifecycle. Accountable for IR planning and playbook governance, crisis management and executive communication during significant incidents, forensic capability oversight, tabletop exercise program, regulatory breach notification coordination, and post-incident reviews (PIRs).
  • Security Operations (SecOps) Collaboration - Direct and optimize resources across global SOC locations (Montreal, Cairo, Singapore), ensuring consistent standards, 24/7/365 coverage through a follow‑the‑sun operating model, and resilient business continuity with defined failover capabilities. Drive collaboration and intelligence sharing across sites while managing MSSP and third‑party partners to ensure performance, accountability, and unified global operations.
  • Strategic Leadership & Governance - Define and lead a multi‑year global CSIRT strategy, serving as the single point of accountability for threat exposure, intelligence, and incident response while aligning capabilities to business risk and industry frameworks. Own executive reporting, budget planning, and the establishment of clear SLAs and KPIs to ensure a mature, scalable, and effective cybersecurity operations program.
  • People Leadership & Talent Development - Lead, develop, and retain a high‑performing global cybersecurity operations team across CTEM, CTI, and Incident Response, fostering an inclusive, high‑accountability culture that enables collaboration across regions and time zones. Establish clear career pathways, performance management, and succession planning while overseeing staffing models, shift coverage, and on‑call operations across all SOC locations.
  • Executive & Stakeholder Engagement - Act as the primary liaison to the CISO, delivering executive‑ and board‑level insights on security operations, threat posture, and incident response effectiveness. Partner cross‑functionally with architecture, engineering, GRC, legal, and IT teams, and represent CSIRT in audits, regulatory reviews, and customer security engagements.
What we offer
What we offer
  • Work from home up to 2 days/week (depending on your team’s needs)
  • Flex Day: Make your workday suit your life and plans.
  • Flex Location: Take up to 30 days a year to work from any location in the world.
  • Employee Wellbeing: Employee Assistance Program (EAP) for you and your dependents 24/7, 365 days/year
  • Champion Health platform.
  • Professional Development: Access to world-class learning platforms including LinkedIn Learning, Microsoft's Enterprise Skills Initiative, Airport Council International, Pluralsight, Harvard Business Publishing, Stanford and many others.
  • Competitive Benefits: Competitive benefits that make sense with both your local market and employment status.
  • Fulltime
Read More
Arrow Right

Director, IT

We’re not just building better tech. We’re rewriting how data moves and what the...
Location
Location
United States
Salary
Salary:
Not provided
confluent.io Logo
Confluent
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 10+ years of IT or corporate infrastructure experience, including 5+ years leading teams that span Helpdesk, endpoint, identity, and networking functions
  • Strong technical depth across the modern IT stack — Okta for identity, Jamf and Intune for endpoint management, Google Workspace, Zoom and modern AV, and enterprise networking (Wi-Fi, SD-WAN, ZTNA)
  • Demonstrated customer-focused mindset — measurable track record of improving employee experience, ticket resolution, and self-service adoption
  • Proven problem solver who can move fluidly between hands-on technical troubleshooting, root-cause analysis, and structured program leadership
  • Experience operating in a security- and compliance-conscious environment, partnering with Security and GRC on identity governance, endpoint posture, and audit readiness
  • Comfortable leading through ambiguity and change — energized rather than slowed by organizational evolution, shifting priorities, or integrating new ways of working
Job Responsibility
Job Responsibility
  • Lead and develop the IT organization across Helpdesk, endpoint engineering (laptops, AV, conference rooms), enterprise identity (SSO, MFA, lifecycle), core productivity platforms (Google Workspace, Slack, Zoom, and adjacent SaaS),corporate networking (Meraki), and corporate cloud infrastructure (GCP, AWS, Azure)
  • Own the employee technology experience end-to-end — setting and measuring service levels, response times, and CSAT, and using that data to drive continuous improvement
  • Modernize and automate the IT operating model — reducing manual ticket work through self-service, identity-driven access workflows, AI-assisted support, and policy-as-code for endpoint and network management
  • Partner closely with Security, People, Finance, Engineering, and Workplace teams to deliver onboarding, offboarding, access governance, and compliance commitments (SOX, SOC 2) without friction to employees
  • Manage vendor relationships, budget, and capacity planning across the IT portfolio — making clear build/buy/partner decisions and holding partners accountable to outcomes
  • Lead the team through growth and change — evolving the operating model, technology footprint, and team structure as the business scales and matures
What we offer
What we offer
  • Remote-First Work
  • Robust Insurance Benefits
  • Flexible Time Away
  • The Best Teammates
  • Experience Ambassadors
  • Open and Honest Culture
  • Well-Being and Growth
  • Offers Equity
  • Offers Bonus
  • Fulltime
Read More
Arrow Right

Director, Privacy Operations

The Director, Privacy Operations, leads and governs enterprise-wide privacy oper...
Location
Location
United States , Newton
Salary
Salary:
124000.00 - 147000.00 USD / Year
brighthorizons.com Logo
Bright Horizons
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's Degree in Information Security, Information Systems, Law, or Accounting. 3+ years of additional experience would be considered in lieu of degree
  • 10 years experience in privacy operations, compliance, audit or data protection/management roles in a multinational organization in a highly regulated or scrutinized industry
  • 5 years experience managing system changes and configuring Governance, Risk & Compliance tools such as OneTrust or TrustArc in a controlled IT environment
Job Responsibility
Job Responsibility
  • Owns the delivery of enterprise privacy operations strategy and multi-year roadmap
  • Provides governance leadership and direct support for the GRC platform (e.g., OneTrust): configuration standards, access models, integrations, release/change management, and data quality in partnership with IT and Security
  • Establishes and oversees policies, standards, and operating procedures for Tracking Technologies (cookies, SDKs, pixels, device IDs)
  • monitors compliance, assesses risk, and drives remediation across products and channels
  • Directs the privacy incident management program: intake, triage, investigation, root-cause analysis, corrective actions, and regulatory readiness
  • maintains incident templates and workflows within the GRC platform and chair incident review forums
  • Owns the design and generation of performance metrics and reports for Privacy function and management
  • Leads cross-functional delivery for privacy-by-design and technical implementation guidance
  • Owns business continuity and disaster recovery (BC/DR) strategies and test plans for privacy systems and tools
  • Stays abreast of vendor roadmaps, emerging technologies, and regulatory developments then translates needs into executable operational requirements and standards
What we offer
What we offer
  • Bonus
  • RSUs
  • Medical, dental, and vision insurance
  • Paid vacation, sick, holiday, and parental bonding leave
  • 401(k) retirement plan
  • Long-term and short-term disability insurance
  • Life insurance
  • Money-saving discounts and financial planning tools
  • Tuition assistance and education coaching
  • Caregiving support and resources for the children and adults in your family
  • Fulltime
Read More
Arrow Right

Director, Product Security

The Director of Product Security is a critical leadership role responsible for t...
Location
Location
United States , Buffalo
Salary
Salary:
178000.00 - 220000.00 USD / Year
acvauctions.com Logo
ACV Auctions
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 10+ years experience in Information Security
  • 5+ years directly focused on Product Security or Application Security in a leadership role
  • Proven experience building and leading a centralized Product Security/AppSec program within a technology-driven, cloud-based SaaS company
  • Deep, hands-on knowledge of the Secure Software Development Lifecycle (SSDLC), CI/CD, and DevSecOps principles, including automating security tooling
  • Strong understanding of security frameworks and best practices (NIST CSF, ISO 27001, CIS Controls)
  • Extensive experience with cloud security, with a strong focus on securing applications deployed in AWS and/or GCP environments
  • Experience with modern software development including Agentic and Generative AI techniques
  • Expertise with multiple application security tools, including SAST, DAST, MAST, SCA, API security platforms, and Web Application Firewalls (WAF)
  • Excellent communication, interpersonal, and leadership skills, with an ability to translate complex technical risks into business context
  • Ability to work effectively in a remote environment and manage geographically dispersed teams
Job Responsibility
Job Responsibility
  • Design, implement, and manage the end-to-end Product Security program
  • Lead the adoption of DevSecOps practices, automating security tools and gates within the CI/CD pipelines
  • Establish and enforce Secure Software Development Lifecycle (SSDLC) requirements
  • Build, mentor, and manage a team of Product Security Engineers
  • Proactively identify and establish security guardrails for AI/ML model development and usage
  • Oversee the deployment, tuning, and management of application security testing tools (SAST, DAST, SCA)
  • Lead vulnerability remediation efforts for all ACV products
  • Perform and oversee deep-dive security architecture and design reviews for all new products, features, and core application services
  • Define and manage secure configuration standards for containerized applications, microservices, APIs, and their supporting cloud infrastructure (AWS and GCP)
  • Manage and coordinate external penetration testing and bug bounty programs
What we offer
What we offer
  • Multiple medical plans including a high deductible, low cost health plan
  • Company-sponsored (paid) Short-Term Disability, Long-Term Disability, and Life Insurance
  • Comprehensive optional benefits such as Dental, Vision, Supplemental Life/AD&D, Legal/ID Protection, and Accident and Critical Illness Insurance
  • Generous paid time off options, including uncapped vacation days, paid sick days, 6 paid company holidays, 2 floating holidays, parental leave, bereavement leave, jury duty leave, voting leave
  • Employee Stock Purchase Program with additional opportunities to earn stock in the Company
  • Retirement planning through the Company’s 401(k)
  • Fulltime
Read More
Arrow Right