CrawlJobs Logo
Meta Logo Meta · IT - Administration

Director, Security GRC Program Lead

United States, Bellevue 227000.00 - 287000.00 USD / Year · Job Posted January 23, 2026
Apply Position
Job Link Share

Job Description

Meta is seeking a highly skilled Security GRC Program Manager to join our Risk Organization's Governance, Risk, and Compliance (GRC) pillar. This role is pivotal in providing second-line oversight of Meta's security risk management and compliance across multiple business units, regulatory entities, and governance forums. As a senior individual contributor, you will drive strategic risk initiatives, proactively identify and solve complex, ambiguous problems, and set a compelling vision for the team and organization. You will be expected to influence outcomes at the highest levels, build strong networks, and champion innovation and best practices in risk management. This role operates within and in support of Meta's unified Security Governance, Risk, and Compliance program. You will align your work with Meta's canonical security framework and three strategic principles: protecting against top security risks, maturing core security capabilities at scale, and enabling the company to move fast securely. This position offers the opportunity to shape Meta's security risk posture, collaborate with leaders across Security, Product, Engineering, and Legal, and deliver meaningful impact on Meta's ability to meet global regulatory requirements and business objectives. You will operate with significant autonomy, regularly leading cross-functional initiatives and driving company-wide impact through thought leadership and strategic execution.

Job Responsibility

  • Lead and deliver on deeply complex, high-impact projects that shape Meta's risk profile and business trajectory
  • Proactively identify long-term, critical, and ambiguous problems, setting a clear vision and strategy for risk management in alignment with company goals
  • Partner with Central Security teams to analyze, streamline, and consolidate issues and risks from all sources (1LoD, 2LoD, 3LoD, external) into a clear, prioritized list for first-line-of-defense consumption and actioning
  • Integrate security risk management with Meta's Security Prioritization Framework (SPF) and contribute to capability maturity assessments to drive risk-based prioritization across the organization
  • Define and maintain clear interfaces and points of contact with the Security organization and other key partners, ensuring efficient governance and communication
  • Prepare regular updates and compliance documents to ensure Meta meets board and regulatory obligations, adapting processes and strategies to evolving regulatory and business environments
  • Drive cross-org execution, collaborating with Risk, Security, Legal, Product, and Engineering functions to deliver results and maximize impact
  • Champion organizational efforts to build and sustain diversity, culture, recruitment, onboarding, mentoring, and development programs, serving as a role model and mentor for others
  • Integrate learnings and best practices from/to sister 2LoD organizations (e.g., Integrity GRC, Privacy GRC), and partner with Product & Engineering teams on necessary second-line-of-defense tooling within the unified GRC framework

Requirements

  • Significant experience as a leader and contributor in security risk management and compliance, including providing second-line oversight
  • Strong track record of operating effectively and influencing outcomes with Engineering, Product, GRC, and Legal partners
  • Extensive experience with Governance, Risk, and Compliance (GRC) and Legal functions
  • Deep expertise in security, with the ability to holistically understand relevant issues, partners, and products, and go deep on technical details
  • Proven ability to identify critical issues, balance competing priorities, translate technical and regulatory concepts for diverse audiences, and personally drive initiatives to completion
  • In-depth knowledge of complex global regulatory requirements (e.g., GDPR, SEC, PCI-DSS, NYDFS)
  • Demonstrated ability to build strong formal and informal networks with key influencers and decision makers inside and outside the company
  • Experience working in integrated privacy-security environments or familiarity with unified GRC frameworks across multiple risk domains

Nice to have

  • Advanced degree in a relevant field
  • Experience integrating best practices from other GRC domains (Integrity, Privacy)
  • Recognized as a thought leader in risk management, with experience influencing external stakeholders and policies
  • Experience working in a fast-paced tech environment
  • Proven ability to operate hands-on across orgs and functions
  • Understanding of Meta's canonical security framework and experience with risk-based prioritization methodologies such as Security Prioritization Framework (SPF)

What we offer

  • bonus
  • equity
  • benefits
Meta - All Job Offers

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Suggested Tags: Frontend Developer Secretary Talent Manager Salesforce Administrator Data Analyst
Similar Jobs for

Director, Security GRC Program Lead

8 matching positions

Director of Security, GRC

Join us in building the future of finance. Our mission is to democratize finance...
Location
Location
United States , Menlo Park; New York
Salary
Salary:
255000.00 - 300000.00 USD / Year
robinhood.com Logo
Robinhood
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Proven senior security leader with over 10 years of experience, specializing in scaling through technology, the management of risk, compliance, and business continuity programs
  • 5+ years of experience working with or within US and international financial regulatory environments
  • Proven track record building and scaling GRC programs in highly regulated, fast-paced industries, focused on automation first tooling
  • Strong verbal and written communication and executive presence, with experience preparing and presenting board-level security updates
  • Professional certifications such as CISSP, CISM, CRISC, or equivalent
  • Familiarity with GRC and program management tools (e.g., Jira, Archer, or ServiceNow)
  • Experience with NIST CSF, 800-53 R5, federal and international security assessments.
Job Responsibility
Job Responsibility
  • Lead the development, automation, and execution of our enterprise security risk management framework, driving mitigation strategies and board-level risk reporting
  • Direct policy development and exception management processes, ensuring effective governance of security standards and exceptions
  • Oversee enterprise business continuity and disaster recovery programs, including execution of simulation exercises and continuous refinement
  • Manage strategic compliance initiatives, coordinating with legal, compliance, and operational teams to meet regulatory requirements and prepare for audits
  • Serve as the primary liaison for security-related board reporting, quantitative risk management, and regulatory engagements, shaping the external and internal narrative on risk
What we offer
What we offer
  • Performance driven compensation with multipliers for outsized impact, bonus programs, equity ownership, and 401(k) matching
  • 100% paid health insurance for employees with 90% coverage for dependents
  • Lifestyle wallet – a highly flexible benefits spending account for wellness, learning, and more
  • Employer-paid life & disability insurance, fertility benefits, and mental health benefits
  • Time off to recharge including company holidays, paid time off, sick time, parental leave, and more
  • Exceptional office experience with catered meals, events, and comfortable workspaces
  • Fulltime
Read More
Arrow Right

Director, GRC

Founded in 2018 with co-headquarters in Dublin and Boston, Tines powers some of ...
Location
Location
United States
Salary
Salary:
250000.00 - 265000.00 USD / Year
tines.com Logo
Tines
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 12+ years of progressive experience in GRC, information security, or risk management
  • At least 5 years in a leadership role
  • Proven track record leading FedRAMP authorization efforts from planning through ATO
  • Deep expertise in multiple compliance frameworks: SOC 2, ISO 27001, FedRAMP, NIST 800-53
  • Experience building and scaling GRC teams and programs in high-growth SaaS or technology companies
  • Strong executive presence with ability to influence C-suite and Board-level stakeholders
  • Demonstrated success managing complex, multi-workstream compliance programs with competing priorities
  • Exceptional communication skills with the ability to translate technical compliance requirements into business value
  • Strategic mindset with hands-on execution capability
  • Experience partnering with Sales, Engineering, Product, and Legal teams to operationalize compliance
Job Responsibility
Job Responsibility
  • Define and execute Tines' multi-year GRC strategy aligned with business objectives
  • Own the compliance roadmap, prioritizing certifications and frameworks based on customer needs and revenue impact
  • Serve as executive sponsor for all compliance programs, providing visibility and reporting to C-suite and Board of Directors
  • Build business cases for compliance investments, demonstrating ROI and competitive advantage
  • Monitor evolving compliance landscape, anticipating regulatory changes
  • Lead, mentor, and grow a team of GRC professionals
  • Scale the team strategically as Tines grows
  • Foster cross-functional collaboration with Engineering, Product, Sales, Legal, IT, Security, and HR teams
  • Drive Tines' FedRAMP authorization to successful completion
  • Establish ongoing FedRAMP continuous monitoring and reauthorization processes
What we offer
What we offer
  • Competitive salary
  • Startup equity & extended exercise window
  • Matching retirement plans
  • Home office setup
  • Private healthcare plans
  • 25 days annual leave
  • Extra company holidays
  • Generous parental leave programs
  • Flexibility in how and where you work
  • Phone and home Internet allowance
  • Fulltime
Read More
Arrow Right

Director, Security & Compliance

As Director, Security & Compliance, you’ll be responsible for building and manag...
Location
Location
United States , San Francisco
Salary
Salary:
Not provided
instabase.com Logo
Instabase
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Extensive experience in security compliance, successfully leading compliance projects, risk assessments and audits
  • FedRAMP (NIST 800-53), GDPR, SOC2, HIPAA and ISO 27001 auditing and implementation experience
  • Experience working with Engineering teams within the modern cloud / SaaS technology space
  • Excellent written and verbal communication skills
Job Responsibility
Job Responsibility
  • Formulate and drive GRC roadmap, security policies, vendor security reviews and security training
  • Initiate, own and lead new security & compliance programs and audits GDPR, SOC2, HIPAA and ISO 27001
  • Establish and continuously improve standards, processes, tooling and procedures for audit and compliance management
  • Collaborate and work cross-functionally across the company to deliver successful security compliance programs, partnering with Engineering, Product, GTM, Legal and HR teams
  • Work with external auditors to achieve security compliance certifications and reports
  • Regularly report on status, operational metrics and KPI’s, providing transparency to company Leadership and internal stakeholder teams
What we offer
What we offer
  • Flexible PTO
  • Instabreak Fridays: Enjoy 6 company-wide Friday breaks scheduled throughout the year
  • Comprehensive Coverage: Top-notch medical, dental, and vision insurance
  • 401(k) with Matching
  • Parental Leave & Fertility Benefits
  • Therapy Sessions Covered: 10 free sessions through Samata Health
  • Wellness Stipend
  • Lunch on Us: Enjoy a lunch credit when you're in the office
  • Fulltime
Read More
Arrow Right

Director, Product Security

The Director of Product Security is a critical leadership role responsible for t...
Location
Location
United States , Buffalo
Salary
Salary:
178000.00 - 220000.00 USD / Year
acvauctions.com Logo
ACV Auctions
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 10+ years experience in Information Security
  • 5+ years directly focused on Product Security or Application Security in a leadership role
  • Proven experience building and leading a centralized Product Security/AppSec program within a technology-driven, cloud-based SaaS company
  • Deep, hands-on knowledge of the Secure Software Development Lifecycle (SSDLC), CI/CD, and DevSecOps principles, including automating security tooling
  • Strong understanding of security frameworks and best practices (NIST CSF, ISO 27001, CIS Controls)
  • Extensive experience with cloud security, with a strong focus on securing applications deployed in AWS and/or GCP environments
  • Experience with modern software development including Agentic and Generative AI techniques
  • Expertise with multiple application security tools, including SAST, DAST, MAST, SCA, API security platforms, and Web Application Firewalls (WAF)
  • Excellent communication, interpersonal, and leadership skills, with an ability to translate complex technical risks into business context
  • Ability to work effectively in a remote environment and manage geographically dispersed teams
Job Responsibility
Job Responsibility
  • Design, implement, and manage the end-to-end Product Security program
  • Lead the adoption of DevSecOps practices, automating security tools and gates within the CI/CD pipelines
  • Establish and enforce Secure Software Development Lifecycle (SSDLC) requirements
  • Build, mentor, and manage a team of Product Security Engineers
  • Proactively identify and establish security guardrails for AI/ML model development and usage
  • Oversee the deployment, tuning, and management of application security testing tools (SAST, DAST, SCA)
  • Lead vulnerability remediation efforts for all ACV products
  • Perform and oversee deep-dive security architecture and design reviews for all new products, features, and core application services
  • Define and manage secure configuration standards for containerized applications, microservices, APIs, and their supporting cloud infrastructure (AWS and GCP)
  • Manage and coordinate external penetration testing and bug bounty programs
What we offer
What we offer
  • Multiple medical plans including a high deductible, low cost health plan
  • Company-sponsored (paid) Short-Term Disability, Long-Term Disability, and Life Insurance
  • Comprehensive optional benefits such as Dental, Vision, Supplemental Life/AD&D, Legal/ID Protection, and Accident and Critical Illness Insurance
  • Generous paid time off options, including uncapped vacation days, paid sick days, 6 paid company holidays, 2 floating holidays, parental leave, bereavement leave, jury duty leave, voting leave
  • Employee Stock Purchase Program with additional opportunities to earn stock in the Company
  • Retirement planning through the Company’s 401(k)
  • Fulltime
Read More
Arrow Right

CSIRT Director

The CSIRT Director is a cybersecurity leader responsible for the complete owners...
Location
Location
Canada , Montreal
Salary
Salary:
Not provided
sita.aero Logo
SITA
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 15+ years of progressive experience in cybersecurity, with at least 7+ years in a senior leadership role with direct accountability for security operations.
  • 5+ years of direct experience managing large, geographically distributed Security Operations Centers (SOCs) — including multi-site, multi-shift, 24/7/365 operations.
  • Bachelor's degree in computer science, Information Systems, Information Security, or a related discipline
  • or equivalent professional experience.
  • Active professional certification in at least one of the following: CISSP, CISM, CISA, GIAC GSOM, GIAC GCIH, or equivalent.
  • Proven experience managing global teams across multiple time zones and cultures, with a track record of building cohesive, high-performing distributed teams. With demonstrated ownership of an Incident Response Function and Team.
  • Demonstrated ownership of two or more of the following functions: SOC, CTEM / Vulnerability Management, Cyber Threat Intelligence,
  • Strong command of the MITRE ATT&CK framework, NIST CSF, and incident response methodologies (SANS PICERL, NIST 800-61).
  • Executive-level communication skills — ability to translate complex technical threats into business risk language for CISO, C-suite, and Board audiences.
Job Responsibility
Job Responsibility
  • Continuous Threat Exposure Management (CTEM) - Directs the organization's proactive exposure reduction program. This includes attack surface management, vulnerability prioritization, red team / purple team program oversight, penetration testing governance, and the coordination of remediation workflows with IT and engineering stakeholders.
  • Cyber Threat Intelligence (CTI) - Commands the intelligence function responsible for producing finished, operationalized threat intelligence. This includes strategic intelligence briefings to CISO and Board, tactical intelligence feeds into detection platforms, threat actor tracking, sector-specific threat analysis (transportation/aviation/border security), and third-party intelligence partnerships.
  • Incident Response (IR) - Owns the full incident response lifecycle. Accountable for IR planning and playbook governance, crisis management and executive communication during significant incidents, forensic capability oversight, tabletop exercise program, regulatory breach notification coordination, and post-incident reviews (PIRs).
  • Security Operations (SecOps) Collaboration - Direct and optimize resources across global SOC locations (Montreal, Cairo, Singapore), ensuring consistent standards, 24/7/365 coverage through a follow‑the‑sun operating model, and resilient business continuity with defined failover capabilities. Drive collaboration and intelligence sharing across sites while managing MSSP and third‑party partners to ensure performance, accountability, and unified global operations.
  • Strategic Leadership & Governance - Define and lead a multi‑year global CSIRT strategy, serving as the single point of accountability for threat exposure, intelligence, and incident response while aligning capabilities to business risk and industry frameworks. Own executive reporting, budget planning, and the establishment of clear SLAs and KPIs to ensure a mature, scalable, and effective cybersecurity operations program.
  • People Leadership & Talent Development - Lead, develop, and retain a high‑performing global cybersecurity operations team across CTEM, CTI, and Incident Response, fostering an inclusive, high‑accountability culture that enables collaboration across regions and time zones. Establish clear career pathways, performance management, and succession planning while overseeing staffing models, shift coverage, and on‑call operations across all SOC locations.
  • Executive & Stakeholder Engagement - Act as the primary liaison to the CISO, delivering executive‑ and board‑level insights on security operations, threat posture, and incident response effectiveness. Partner cross‑functionally with architecture, engineering, GRC, legal, and IT teams, and represent CSIRT in audits, regulatory reviews, and customer security engagements.
What we offer
What we offer
  • Work from home up to 2 days/week (depending on your team’s needs)
  • Flex Day: Make your workday suit your life and plans.
  • Flex Location: Take up to 30 days a year to work from any location in the world.
  • Employee Wellbeing: Employee Assistance Program (EAP) for you and your dependents 24/7, 365 days/year
  • Champion Health platform.
  • Professional Development: Access to world-class learning platforms including LinkedIn Learning, Microsoft's Enterprise Skills Initiative, Airport Council International, Pluralsight, Harvard Business Publishing, Stanford and many others.
  • Competitive Benefits: Competitive benefits that make sense with both your local market and employment status.
  • Fulltime
Read More
Arrow Right

Director, IT

We’re not just building better tech. We’re rewriting how data moves and what the...
Location
Location
United States
Salary
Salary:
Not provided
confluent.io Logo
Confluent
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 10+ years of IT or corporate infrastructure experience, including 5+ years leading teams that span Helpdesk, endpoint, identity, and networking functions
  • Strong technical depth across the modern IT stack — Okta for identity, Jamf and Intune for endpoint management, Google Workspace, Zoom and modern AV, and enterprise networking (Wi-Fi, SD-WAN, ZTNA)
  • Demonstrated customer-focused mindset — measurable track record of improving employee experience, ticket resolution, and self-service adoption
  • Proven problem solver who can move fluidly between hands-on technical troubleshooting, root-cause analysis, and structured program leadership
  • Experience operating in a security- and compliance-conscious environment, partnering with Security and GRC on identity governance, endpoint posture, and audit readiness
  • Comfortable leading through ambiguity and change — energized rather than slowed by organizational evolution, shifting priorities, or integrating new ways of working
Job Responsibility
Job Responsibility
  • Lead and develop the IT organization across Helpdesk, endpoint engineering (laptops, AV, conference rooms), enterprise identity (SSO, MFA, lifecycle), core productivity platforms (Google Workspace, Slack, Zoom, and adjacent SaaS),corporate networking (Meraki), and corporate cloud infrastructure (GCP, AWS, Azure)
  • Own the employee technology experience end-to-end — setting and measuring service levels, response times, and CSAT, and using that data to drive continuous improvement
  • Modernize and automate the IT operating model — reducing manual ticket work through self-service, identity-driven access workflows, AI-assisted support, and policy-as-code for endpoint and network management
  • Partner closely with Security, People, Finance, Engineering, and Workplace teams to deliver onboarding, offboarding, access governance, and compliance commitments (SOX, SOC 2) without friction to employees
  • Manage vendor relationships, budget, and capacity planning across the IT portfolio — making clear build/buy/partner decisions and holding partners accountable to outcomes
  • Lead the team through growth and change — evolving the operating model, technology footprint, and team structure as the business scales and matures
What we offer
What we offer
  • Remote-First Work
  • Robust Insurance Benefits
  • Flexible Time Away
  • The Best Teammates
  • Experience Ambassadors
  • Open and Honest Culture
  • Well-Being and Growth
  • Offers Equity
  • Offers Bonus
  • Fulltime
Read More
Arrow Right

Director, Privacy Operations

The Director, Privacy Operations, leads and governs enterprise-wide privacy oper...
Location
Location
United States , Newton
Salary
Salary:
124000.00 - 147000.00 USD / Year
brighthorizons.com Logo
Bright Horizons
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's Degree in Information Security, Information Systems, Law, or Accounting. 3+ years of additional experience would be considered in lieu of degree
  • 10 years experience in privacy operations, compliance, audit or data protection/management roles in a multinational organization in a highly regulated or scrutinized industry
  • 5 years experience managing system changes and configuring Governance, Risk & Compliance tools such as OneTrust or TrustArc in a controlled IT environment
Job Responsibility
Job Responsibility
  • Owns the delivery of enterprise privacy operations strategy and multi-year roadmap
  • Provides governance leadership and direct support for the GRC platform (e.g., OneTrust): configuration standards, access models, integrations, release/change management, and data quality in partnership with IT and Security
  • Establishes and oversees policies, standards, and operating procedures for Tracking Technologies (cookies, SDKs, pixels, device IDs)
  • monitors compliance, assesses risk, and drives remediation across products and channels
  • Directs the privacy incident management program: intake, triage, investigation, root-cause analysis, corrective actions, and regulatory readiness
  • maintains incident templates and workflows within the GRC platform and chair incident review forums
  • Owns the design and generation of performance metrics and reports for Privacy function and management
  • Leads cross-functional delivery for privacy-by-design and technical implementation guidance
  • Owns business continuity and disaster recovery (BC/DR) strategies and test plans for privacy systems and tools
  • Stays abreast of vendor roadmaps, emerging technologies, and regulatory developments then translates needs into executable operational requirements and standards
What we offer
What we offer
  • Bonus
  • RSUs
  • Medical, dental, and vision insurance
  • Paid vacation, sick, holiday, and parental bonding leave
  • 401(k) retirement plan
  • Long-term and short-term disability insurance
  • Life insurance
  • Money-saving discounts and financial planning tools
  • Tuition assistance and education coaching
  • Caregiving support and resources for the children and adults in your family
  • Fulltime
Read More
Arrow Right

Director of Technology - Governance, Risk, and Compliance

We are seeking a Director of Technology - Governance, Risk, and Compliance to de...
Location
Location
United States , San Jose
Salary
Salary:
219000.00 - 290000.00 USD / Year
archer.com Logo
Archer Aviation
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 8 plus years of experience in Technical Governance, Risk, and Compliance, Risk Management, Audit, or Information Security
  • Minimum of 3 years in a director or senior manager role leading a GRC function or compliance program
  • Expert-level understanding of NIST CSF, SP 800-171, and CMMC Level 2 frameworks
  • Hands-on experience managing NIST CSF, 800-171 compliance programs or leading CMMC Level 2 assessments and certification initiatives
  • Strong knowledge of SOX Section 404 requirements, particularly IT General Controls (ITGC)
  • Deep understanding of ITAR and EAR export control regulations
  • Proficiency in risk management methodologies
  • Experience designing and operating control frameworks (ISO 27001, NIST CSF, SOC 2 Type II)
  • Strong communication skills to present complex compliance and risk concepts
  • Demonstrated ability to lead and mentor teams, manage budgets, and drive cross-functional initiatives
Job Responsibility
Job Responsibility
  • Develop and execute a comprehensive Cyber-focused Governance, Risk, and Compliance (GRC) strategy
  • Lead the design and implementation of System Security Plans (SSPs) and Plans of Action and Milestones (POA&Ms)
  • Establish and manage an enterprise-wide risk management program
  • Design and enforce a control framework
  • Conduct or coordinate regular compliance assessments and internal audits
  • Manage relationships with external auditors, assessors, and regulators
  • Develop and maintain comprehensive compliance documentation
  • Lead the design of third-party and vendor risk management processes
  • Drive compliance training and awareness programs across the organization
  • Stay current with emerging regulatory changes
  • Fulltime
Read More
Arrow Right