CrawlJobs Logo

Director, Security GRC Program Lead

meta.com Logo

Meta

Location Icon

Location:
United States , Bellevue

Category Icon
Category:
IT - Administration

Job Type Icon

Contract Type:
Not provided

Salary Icon

Salary:

227000.00 - 287000.00 USD / Year
Save Job
Save Icon
Apply Position

Job Description:

Meta is seeking a highly skilled Security GRC Program Manager to join our Risk Organization's Governance, Risk, and Compliance (GRC) pillar. This role is pivotal in providing second-line oversight of Meta's security risk management and compliance across multiple business units, regulatory entities, and governance forums. As a senior individual contributor, you will drive strategic risk initiatives, proactively identify and solve complex, ambiguous problems, and set a compelling vision for the team and organization. You will be expected to influence outcomes at the highest levels, build strong networks, and champion innovation and best practices in risk management. This role operates within and in support of Meta's unified Security Governance, Risk, and Compliance program. You will align your work with Meta's canonical security framework and three strategic principles: protecting against top security risks, maturing core security capabilities at scale, and enabling the company to move fast securely. This position offers the opportunity to shape Meta's security risk posture, collaborate with leaders across Security, Product, Engineering, and Legal, and deliver meaningful impact on Meta's ability to meet global regulatory requirements and business objectives. You will operate with significant autonomy, regularly leading cross-functional initiatives and driving company-wide impact through thought leadership and strategic execution.

Job Responsibility:

  • Lead and deliver on deeply complex, high-impact projects that shape Meta's risk profile and business trajectory
  • Proactively identify long-term, critical, and ambiguous problems, setting a clear vision and strategy for risk management in alignment with company goals
  • Partner with Central Security teams to analyze, streamline, and consolidate issues and risks from all sources (1LoD, 2LoD, 3LoD, external) into a clear, prioritized list for first-line-of-defense consumption and actioning
  • Integrate security risk management with Meta's Security Prioritization Framework (SPF) and contribute to capability maturity assessments to drive risk-based prioritization across the organization
  • Define and maintain clear interfaces and points of contact with the Security organization and other key partners, ensuring efficient governance and communication
  • Prepare regular updates and compliance documents to ensure Meta meets board and regulatory obligations, adapting processes and strategies to evolving regulatory and business environments
  • Drive cross-org execution, collaborating with Risk, Security, Legal, Product, and Engineering functions to deliver results and maximize impact
  • Champion organizational efforts to build and sustain diversity, culture, recruitment, onboarding, mentoring, and development programs, serving as a role model and mentor for others
  • Integrate learnings and best practices from/to sister 2LoD organizations (e.g., Integrity GRC, Privacy GRC), and partner with Product & Engineering teams on necessary second-line-of-defense tooling within the unified GRC framework

Requirements:

  • Significant experience as a leader and contributor in security risk management and compliance, including providing second-line oversight
  • Strong track record of operating effectively and influencing outcomes with Engineering, Product, GRC, and Legal partners
  • Extensive experience with Governance, Risk, and Compliance (GRC) and Legal functions
  • Deep expertise in security, with the ability to holistically understand relevant issues, partners, and products, and go deep on technical details
  • Proven ability to identify critical issues, balance competing priorities, translate technical and regulatory concepts for diverse audiences, and personally drive initiatives to completion
  • In-depth knowledge of complex global regulatory requirements (e.g., GDPR, SEC, PCI-DSS, NYDFS)
  • Demonstrated ability to build strong formal and informal networks with key influencers and decision makers inside and outside the company
  • Experience working in integrated privacy-security environments or familiarity with unified GRC frameworks across multiple risk domains

Nice to have:

  • Advanced degree in a relevant field
  • Experience integrating best practices from other GRC domains (Integrity, Privacy)
  • Recognized as a thought leader in risk management, with experience influencing external stakeholders and policies
  • Experience working in a fast-paced tech environment
  • Proven ability to operate hands-on across orgs and functions
  • Understanding of Meta's canonical security framework and experience with risk-based prioritization methodologies such as Security Prioritization Framework (SPF)
What we offer:
  • bonus
  • equity
  • benefits

Additional Information:

Job Posted:
January 23, 2026

Icon
Meta - All Job Offers
Job Link Share:
Copy Link Icon
Facebook Icon Twitter Icon LinkedIn Icon

Looking for more opportunities? Search for other job offers that match your skills and interests.

Briefcase Icon

Similar Jobs for Director, Security GRC Program Lead

Director, GRC, Privacy, & Trust

We’re looking for an experienced security leader to grow and mature the Governan...
Location
Location
United States; Canada
Salary
Salary:
258000.00 - 350000.00 USD / Year
https://www.1password.com Logo
1Password
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 8+ years leading GRC and privacy programs, including experience with international audits, risk management frameworks, and privacy regulations
  • 5+ years experience managing individual contributors as well as experience managing other managers
  • Proven expertise in policy development, risk assessment, compliance monitoring, and privacy program management
  • Passion for fostering psychological safety and stability in complex compliance environments
  • Hands-on experience with various information security and privacy compliance frameworks such as SOC 2 Type II, ISO 27001, FedRAMP, CMMC, GDPR, and CPRA
  • Experience with security and privacy automation tools for compliance monitoring and knowledge management
  • Experience leading company-wide compliance initiatives, securing buy-in for security and privacy policies, and leading cross functional programs
  • Experience partnering on customer contracts, including security addendums and compliance terms, balancing customer expectations and business needs
  • Exceptional written and verbal communication skills with ability to communicate effectively with executives, legal counsel, and stakeholders
  • Experience managing third-party risk, vendor assessments, and external auditors
Job Responsibility
Job Responsibility
  • Lead and mentor the GRC and Privacy Engineering team, fostering career growth and high performance
  • Drive the organization's risk management strategy and oversee the implementation of risk assessment frameworks
  • Develop and maintain information security and privacy policies, ensuring regular reviews and updates
  • Establish strong partnerships across departments to align on security and compliance initiatives
  • Engaging with customers, in partnership with Sales and Legal, to represent security in RFPs, due diligence, and security assessments
  • Oversee 1Password’s various information security and privacy certification processes ensuring compliance with relevant frameworks and regulations
  • Monitor and report on compliance metrics and program effectiveness
  • Partner with legal and security teams to assess and mitigate business, technical, and regulatory risks
  • Oversee relationships with external auditors and consultants
What we offer
What we offer
  • Maternity and parental leave top-up programs
  • Generous PTO policy
  • Four company-wide wellness days
  • Company equity for all full-time employees
  • Retirement matching program
  • Free 1Password account
  • Paid volunteer days
  • Employee-led inclusion and belonging programs and ERGs
  • Peer-to-peer recognition through Bonusly
  • Fulltime
Read More
Arrow Right

Director - Governance, Risk and Compliance

We are a fast-growing fintech company seeking a proactive and highly organized G...
Location
Location
United States , New York
Salary
Salary:
175000.00 - 200000.00 USD / Year
clearstreet.io Logo
Clear Street
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 7+ years of experience in GRC, security compliance, risk management, or related functions
  • Strong understanding of common security frameworks (SOC 2, ISO 27001, NIST CSF, PCI-DSS)
  • Experience managing audits end-to-end
  • Demonstrated ability to build and maintain governance processes and cross-functional compliance programs
  • Excellent documentation, communication, and stakeholder-management skills
  • Experience in technology, fintech, financial services, or other highly regulated industries
Job Responsibility
Job Responsibility
  • Develop, maintain, and manage the company’s security and compliance policy framework
  • Ensure policies are current, properly communicated, approved, and effectively implemented across the organization
  • Oversee periodic reviews of all internal policies
  • Educate teams on policy requirements and drive adherence
  • Build, implement, and continuously refine the company’s cyber security risk management framework
  • Lead risk identification, assessment, scoring, and periodic re-evaluations
  • Maintain the corporate risk register
  • Manage all internal and external audits including SOC 2, ISO 27001, regulatory exams, and customer due-diligence requests
  • Coordinate and prepare audit evidence
  • Serve as the primary liaison with external auditors, security assessors, and regulatory bodies
What we offer
What we offer
  • Competitive compensation packages
  • Company equity
  • 401k matching
  • Gender-neutral parental leave
  • Full medical, dental and vision insurance
  • Lunch stipends
  • Fully stocked kitchens
  • Happy hours
  • Fulltime
Read More
Arrow Right

Director, Information Security

The Director of Information Security leads the enterprise security function to p...
Location
Location
United States , Reston
Salary
Salary:
Not provided
bowman.com Logo
Bowman
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Minimum of fifteen (15) years of progressive IT experience, including at least six (6) years in information security roles
  • Bachelor’s degree in computer science, cybersecurity, or related field required
  • advanced degree preferred
  • One or more advanced security certifications required (e.g., CISSP, CISM, CISA, CCSP)
  • Proven experience building and leading security teams
  • Strong knowledge of enterprise security architecture, security operations, GRC frameworks, and risk management
  • Experience with Microsoft O365, Azure AD, virtual networks, firewalls, and modern security toolsets
  • Familiarity with frameworks such as NIST CSF, ISO 27001, CIS Controls, CMMC
Job Responsibility
Job Responsibility
  • Report to the CIO/CISO and contribute to executive-level decision making on security matters
  • Provide strategic leadership over the information security function, including technical operations, GRC, and incident response
  • Supervise a growing team of security professionals, with responsibility for hiring, performance management, training, and development
  • Build and execute a multi-year information security roadmap aligned with business goals and evolving threat landscapes
  • Collaborate with IT, Legal, HR, Marketing, Compliance, Product, and business units to implement practical, risk-based security controls and policies across the enterprise
  • Serve as a subject matter expert on cybersecurity, advising stakeholders across the enterprise
  • Communicate risk posture, security metrics and program maturity to executive leadership and governance bodies
  • Lead the design, implementation, and continuous improvement of secure enterprise architectures, ensuring protection of data, applications, and infrastructure
  • Oversee technical security operations, including endpoint security (EDR/XDR & MDM), vulnerability management, logging and detection (SIEM, SOAR, threat intelligence, UEBA, CSPM/ASM), data protection (DLP, classification, encryption, backup and governance), application and DevSecOps (SAST/DAST, SBOM, secrets, API and container security), and cloud/infrastructure security (CWPP, IaC scanning, and hybrid/cloud hardening)
  • Develop and implement comprehensive GRC programs addressing risk management, compliance standards(e.g., NIST 800-171, CMMC, ISO, CIS), customer requirements, audit readiness, policy management, and vendor risk
What we offer
What we offer
  • Medical, dental, vision, life, and disability insurance
  • 401(k) retirement savings plan with company match
  • Paid time off, sick leave, and paid holidays
  • Tuition reimbursement and professional development support
  • Discretionary bonuses and other performance-based incentives
  • Employee Assistance Program (EAP), wellness initiatives, and employee discounts
  • Fulltime
Read More
Arrow Right

Director, Security & Compliance

As Director, Security & Compliance, you’ll be responsible for building and manag...
Location
Location
United States , San Francisco
Salary
Salary:
Not provided
instabase.com Logo
Instabase
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Extensive experience in security compliance, successfully leading compliance projects, risk assessments and audits
  • FedRAMP (NIST 800-53), GDPR, SOC2, HIPAA and ISO 27001 auditing and implementation experience
  • Experience working with Engineering teams within the modern cloud / SaaS technology space
  • Excellent written and verbal communication skills
Job Responsibility
Job Responsibility
  • Formulate and drive GRC roadmap, security policies, vendor security reviews and security training
  • Initiate, own and lead new security & compliance programs and audits GDPR, SOC2, HIPAA and ISO 27001
  • Establish and continuously improve standards, processes, tooling and procedures for audit and compliance management
  • Collaborate and work cross-functionally across the company to deliver successful security compliance programs, partnering with Engineering, Product, GTM, Legal and HR teams
  • Work with external auditors to achieve security compliance certifications and reports
  • Regularly report on status, operational metrics and KPI’s, providing transparency to company Leadership and internal stakeholder teams
What we offer
What we offer
  • Flexible PTO
  • Instabreak Fridays: Enjoy 6 company-wide Friday breaks scheduled throughout the year
  • Comprehensive Coverage: Top-notch medical, dental, and vision insurance
  • 401(k) with Matching
  • Parental Leave & Fertility Benefits
  • Therapy Sessions Covered: 10 free sessions through Samata Health
  • Wellness Stipend
  • Lunch on Us: Enjoy a lunch credit when you're in the office
  • Fulltime
Read More
Arrow Right

Director of Enterprise Cybersecurity

We are seeking a strategic and results-driven Director of Cybersecurity to lead ...
Location
Location
United States , Woburn
Salary
Salary:
214000.00 - 250000.00 USD / Year
str.us Logo
STR
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, or related field (Master’s degree preferred)
  • 10+ years of leadership roles in information security governance, risk management, and compliance, with at least 5 years leading enterprise cybersecurity teams
  • Current CISSP, CISM, or equivalent DoD 8570 certifications
  • Experience with CMMC requirements and auditing
  • Strong technical expertise in implementing security frameworks (e.g., NIST 800-171, CIS, ISO, ITIL) and risk management methodologies
  • Deep knowledge of enterprise IT systems, cloud infrastructure security, and secure network architecture
  • Demonstrated success in building operational cybersecurity teams and fostering a collaborative culture
  • Experience leading security incident response efforts, including hands-on involvement in detection, analysis, containment, and recovery phases
  • Knowledge of emerging trends, technologies, and threats in cybersecurity
  • Must possess an active Secret clearance or ability to obtain a clearance, which requires U.S. Citizenship
Job Responsibility
Job Responsibility
  • Refine our comprehensive, forward-looking enterprise cybersecurity strategy that aligns with STR’s mission, business goals, and compliance requirements
  • Define and monitor key performance indicators (KPIs) to measure security program effectiveness and ROI
  • Partner with executive leadership to advise on security investments, risk mitigation strategies, and incident response readiness
  • Manage cybersecurity risk as part of the enterprise risk management program, and update and present changes to the risk committee
  • In collaboration with the Director of Enterprise Infrastructure, oversee the implementation and monitoring of technical and operational security controls to protect STR’s assets across on-premises and cloud environments
  • Review enterprise vulnerability management programs, including proactive scanning, risk prioritization, and remediation tracking
  • Working with the Director of Enterprise Infrastructure, oversee the implementation and continuous improvement of security technologies such as firewalls, intrusion detection/prevention systems, endpoint protection, cloud security controls, and data loss prevention solutions
  • Partner with the Director of Enterprise Infrastructure, to optimize network and perimeter security strategies to include secure network design and best practices for multi-platform environments (Windows, Linux, Mac, etc.)
  • Ensure company-wide compliance with NIST 800-171, DFARS, CMMC, and other applicable DoD/federal cybersecurity regulations
  • Lead internal and third-party IT audits, including tracking findings, managing resolutions, and driving continuous improvements
  • Fulltime
Read More
Arrow Right

Information Security Analyst

The Information Security Analyst will plan and carry out security measures to pr...
Location
Location
Canada , Mississauga
Salary
Salary:
72000.00 - 80000.00 CAD / Year
pointclickcare.com Logo
PointClickCare
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Proven experience with security software, such as: SIEM, Vulnerability Scanning, Advance Endpoint Protection (Anti-virus/Anti-Malware), Privilege Access Management, Data Loss
  • Working technical knowledge of IT technical environments with a strong understanding of IP, TCP/IP, network administration protocols, Access Control methods, WAFs, Firewalls, and virtualized access control solutions (e.g., Network Security Groups)
  • Understanding/working knowledge of Windows, Active Directory, Group Policy, DNS, and Apple operating systems
  • Extensive working knowledge of information security and vulnerabilities/threats, security best practices, tools, and techniques, including encryption
  • Experience working with Python and PowerShell Experience in managing/administering Linux OS variants, PowerShell, bash/shell scripting, python
Job Responsibility
Job Responsibility
  • Primary point of contact to facilitate with the daily monitoring, assessing and reporting of security incidents from the SIEM platform
  • Manage processes relating to the installation, maintenance and operation of security infrastructure including SIEM, anti-virus, DLP, PAM, IAM, etc
  • Perform ad hoc threat risk assessment (TRA) on infrastructure and systems as well as cloud-based solutions and facilitate remediation tasks with other operational teams
  • Work independently, and with the team, to determine new methods of automating existing workflows (e.g., through the use of AI tools, automation frameworks, and workflow management solutions)
  • Assist with ongoing Vulnerability Management program to perform routine vulnerability scans and working closely with SaaS Operations and Corporate Technology teams to coordinate remediation of identified findings
  • Assist with the evaluation of security tools and processes in conjunction with Director, Security Operations
  • Recommend improvements to security tools, configurations, processes and policies
  • Report monthly security KPIs, change requests, incidents and threats/events
  • Provide advice and apply your experience to help tune alerting to reduce false positives
  • Actively assist with Security Incident Response process and support security investigations by documenting findings and root causes as and when needed, research and assess new threats and security alerts and determining relevance to company environments and staff
What we offer
What we offer
  • Benefits starting from Day 1
  • Retirement Plan Matching
  • Flexible Paid Time Off
  • Wellness Support Programs and Resources
  • Parental & Caregiver Leaves
  • Fertility & Adoption Support
  • Continuous Development Support Program
  • Employee Assistance Program
  • Allyship and Inclusion Communities
  • Employee Recognition
  • Fulltime
Read More
Arrow Right

Director, Cyber & InfoSec - Independent Risk Review

We're working with a systemically important financial market infrastructure firm...
Location
Location
United States , NY/NJ
Salary
Salary:
160000.00 - 210000.00 USD / Year
lawrenceharvey.com Logo
Lawrence Harvey
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 7+ years leading cyber, information security, or data risk governance functions
  • Coming from a background of Second Line of Defense in a heavily regulated environment
  • Proven experience designing and executing independent risk review programs
  • Strong understanding of enterprise and operational risk frameworks
  • Experience operating in highly regulated, global financial environments
  • Comfort engaging directly with senior leadership, audit, and regulators
  • Bachelor’s degree in a technology-related discipline (Master’s preferred)
  • Relevant certifications strongly preferred (CISSP, CISM, CISA, CRISC)
  • Working knowledge of frameworks such as NIST CSF, NIST 800-53, ISO 27001, DAMA-DMBOK, ORX, ISACA
  • Experience with enterprise GRC platforms (e.g., Archer) is a plus
Job Responsibility
Job Responsibility
  • Drive a strong risk culture focused on accountability, transparency, and credible challenge
  • Define and lead the independent review strategy for cyber and data risk
  • Influence across a complex, matrixed global organization without direct authority
  • Establish priorities for horizontal and thematic risk reviews based on emerging threats, incidents, and regulatory expectations
  • Partner with senior risk leadership to align cyber and data risk oversight with enterprise and operational risk frameworks
  • Lead firm-wide reviews of key information security and data management risks
  • Identify gaps in control design and coverage and recommend risk-reducing enhancements
  • Conduct thematic reviews of operational risk events and remediation initiatives
  • Challenge whether remediation actions are sufficient and sustainable
  • Review and challenge remediation plans for adequacy, feasibility, and regulatory alignment
  • Fulltime
Read More
Arrow Right
New

Project Delivery Officer

We have an exciting permanent opportunity as a Project Delivery Officer, where y...
Location
Location
United Kingdom , Llanishen, Cardiff
Salary
Salary:
40718.00 - 45355.00 GBP / Year
wwha.co.uk Logo
Wales & West Housing
Expiration Date
February 16, 2026
Flip Icon
Requirements
Requirements
  • Extensive experience of delivering maintenance projects, ideally in a social housing setting
  • At least an HNC level qualification in an appropriate discipline
  • Strong organisational and analytical skills
  • Ability to successfully manage multiple projects at the same time
  • Experience of procurement
  • Proven track record of partnership working and relationship building with external parties, particularly suppliers
  • Strong negotiation skills
  • Ability to collect, record and monitor data and prepare accurate reports
  • Confident in managing financial aspects of contracts
  • Comfortable working with technical and compliance requirements, including health and safety legislation
Job Responsibility
Job Responsibility
  • Support the delivery of high-quality maintenance and improvement programmes in homes and communities across south Wales
  • Ensure effective planning, coordination, and delivery of maintenance services across property portfolio
  • Support on contract management and building maintenance project delivery
  • Ensure all activities comply with procurement principles and deliver value for money
  • Support the delivery of Asset Management Strategy
  • Help make informed investment decisions and carry out detailed asset reviews
  • Share responsibility for managing the financial performance of contracts, including auditing, cost forecasting, and ensuring valuations are accurate
  • Oversee service delivery, working closely with contractors and internal teams to meet customer needs and improve systems
  • Ensure compliance with health and safety legislation and Construction Design Management (CDM) requirements
  • Engage with residents and stakeholders, support the consultation processes and contribute to service improvements
What we offer
What we offer
  • Choice of Defined Contribution or Defined Benefit pension, both including 3x death in service life insurance cover
  • 25 days annual leave, increasing to 30 days with service
  • Ability to buy and sell up to 5 days annual leave (pro rata)
  • Time off for volunteering, health screening and more
  • 9 Bank Holidays per annum, including an extra day at Christmas
  • Opportunities to develop and grow
  • Regular feedback, training and support from manager and team
  • Comprehensive support in case of sickness with a generous sick pay scheme, critical illness cover and support through an employee assistance and counselling service and a cash plan benefit
  • Fulltime
Read More
Arrow Right
Jobs by Category
Art and Entertainment Jobs Banking Jobs Call Center Jobs Construction Jobs Consulting Jobs Customer Service Jobs Education Jobs Energy Jobs Finance Jobs Gastronomy Jobs Health and Beauty Jobs Hospitality and Tourism Jobs Human Resources Jobs Insurance Jobs IT - Administration Jobs IT - Software Development Jobs Legal Jobs Logistics Jobs Manufacturing Jobs Marketing, Digital Marketing, SEO, SEM Jobs Media Jobs Nursing Jobs Office Administration Jobs Pharmacy Jobs Physical Work Jobs Public Relations Jobs Public Sector Jobs Purchasing Jobs Quality Control Jobs Real Estate Jobs Research and Development Jobs Sales Jobs
Job Positions Jobs by Country
United States Jobs United Kingdom Jobs India Jobs Canada Jobs Australia Jobs Germany Jobs Ireland Jobs Poland Jobs
Company
Blog About Us Contact
Follow Us
Facebook
X (Twitter)
LinkedIn
Instagram
CrawlJobs Group
ITFlashcards AllDevBlogs
© 2026 CrawlJobs Ltd. All Rights Reserved
Terms & Conditions Privacy Policy