Apply on Employer Site

Meta · 22 hours ago

Director, Security GRC Program Lead

Bellevue, WA

Full-time

Onsite

Director/Executive

$227K/yr - $287K/yr

Meta is seeking a highly skilled Security GRC Program Manager to join their Risk Organization's Governance, Risk, and Compliance (GRC) pillar. This role is pivotal in providing second-line oversight of Meta's security risk management and compliance across multiple business units, regulatory entities, and governance forums, while driving strategic risk initiatives and influencing outcomes at the highest levels.

Computer Software

Comp. & Benefits

Responsibilities

Lead and deliver on deeply complex, high-impact projects that shape Meta's risk profile and business trajectory

Proactively identify long-term, critical, and ambiguous problems, setting a clear vision and strategy for risk management in alignment with company goals

Partner with Central Security teams to analyze, streamline, and consolidate issues and risks from all sources (1LoD, 2LoD, 3LoD, external) into a clear, prioritized list for first-line-of-defense consumption and actioning

Integrate security risk management with Meta's Security Prioritization Framework (SPF) and contribute to capability maturity assessments to drive risk-based prioritization across the organization

Define and maintain clear interfaces and points of contact with the Security organization and other key partners, ensuring efficient governance and communication

Prepare regular updates and compliance documents to ensure Meta meets board and regulatory obligations, adapting processes and strategies to evolving regulatory and business environments

Drive cross-org execution, collaborating with Risk, Security, Legal, Product, and Engineering functions to deliver results and maximize impact

Champion organizational efforts to build and sustain diversity, culture, recruitment, onboarding, mentoring, and development programs, serving as a role model and mentor for others

Integrate learnings and best practices from/to sister 2LoD organizations (e.g., Integrity GRC, Privacy GRC), and partner with Product & Engineering teams on necessary second-line-of-defense tooling within the unified GRC framework

Qualification

Security risk managementGovernanceRiskCompliance (GRC)Global regulatory requirementsTechnical expertise in securityRisk-based prioritizationInfluencing outcomesLeadershipCollaborationMentoringCommunication

Required

Significant experience as a leader and contributor in security risk management and compliance, including providing second-line oversight

Strong track record of operating effectively and influencing outcomes with Engineering, Product, GRC, and Legal partners

Extensive experience with Governance, Risk, and Compliance (GRC) and Legal functions

Deep expertise in security, with the ability to holistically understand relevant issues, partners, and products, and go deep on technical details

Proven ability to identify critical issues, balance competing priorities, translate technical and regulatory concepts for diverse audiences, and personally drive initiatives to completion

In-depth knowledge of complex global regulatory requirements (e.g., GDPR, SEC, PCI-DSS, NYDFS)

Demonstrated ability to build strong formal and informal networks with key influencers and decision makers inside and outside the company

Experience working in integrated privacy-security environments or familiarity with unified GRC frameworks across multiple risk domains

Preferred

Advanced degree in a relevant field

Experience integrating best practices from other GRC domains (Integrity, Privacy)

Recognized as a thought leader in risk management, with experience influencing external stakeholders and policies

Experience working in a fast-paced tech environment

Proven ability to operate hands-on across orgs and functions

Understanding of Meta's canonical security framework and experience with risk-based prioritization methodologies such as Security Prioritization Framework (SPF)