CrawlJobs Logo

Director, Security GRC Program Lead

meta.com Logo

Meta

Location Icon

Location:
United States , Bellevue

Category Icon
Category:
IT - Administration

Job Type Icon

Contract Type:
Not provided

Salary Icon

Salary:

227000.00 - 287000.00 USD / Year
Save Job
Save Icon
Apply Position

Job Description:

Meta is seeking a highly skilled Security GRC Program Manager to join our Risk Organization's Governance, Risk, and Compliance (GRC) pillar. This role is pivotal in providing second-line oversight of Meta's security risk management and compliance across multiple business units, regulatory entities, and governance forums. As a senior individual contributor, you will drive strategic risk initiatives, proactively identify and solve complex, ambiguous problems, and set a compelling vision for the team and organization. You will be expected to influence outcomes at the highest levels, build strong networks, and champion innovation and best practices in risk management. This role operates within and in support of Meta's unified Security Governance, Risk, and Compliance program. You will align your work with Meta's canonical security framework and three strategic principles: protecting against top security risks, maturing core security capabilities at scale, and enabling the company to move fast securely. This position offers the opportunity to shape Meta's security risk posture, collaborate with leaders across Security, Product, Engineering, and Legal, and deliver meaningful impact on Meta's ability to meet global regulatory requirements and business objectives. You will operate with significant autonomy, regularly leading cross-functional initiatives and driving company-wide impact through thought leadership and strategic execution.

Job Responsibility:

  • Lead and deliver on deeply complex, high-impact projects that shape Meta's risk profile and business trajectory
  • Proactively identify long-term, critical, and ambiguous problems, setting a clear vision and strategy for risk management in alignment with company goals
  • Partner with Central Security teams to analyze, streamline, and consolidate issues and risks from all sources (1LoD, 2LoD, 3LoD, external) into a clear, prioritized list for first-line-of-defense consumption and actioning
  • Integrate security risk management with Meta's Security Prioritization Framework (SPF) and contribute to capability maturity assessments to drive risk-based prioritization across the organization
  • Define and maintain clear interfaces and points of contact with the Security organization and other key partners, ensuring efficient governance and communication
  • Prepare regular updates and compliance documents to ensure Meta meets board and regulatory obligations, adapting processes and strategies to evolving regulatory and business environments
  • Drive cross-org execution, collaborating with Risk, Security, Legal, Product, and Engineering functions to deliver results and maximize impact
  • Champion organizational efforts to build and sustain diversity, culture, recruitment, onboarding, mentoring, and development programs, serving as a role model and mentor for others
  • Integrate learnings and best practices from/to sister 2LoD organizations (e.g., Integrity GRC, Privacy GRC), and partner with Product & Engineering teams on necessary second-line-of-defense tooling within the unified GRC framework

Requirements:

  • Significant experience as a leader and contributor in security risk management and compliance, including providing second-line oversight
  • Strong track record of operating effectively and influencing outcomes with Engineering, Product, GRC, and Legal partners
  • Extensive experience with Governance, Risk, and Compliance (GRC) and Legal functions
  • Deep expertise in security, with the ability to holistically understand relevant issues, partners, and products, and go deep on technical details
  • Proven ability to identify critical issues, balance competing priorities, translate technical and regulatory concepts for diverse audiences, and personally drive initiatives to completion
  • In-depth knowledge of complex global regulatory requirements (e.g., GDPR, SEC, PCI-DSS, NYDFS)
  • Demonstrated ability to build strong formal and informal networks with key influencers and decision makers inside and outside the company
  • Experience working in integrated privacy-security environments or familiarity with unified GRC frameworks across multiple risk domains

Nice to have:

  • Advanced degree in a relevant field
  • Experience integrating best practices from other GRC domains (Integrity, Privacy)
  • Recognized as a thought leader in risk management, with experience influencing external stakeholders and policies
  • Experience working in a fast-paced tech environment
  • Proven ability to operate hands-on across orgs and functions
  • Understanding of Meta's canonical security framework and experience with risk-based prioritization methodologies such as Security Prioritization Framework (SPF)
What we offer:
  • bonus
  • equity
  • benefits

Additional Information:

Job Posted:
January 23, 2026

Icon
Meta - All Job Offers
Job Link Share:
Copy Link Icon
Facebook Icon Twitter Icon LinkedIn Icon

Looking for more opportunities? Search for other job offers that match your skills and interests.

Briefcase Icon

Similar Jobs for Director, Security GRC Program Lead

Director - Governance, Risk and Compliance

We are a fast-growing fintech company seeking a proactive and highly organized G...
Location
Location
United States , New York
Salary
Salary:
175000.00 - 200000.00 USD / Year
clearstreet.io Logo
Clear Street
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 7+ years of experience in GRC, security compliance, risk management, or related functions
  • Strong understanding of common security frameworks (SOC 2, ISO 27001, NIST CSF, PCI-DSS)
  • Experience managing audits end-to-end
  • Demonstrated ability to build and maintain governance processes and cross-functional compliance programs
  • Excellent documentation, communication, and stakeholder-management skills
  • Experience in technology, fintech, financial services, or other highly regulated industries
Job Responsibility
Job Responsibility
  • Develop, maintain, and manage the company’s security and compliance policy framework
  • Ensure policies are current, properly communicated, approved, and effectively implemented across the organization
  • Oversee periodic reviews of all internal policies
  • Educate teams on policy requirements and drive adherence
  • Build, implement, and continuously refine the company’s cyber security risk management framework
  • Lead risk identification, assessment, scoring, and periodic re-evaluations
  • Maintain the corporate risk register
  • Manage all internal and external audits including SOC 2, ISO 27001, regulatory exams, and customer due-diligence requests
  • Coordinate and prepare audit evidence
  • Serve as the primary liaison with external auditors, security assessors, and regulatory bodies
What we offer
What we offer
  • Competitive compensation packages
  • Company equity
  • 401k matching
  • Gender-neutral parental leave
  • Full medical, dental and vision insurance
  • Lunch stipends
  • Fully stocked kitchens
  • Happy hours
  • Fulltime
Read More
Arrow Right

Director, Product Security

The Director of Product Security is a critical leadership role responsible for t...
Location
Location
United States , Buffalo
Salary
Salary:
178000.00 - 220000.00 USD / Year
acvauctions.com Logo
ACV Auctions
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 10+ years experience in Information Security
  • 5+ years directly focused on Product Security or Application Security in a leadership role
  • Proven experience building and leading a centralized Product Security/AppSec program within a technology-driven, cloud-based SaaS company
  • Deep, hands-on knowledge of the Secure Software Development Lifecycle (SSDLC), CI/CD, and DevSecOps principles, including automating security tooling
  • Strong understanding of security frameworks and best practices (NIST CSF, ISO 27001, CIS Controls)
  • Extensive experience with cloud security, with a strong focus on securing applications deployed in AWS and/or GCP environments
  • Experience with modern software development including Agentic and Generative AI techniques
  • Expertise with multiple application security tools, including SAST, DAST, MAST, SCA, API security platforms, and Web Application Firewalls (WAF)
  • Excellent communication, interpersonal, and leadership skills, with an ability to translate complex technical risks into business context
  • Ability to work effectively in a remote environment and manage geographically dispersed teams
Job Responsibility
Job Responsibility
  • Design, implement, and manage the end-to-end Product Security program
  • Lead the adoption of DevSecOps practices, automating security tools and gates within the CI/CD pipelines
  • Establish and enforce Secure Software Development Lifecycle (SSDLC) requirements
  • Build, mentor, and manage a team of Product Security Engineers
  • Proactively identify and establish security guardrails for AI/ML model development and usage
  • Oversee the deployment, tuning, and management of application security testing tools (SAST, DAST, SCA)
  • Lead vulnerability remediation efforts for all ACV products
  • Perform and oversee deep-dive security architecture and design reviews for all new products, features, and core application services
  • Define and manage secure configuration standards for containerized applications, microservices, APIs, and their supporting cloud infrastructure (AWS and GCP)
  • Manage and coordinate external penetration testing and bug bounty programs
What we offer
What we offer
  • Multiple medical plans including a high deductible, low cost health plan
  • Company-sponsored (paid) Short-Term Disability, Long-Term Disability, and Life Insurance
  • Comprehensive optional benefits such as Dental, Vision, Supplemental Life/AD&D, Legal/ID Protection, and Accident and Critical Illness Insurance
  • Generous paid time off options, including uncapped vacation days, paid sick days, 6 paid company holidays, 2 floating holidays, parental leave, bereavement leave, jury duty leave, voting leave
  • Employee Stock Purchase Program with additional opportunities to earn stock in the Company
  • Retirement planning through the Company’s 401(k)
  • Fulltime
Read More
Arrow Right

Director, Security & Compliance

As Director, Security & Compliance, you’ll be responsible for building and manag...
Location
Location
United States , San Francisco
Salary
Salary:
Not provided
instabase.com Logo
Instabase
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Extensive experience in security compliance, successfully leading compliance projects, risk assessments and audits
  • FedRAMP (NIST 800-53), GDPR, SOC2, HIPAA and ISO 27001 auditing and implementation experience
  • Experience working with Engineering teams within the modern cloud / SaaS technology space
  • Excellent written and verbal communication skills
Job Responsibility
Job Responsibility
  • Formulate and drive GRC roadmap, security policies, vendor security reviews and security training
  • Initiate, own and lead new security & compliance programs and audits GDPR, SOC2, HIPAA and ISO 27001
  • Establish and continuously improve standards, processes, tooling and procedures for audit and compliance management
  • Collaborate and work cross-functionally across the company to deliver successful security compliance programs, partnering with Engineering, Product, GTM, Legal and HR teams
  • Work with external auditors to achieve security compliance certifications and reports
  • Regularly report on status, operational metrics and KPI’s, providing transparency to company Leadership and internal stakeholder teams
What we offer
What we offer
  • Flexible PTO
  • Instabreak Fridays: Enjoy 6 company-wide Friday breaks scheduled throughout the year
  • Comprehensive Coverage: Top-notch medical, dental, and vision insurance
  • 401(k) with Matching
  • Parental Leave & Fertility Benefits
  • Therapy Sessions Covered: 10 free sessions through Samata Health
  • Wellness Stipend
  • Lunch on Us: Enjoy a lunch credit when you're in the office
  • Fulltime
Read More
Arrow Right

Program Manager, Program Governance

This role will be responsible for program management within the Governance pilla...
Location
Location
United States , Menlo Park
Salary
Salary:
122000.00 - 180000.00 USD / Year
meta.com Logo
Meta
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of work experience in risk and compliance, legal, consulting, business operations or other operational disciplines
  • 4+ years of experience working in regulatory domains like privacy, integrity or security OR in a role associated with data protection, regulatory response, audit and implementation of control frameworks
  • 3+ years of work experience in program or project management
  • Bachelor's Degree in a related field or equivalent experience
Job Responsibility
Job Responsibility
  • Design and operate governance and reporting requirements for Meta’s Privacy Program, and Security GRC Programs
  • Facilitate governance forums designed to oversee and drive strategic decision making for Privacy and Security GRC programs
  • Recommend and draft Privacy program oversight and adjustment reporting for external assessment under Meta’s FTC Consent Order, including leadership socialization of recommendations and 2nd line of defense reviews
  • Work with legal, privacy and product leadership (including Meta Executives) teams to ensure the cross-company work on regulatory priorities is planned, implemented and executed in an efficient & effective manner
  • Prepare communication materials and progress tracking for multiple audiences including supporting material for Meta executives and its Board of Directors
  • Lead strategic conversations with external auditors and internal leadership team
  • Advise on industry standards related to external assessments and audits
  • Create mechanisms for identifying and monitoring updates, milestones and roadblocks on privacy work and ensuring leadership is aware of status and progress
  • Drive greater consistency of Governance process, practices, and execution across company-wide privacy, security, integrity and AI workstreams
  • Champion the overall implementation plan related to Meta’s FTC Consent order (and similar Privacy directives, both current and future) including understanding order requirements and associated technical and operational work required across the company to comply successfully
What we offer
What we offer
  • bonus
  • equity
  • benefits
Read More
Arrow Right

Manager, IT Governance, Risk & Compliance

Reporting to the Director, IT Governance, Risk & Compliance, the GRC Manager is ...
Location
Location
Canada , Toronto
Salary
Salary:
85000.00 - 125000.00 CAD / Year
fourseasons.com Logo
Four Seasons
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree or equivalent business qualifications
  • Minimum 5 years of experience with PCI standard and GRC methodologies
  • Information Security Certification or Accreditation is an asset
  • Professional security management certifications are highly preferred (ie. CISSP, CRISC)
  • PCI Compliance: Strong understanding of PCI DSS requirements and the use of compliance tools to support adherence to the standards
  • Reporting & Analytics: Proficient in reporting tools for creating dashboards, analyzing program data, and generating compliance and risk reports that support leadership decision‑making
  • IT Governance: Strong knowledge of governance frameworks such as COBIT and ISO 27001, applying these structures to strengthen compliance and manage risks effectively
  • Ticketing & ITIL: Proficient in ITIL‑based ticketing systems such as ServiceNow to manage incidents, problems, and changes, ensuring smooth service delivery and timely issue resolution
  • Risk Management: Comprehensive understanding of IT and cybersecurity risk practices, including identifying and evaluating risks and supporting remediation efforts
  • Change Management: Experienced in managing and reviewing IT change requests to assess compliance and risk impact, ensuring proper approvals, documentation, and alignment with internal change governance processes
Job Responsibility
Job Responsibility
  • Lead the Corporate Office PCI compliance Program, including: Define, collect, and conduct internal reviews for the Corporate Quarterly PCI compliance cycles
  • Lead the planning, evidence collection, and internal review processes for the Corporate Annual PCI assessment
  • Scheduling and participating in all audit-related meetings to ensure consistent communication between teams and the QSA
  • Overseeing remediation of audit findings and tracking progress to closure
  • Work closely with the QSA to ensure the successful annual renewal of the company’s AoC (Attestation of Compliance) and RoC (Report of Compliance) as a Level 1 service provider
  • Facilitating the Corporate annual tabletop major incident response exercise with Corporate TID teams
  • Maintain and update the company’s IT policies, standards, and procedures
  • develop new documentation and RACI matrices
  • communicate changes to relevant stakeholders
  • conduct reviews as required
  • Fulltime
Read More
Arrow Right

Director of Security, GRC

Join us in building the future of finance. Our mission is to democratize finance...
Location
Location
United States , Menlo Park; New York
Salary
Salary:
255000.00 - 300000.00 USD / Year
robinhood.com Logo
Robinhood
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Proven senior security leader with over 10 years of experience, specializing in scaling through technology, the management of risk, compliance, and business continuity programs
  • 5+ years of experience working with or within US and international financial regulatory environments
  • Proven track record building and scaling GRC programs in highly regulated, fast-paced industries, focused on automation first tooling
  • Strong verbal and written communication and executive presence, with experience preparing and presenting board-level security updates
  • Professional certifications such as CISSP, CISM, CRISC, or equivalent
  • Familiarity with GRC and program management tools (e.g., Jira, Archer, or ServiceNow)
  • Experience with NIST CSF, 800-53 R5, federal and international security assessments.
Job Responsibility
Job Responsibility
  • Lead the development, automation, and execution of our enterprise security risk management framework, driving mitigation strategies and board-level risk reporting
  • Direct policy development and exception management processes, ensuring effective governance of security standards and exceptions
  • Oversee enterprise business continuity and disaster recovery programs, including execution of simulation exercises and continuous refinement
  • Manage strategic compliance initiatives, coordinating with legal, compliance, and operational teams to meet regulatory requirements and prepare for audits
  • Serve as the primary liaison for security-related board reporting, quantitative risk management, and regulatory engagements, shaping the external and internal narrative on risk
What we offer
What we offer
  • Performance driven compensation with multipliers for outsized impact, bonus programs, equity ownership, and 401(k) matching
  • 100% paid health insurance for employees with 90% coverage for dependents
  • Lifestyle wallet – a highly flexible benefits spending account for wellness, learning, and more
  • Employer-paid life & disability insurance, fertility benefits, and mental health benefits
  • Time off to recharge including company holidays, paid time off, sick time, parental leave, and more
  • Exceptional office experience with catered meals, events, and comfortable workspaces
  • Fulltime
Read More
Arrow Right

Director of Security, GRC

Join us in building the future of finance. Our mission is to democratize finance...
Location
Location
United States , Menlo Park; New York
Salary
Salary:
255000.00 - 300000.00 USD / Year
robinhood.com Logo
Robinhood
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Proven senior security leader with over 10 years of experience, specializing in scaling through technology, the management of risk, compliance, and business continuity programs
  • 5+ years of experience working with or within US and international financial regulatory environments
  • Proven track record building and scaling GRC programs in highly regulated, fast-paced industries, focused on automation first tooling
  • Strong verbal and written communication and executive presence, with experience preparing and presenting board-level security updates
  • Professional certifications such as CISSP, CISM, CRISC, or equivalent
  • Familiarity with GRC and program management tools (e.g., Jira, Archer, or ServiceNow)
  • Experience with NIST CSF, 800-53 R5, federal and international security assessments.
Job Responsibility
Job Responsibility
  • Lead the development, automation, and execution of our enterprise security risk management framework, driving mitigation strategies and board-level risk reporting
  • Direct policy development and exception management processes, ensuring effective governance of security standards and exceptions
  • Oversee enterprise business continuity and disaster recovery programs, including execution of simulation exercises and continuous refinement
  • Manage strategic compliance initiatives, coordinating with legal, compliance, and operational teams to meet regulatory requirements and prepare for audits
  • Serve as the primary liaison for security-related board reporting, quantitative risk management, and regulatory engagements, shaping the external and internal narrative on risk
What we offer
What we offer
  • Performance driven compensation with multipliers for outsized impact, bonus programs, equity ownership, and 401(k) matching
  • 100% paid health insurance for employees with 90% coverage for dependents
  • Lifestyle wallet – a highly flexible benefits spending account for wellness, learning, and more
  • Employer-paid life & disability insurance, fertility benefits, and mental health benefits
  • Time off to recharge including company holidays, paid time off, sick time, parental leave, and more
  • Exceptional office experience with catered meals, events, and comfortable workspaces
  • Fulltime
Read More
Arrow Right

Director of Technology - Governance, Risk, and Compliance

We are seeking a Director of Technology - Governance, Risk, and Compliance to de...
Location
Location
United States , San Jose
Salary
Salary:
219000.00 - 290000.00 USD / Year
archer.com Logo
Archer Aviation
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 8 plus years of experience in Technical Governance, Risk, and Compliance, Risk Management, Audit, or Information Security
  • Minimum of 3 years in a director or senior manager role leading a GRC function or compliance program
  • Expert-level understanding of NIST CSF, SP 800-171, and CMMC Level 2 frameworks
  • Hands-on experience managing NIST CSF, 800-171 compliance programs or leading CMMC Level 2 assessments and certification initiatives
  • Strong knowledge of SOX Section 404 requirements, particularly IT General Controls (ITGC)
  • Deep understanding of ITAR and EAR export control regulations
  • Proficiency in risk management methodologies
  • Experience designing and operating control frameworks (ISO 27001, NIST CSF, SOC 2 Type II)
  • Strong communication skills to present complex compliance and risk concepts
  • Demonstrated ability to lead and mentor teams, manage budgets, and drive cross-functional initiatives
Job Responsibility
Job Responsibility
  • Develop and execute a comprehensive Cyber-focused Governance, Risk, and Compliance (GRC) strategy
  • Lead the design and implementation of System Security Plans (SSPs) and Plans of Action and Milestones (POA&Ms)
  • Establish and manage an enterprise-wide risk management program
  • Design and enforce a control framework
  • Conduct or coordinate regular compliance assessments and internal audits
  • Manage relationships with external auditors, assessors, and regulators
  • Develop and maintain comprehensive compliance documentation
  • Lead the design of third-party and vendor risk management processes
  • Drive compliance training and awareness programs across the organization
  • Stay current with emerging regulatory changes
  • Fulltime
Read More
Arrow Right
Remote jobs Jobs by Category
Art and Entertainment Jobs Banking Jobs Call Center Jobs Construction Jobs Consulting Jobs Customer Service Jobs Education Jobs Energy Jobs Finance Jobs Gastronomy Jobs Health and Beauty Jobs Hospitality and Tourism Jobs Human Resources Jobs Insurance Jobs IT - Administration Jobs IT - Software Development Jobs Legal Jobs Logistics Jobs Manufacturing Jobs Marketing, Digital Marketing, SEO, SEM Jobs Media Jobs Nursing Jobs Office Administration Jobs Pharmacy Jobs Physical Work Jobs Public Relations Jobs Public Sector Jobs Purchasing Jobs Quality Control Jobs Real Estate Jobs Research and Development Jobs Sales Jobs
Job Positions Jobs by Country
United States Jobs United Kingdom Jobs India Jobs Canada Jobs Australia Jobs Germany Jobs Ireland Jobs Poland Jobs
Company
Blog Salaries Tools About Us FAQ Contact
Follow Us
Facebook
X (Twitter)
LinkedIn
Instagram
CrawlJobs Group
ITFlashcards AllDevBlogs
© 2026 CrawlJobs Ltd. All Rights Reserved
Terms & Conditions Privacy Policy