CrawlJobs Logo

Director, Security GRC Program Lead

meta.com Logo

Meta

Location Icon

Location:
United States , Bellevue

Category Icon
Category:
IT - Administration

Job Type Icon

Contract Type:
Not provided

Salary Icon

Salary:

227000.00 - 287000.00 USD / Year
Save Job
Save Icon
Apply Position

Job Description:

Meta is seeking a highly skilled Security GRC Program Manager to join our Risk Organization's Governance, Risk, and Compliance (GRC) pillar. This role is pivotal in providing second-line oversight of Meta's security risk management and compliance across multiple business units, regulatory entities, and governance forums. As a senior individual contributor, you will drive strategic risk initiatives, proactively identify and solve complex, ambiguous problems, and set a compelling vision for the team and organization. You will be expected to influence outcomes at the highest levels, build strong networks, and champion innovation and best practices in risk management. This role operates within and in support of Meta's unified Security Governance, Risk, and Compliance program. You will align your work with Meta's canonical security framework and three strategic principles: protecting against top security risks, maturing core security capabilities at scale, and enabling the company to move fast securely. This position offers the opportunity to shape Meta's security risk posture, collaborate with leaders across Security, Product, Engineering, and Legal, and deliver meaningful impact on Meta's ability to meet global regulatory requirements and business objectives. You will operate with significant autonomy, regularly leading cross-functional initiatives and driving company-wide impact through thought leadership and strategic execution.

Job Responsibility:

  • Lead and deliver on deeply complex, high-impact projects that shape Meta's risk profile and business trajectory
  • Proactively identify long-term, critical, and ambiguous problems, setting a clear vision and strategy for risk management in alignment with company goals
  • Partner with Central Security teams to analyze, streamline, and consolidate issues and risks from all sources (1LoD, 2LoD, 3LoD, external) into a clear, prioritized list for first-line-of-defense consumption and actioning
  • Integrate security risk management with Meta's Security Prioritization Framework (SPF) and contribute to capability maturity assessments to drive risk-based prioritization across the organization
  • Define and maintain clear interfaces and points of contact with the Security organization and other key partners, ensuring efficient governance and communication
  • Prepare regular updates and compliance documents to ensure Meta meets board and regulatory obligations, adapting processes and strategies to evolving regulatory and business environments
  • Drive cross-org execution, collaborating with Risk, Security, Legal, Product, and Engineering functions to deliver results and maximize impact
  • Champion organizational efforts to build and sustain diversity, culture, recruitment, onboarding, mentoring, and development programs, serving as a role model and mentor for others
  • Integrate learnings and best practices from/to sister 2LoD organizations (e.g., Integrity GRC, Privacy GRC), and partner with Product & Engineering teams on necessary second-line-of-defense tooling within the unified GRC framework

Requirements:

  • Significant experience as a leader and contributor in security risk management and compliance, including providing second-line oversight
  • Strong track record of operating effectively and influencing outcomes with Engineering, Product, GRC, and Legal partners
  • Extensive experience with Governance, Risk, and Compliance (GRC) and Legal functions
  • Deep expertise in security, with the ability to holistically understand relevant issues, partners, and products, and go deep on technical details
  • Proven ability to identify critical issues, balance competing priorities, translate technical and regulatory concepts for diverse audiences, and personally drive initiatives to completion
  • In-depth knowledge of complex global regulatory requirements (e.g., GDPR, SEC, PCI-DSS, NYDFS)
  • Demonstrated ability to build strong formal and informal networks with key influencers and decision makers inside and outside the company
  • Experience working in integrated privacy-security environments or familiarity with unified GRC frameworks across multiple risk domains

Nice to have:

  • Advanced degree in a relevant field
  • Experience integrating best practices from other GRC domains (Integrity, Privacy)
  • Recognized as a thought leader in risk management, with experience influencing external stakeholders and policies
  • Experience working in a fast-paced tech environment
  • Proven ability to operate hands-on across orgs and functions
  • Understanding of Meta's canonical security framework and experience with risk-based prioritization methodologies such as Security Prioritization Framework (SPF)
What we offer:
  • bonus
  • equity
  • benefits

Additional Information:

Job Posted:
January 23, 2026

Icon
Meta - All Job Offers
Job Link Share:
Copy Link Icon
Facebook Icon Twitter Icon LinkedIn Icon

Looking for more opportunities? Search for other job offers that match your skills and interests.

Briefcase Icon

Similar Jobs for Director, Security GRC Program Lead

Director, GRC, Privacy, & Trust

We’re looking for an experienced security leader to grow and mature the Governan...
Location
Location
United States; Canada
Salary
Salary:
258000.00 - 350000.00 USD / Year
https://www.1password.com Logo
1Password
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 8+ years leading GRC and privacy programs, including experience with international audits, risk management frameworks, and privacy regulations
  • 5+ years experience managing individual contributors as well as experience managing other managers
  • Proven expertise in policy development, risk assessment, compliance monitoring, and privacy program management
  • Passion for fostering psychological safety and stability in complex compliance environments
  • Hands-on experience with various information security and privacy compliance frameworks such as SOC 2 Type II, ISO 27001, FedRAMP, CMMC, GDPR, and CPRA
  • Experience with security and privacy automation tools for compliance monitoring and knowledge management
  • Experience leading company-wide compliance initiatives, securing buy-in for security and privacy policies, and leading cross functional programs
  • Experience partnering on customer contracts, including security addendums and compliance terms, balancing customer expectations and business needs
  • Exceptional written and verbal communication skills with ability to communicate effectively with executives, legal counsel, and stakeholders
  • Experience managing third-party risk, vendor assessments, and external auditors
Job Responsibility
Job Responsibility
  • Lead and mentor the GRC and Privacy Engineering team, fostering career growth and high performance
  • Drive the organization's risk management strategy and oversee the implementation of risk assessment frameworks
  • Develop and maintain information security and privacy policies, ensuring regular reviews and updates
  • Establish strong partnerships across departments to align on security and compliance initiatives
  • Engaging with customers, in partnership with Sales and Legal, to represent security in RFPs, due diligence, and security assessments
  • Oversee 1Password’s various information security and privacy certification processes ensuring compliance with relevant frameworks and regulations
  • Monitor and report on compliance metrics and program effectiveness
  • Partner with legal and security teams to assess and mitigate business, technical, and regulatory risks
  • Oversee relationships with external auditors and consultants
What we offer
What we offer
  • Maternity and parental leave top-up programs
  • Generous PTO policy
  • Four company-wide wellness days
  • Company equity for all full-time employees
  • Retirement matching program
  • Free 1Password account
  • Paid volunteer days
  • Employee-led inclusion and belonging programs and ERGs
  • Peer-to-peer recognition through Bonusly
  • Fulltime
Read More
Arrow Right

Director - Governance, Risk and Compliance

We are a fast-growing fintech company seeking a proactive and highly organized G...
Location
Location
United States , New York
Salary
Salary:
175000.00 - 200000.00 USD / Year
clearstreet.io Logo
Clear Street
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 7+ years of experience in GRC, security compliance, risk management, or related functions
  • Strong understanding of common security frameworks (SOC 2, ISO 27001, NIST CSF, PCI-DSS)
  • Experience managing audits end-to-end
  • Demonstrated ability to build and maintain governance processes and cross-functional compliance programs
  • Excellent documentation, communication, and stakeholder-management skills
  • Experience in technology, fintech, financial services, or other highly regulated industries
Job Responsibility
Job Responsibility
  • Develop, maintain, and manage the company’s security and compliance policy framework
  • Ensure policies are current, properly communicated, approved, and effectively implemented across the organization
  • Oversee periodic reviews of all internal policies
  • Educate teams on policy requirements and drive adherence
  • Build, implement, and continuously refine the company’s cyber security risk management framework
  • Lead risk identification, assessment, scoring, and periodic re-evaluations
  • Maintain the corporate risk register
  • Manage all internal and external audits including SOC 2, ISO 27001, regulatory exams, and customer due-diligence requests
  • Coordinate and prepare audit evidence
  • Serve as the primary liaison with external auditors, security assessors, and regulatory bodies
What we offer
What we offer
  • Competitive compensation packages
  • Company equity
  • 401k matching
  • Gender-neutral parental leave
  • Full medical, dental and vision insurance
  • Lunch stipends
  • Fully stocked kitchens
  • Happy hours
  • Fulltime
Read More
Arrow Right

Director, Information Security

The Director of Information Security leads the enterprise security function to p...
Location
Location
United States , Reston
Salary
Salary:
Not provided
bowman.com Logo
Bowman
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Minimum of fifteen (15) years of progressive IT experience, including at least six (6) years in information security roles
  • Bachelor’s degree in computer science, cybersecurity, or related field required
  • advanced degree preferred
  • One or more advanced security certifications required (e.g., CISSP, CISM, CISA, CCSP)
  • Proven experience building and leading security teams
  • Strong knowledge of enterprise security architecture, security operations, GRC frameworks, and risk management
  • Experience with Microsoft O365, Azure AD, virtual networks, firewalls, and modern security toolsets
  • Familiarity with frameworks such as NIST CSF, ISO 27001, CIS Controls, CMMC
Job Responsibility
Job Responsibility
  • Report to the CIO/CISO and contribute to executive-level decision making on security matters
  • Provide strategic leadership over the information security function, including technical operations, GRC, and incident response
  • Supervise a growing team of security professionals, with responsibility for hiring, performance management, training, and development
  • Build and execute a multi-year information security roadmap aligned with business goals and evolving threat landscapes
  • Collaborate with IT, Legal, HR, Marketing, Compliance, Product, and business units to implement practical, risk-based security controls and policies across the enterprise
  • Serve as a subject matter expert on cybersecurity, advising stakeholders across the enterprise
  • Communicate risk posture, security metrics and program maturity to executive leadership and governance bodies
  • Lead the design, implementation, and continuous improvement of secure enterprise architectures, ensuring protection of data, applications, and infrastructure
  • Oversee technical security operations, including endpoint security (EDR/XDR & MDM), vulnerability management, logging and detection (SIEM, SOAR, threat intelligence, UEBA, CSPM/ASM), data protection (DLP, classification, encryption, backup and governance), application and DevSecOps (SAST/DAST, SBOM, secrets, API and container security), and cloud/infrastructure security (CWPP, IaC scanning, and hybrid/cloud hardening)
  • Develop and implement comprehensive GRC programs addressing risk management, compliance standards(e.g., NIST 800-171, CMMC, ISO, CIS), customer requirements, audit readiness, policy management, and vendor risk
What we offer
What we offer
  • Medical, dental, vision, life, and disability insurance
  • 401(k) retirement savings plan with company match
  • Paid time off, sick leave, and paid holidays
  • Tuition reimbursement and professional development support
  • Discretionary bonuses and other performance-based incentives
  • Employee Assistance Program (EAP), wellness initiatives, and employee discounts
  • Fulltime
Read More
Arrow Right

Director, Security & Compliance

As Director, Security & Compliance, you’ll be responsible for building and manag...
Location
Location
United States , San Francisco
Salary
Salary:
Not provided
instabase.com Logo
Instabase
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Extensive experience in security compliance, successfully leading compliance projects, risk assessments and audits
  • FedRAMP (NIST 800-53), GDPR, SOC2, HIPAA and ISO 27001 auditing and implementation experience
  • Experience working with Engineering teams within the modern cloud / SaaS technology space
  • Excellent written and verbal communication skills
Job Responsibility
Job Responsibility
  • Formulate and drive GRC roadmap, security policies, vendor security reviews and security training
  • Initiate, own and lead new security & compliance programs and audits GDPR, SOC2, HIPAA and ISO 27001
  • Establish and continuously improve standards, processes, tooling and procedures for audit and compliance management
  • Collaborate and work cross-functionally across the company to deliver successful security compliance programs, partnering with Engineering, Product, GTM, Legal and HR teams
  • Work with external auditors to achieve security compliance certifications and reports
  • Regularly report on status, operational metrics and KPI’s, providing transparency to company Leadership and internal stakeholder teams
What we offer
What we offer
  • Flexible PTO
  • Instabreak Fridays: Enjoy 6 company-wide Friday breaks scheduled throughout the year
  • Comprehensive Coverage: Top-notch medical, dental, and vision insurance
  • 401(k) with Matching
  • Parental Leave & Fertility Benefits
  • Therapy Sessions Covered: 10 free sessions through Samata Health
  • Wellness Stipend
  • Lunch on Us: Enjoy a lunch credit when you're in the office
  • Fulltime
Read More
Arrow Right
New

Program Manager, Program Governance

This role will be responsible for program management within the Governance pilla...
Location
Location
United States , Menlo Park
Salary
Salary:
122000.00 - 180000.00 USD / Year
meta.com Logo
Meta
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of work experience in risk and compliance, legal, consulting, business operations or other operational disciplines
  • 4+ years of experience working in regulatory domains like privacy, integrity or security OR in a role associated with data protection, regulatory response, audit and implementation of control frameworks
  • 3+ years of work experience in program or project management
  • Bachelor's Degree in a related field or equivalent experience
Job Responsibility
Job Responsibility
  • Design and operate governance and reporting requirements for Meta’s Privacy Program, and Security GRC Programs
  • Facilitate governance forums designed to oversee and drive strategic decision making for Privacy and Security GRC programs
  • Recommend and draft Privacy program oversight and adjustment reporting for external assessment under Meta’s FTC Consent Order, including leadership socialization of recommendations and 2nd line of defense reviews
  • Work with legal, privacy and product leadership (including Meta Executives) teams to ensure the cross-company work on regulatory priorities is planned, implemented and executed in an efficient & effective manner
  • Prepare communication materials and progress tracking for multiple audiences including supporting material for Meta executives and its Board of Directors
  • Lead strategic conversations with external auditors and internal leadership team
  • Advise on industry standards related to external assessments and audits
  • Create mechanisms for identifying and monitoring updates, milestones and roadblocks on privacy work and ensuring leadership is aware of status and progress
  • Drive greater consistency of Governance process, practices, and execution across company-wide privacy, security, integrity and AI workstreams
  • Champion the overall implementation plan related to Meta’s FTC Consent order (and similar Privacy directives, both current and future) including understanding order requirements and associated technical and operational work required across the company to comply successfully
What we offer
What we offer
  • bonus
  • equity
  • benefits
Read More
Arrow Right
New

Director, GRC

Founded in 2018 with co-headquarters in Dublin and Boston, Tines powers some of ...
Location
Location
United States
Salary
Salary:
250000.00 - 265000.00 USD / Year
tines.com Logo
Tines
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 12+ years of progressive experience in GRC, information security, or risk management
  • At least 5 years in a leadership role
  • Proven track record leading FedRAMP authorization efforts from planning through ATO
  • Deep expertise in multiple compliance frameworks: SOC 2, ISO 27001, FedRAMP, NIST 800-53
  • Experience building and scaling GRC teams and programs in high-growth SaaS or technology companies
  • Strong executive presence with ability to influence C-suite and Board-level stakeholders
  • Demonstrated success managing complex, multi-workstream compliance programs with competing priorities
  • Exceptional communication skills with the ability to translate technical compliance requirements into business value
  • Strategic mindset with hands-on execution capability
  • Experience partnering with Sales, Engineering, Product, and Legal teams to operationalize compliance
Job Responsibility
Job Responsibility
  • Define and execute Tines' multi-year GRC strategy aligned with business objectives
  • Own the compliance roadmap, prioritizing certifications and frameworks based on customer needs and revenue impact
  • Serve as executive sponsor for all compliance programs, providing visibility and reporting to C-suite and Board of Directors
  • Build business cases for compliance investments, demonstrating ROI and competitive advantage
  • Monitor evolving compliance landscape, anticipating regulatory changes
  • Lead, mentor, and grow a team of GRC professionals
  • Scale the team strategically as Tines grows
  • Foster cross-functional collaboration with Engineering, Product, Sales, Legal, IT, Security, and HR teams
  • Drive Tines' FedRAMP authorization to successful completion
  • Establish ongoing FedRAMP continuous monitoring and reauthorization processes
What we offer
What we offer
  • Competitive salary
  • Startup equity & extended exercise window
  • Matching retirement plans
  • Home office setup
  • Private healthcare plans
  • 25 days annual leave
  • Extra company holidays
  • Generous parental leave programs
  • Flexibility in how and where you work
  • Phone and home Internet allowance
  • Fulltime
Read More
Arrow Right

Director of Enterprise Cybersecurity

We are seeking a strategic and results-driven Director of Cybersecurity to lead ...
Location
Location
United States , Woburn
Salary
Salary:
214000.00 - 250000.00 USD / Year
str.us Logo
STR
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, or related field (Master’s degree preferred)
  • 10+ years of leadership roles in information security governance, risk management, and compliance, with at least 5 years leading enterprise cybersecurity teams
  • Current CISSP, CISM, or equivalent DoD 8570 certifications
  • Experience with CMMC requirements and auditing
  • Strong technical expertise in implementing security frameworks (e.g., NIST 800-171, CIS, ISO, ITIL) and risk management methodologies
  • Deep knowledge of enterprise IT systems, cloud infrastructure security, and secure network architecture
  • Demonstrated success in building operational cybersecurity teams and fostering a collaborative culture
  • Experience leading security incident response efforts, including hands-on involvement in detection, analysis, containment, and recovery phases
  • Knowledge of emerging trends, technologies, and threats in cybersecurity
  • Must possess an active Secret clearance or ability to obtain a clearance, which requires U.S. Citizenship
Job Responsibility
Job Responsibility
  • Refine our comprehensive, forward-looking enterprise cybersecurity strategy that aligns with STR’s mission, business goals, and compliance requirements
  • Define and monitor key performance indicators (KPIs) to measure security program effectiveness and ROI
  • Partner with executive leadership to advise on security investments, risk mitigation strategies, and incident response readiness
  • Manage cybersecurity risk as part of the enterprise risk management program, and update and present changes to the risk committee
  • In collaboration with the Director of Enterprise Infrastructure, oversee the implementation and monitoring of technical and operational security controls to protect STR’s assets across on-premises and cloud environments
  • Review enterprise vulnerability management programs, including proactive scanning, risk prioritization, and remediation tracking
  • Working with the Director of Enterprise Infrastructure, oversee the implementation and continuous improvement of security technologies such as firewalls, intrusion detection/prevention systems, endpoint protection, cloud security controls, and data loss prevention solutions
  • Partner with the Director of Enterprise Infrastructure, to optimize network and perimeter security strategies to include secure network design and best practices for multi-platform environments (Windows, Linux, Mac, etc.)
  • Ensure company-wide compliance with NIST 800-171, DFARS, CMMC, and other applicable DoD/federal cybersecurity regulations
  • Lead internal and third-party IT audits, including tracking findings, managing resolutions, and driving continuous improvements
  • Fulltime
Read More
Arrow Right

Information Security Analyst

The Information Security Analyst will plan and carry out security measures to pr...
Location
Location
Canada , Mississauga
Salary
Salary:
72000.00 - 80000.00 CAD / Year
pointclickcare.com Logo
PointClickCare
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Proven experience with security software, such as: SIEM, Vulnerability Scanning, Advance Endpoint Protection (Anti-virus/Anti-Malware), Privilege Access Management, Data Loss
  • Working technical knowledge of IT technical environments with a strong understanding of IP, TCP/IP, network administration protocols, Access Control methods, WAFs, Firewalls, and virtualized access control solutions (e.g., Network Security Groups)
  • Understanding/working knowledge of Windows, Active Directory, Group Policy, DNS, and Apple operating systems
  • Extensive working knowledge of information security and vulnerabilities/threats, security best practices, tools, and techniques, including encryption
  • Experience working with Python and PowerShell Experience in managing/administering Linux OS variants, PowerShell, bash/shell scripting, python
Job Responsibility
Job Responsibility
  • Primary point of contact to facilitate with the daily monitoring, assessing and reporting of security incidents from the SIEM platform
  • Manage processes relating to the installation, maintenance and operation of security infrastructure including SIEM, anti-virus, DLP, PAM, IAM, etc
  • Perform ad hoc threat risk assessment (TRA) on infrastructure and systems as well as cloud-based solutions and facilitate remediation tasks with other operational teams
  • Work independently, and with the team, to determine new methods of automating existing workflows (e.g., through the use of AI tools, automation frameworks, and workflow management solutions)
  • Assist with ongoing Vulnerability Management program to perform routine vulnerability scans and working closely with SaaS Operations and Corporate Technology teams to coordinate remediation of identified findings
  • Assist with the evaluation of security tools and processes in conjunction with Director, Security Operations
  • Recommend improvements to security tools, configurations, processes and policies
  • Report monthly security KPIs, change requests, incidents and threats/events
  • Provide advice and apply your experience to help tune alerting to reduce false positives
  • Actively assist with Security Incident Response process and support security investigations by documenting findings and root causes as and when needed, research and assess new threats and security alerts and determining relevance to company environments and staff
What we offer
What we offer
  • Benefits starting from Day 1
  • Retirement Plan Matching
  • Flexible Paid Time Off
  • Wellness Support Programs and Resources
  • Parental & Caregiver Leaves
  • Fertility & Adoption Support
  • Continuous Development Support Program
  • Employee Assistance Program
  • Allyship and Inclusion Communities
  • Employee Recognition
  • Fulltime
Read More
Arrow Right
Jobs by Category
Art and Entertainment Jobs Banking Jobs Call Center Jobs Construction Jobs Consulting Jobs Customer Service Jobs Education Jobs Energy Jobs Finance Jobs Gastronomy Jobs Health and Beauty Jobs Hospitality and Tourism Jobs Human Resources Jobs Insurance Jobs IT - Administration Jobs IT - Software Development Jobs Legal Jobs Logistics Jobs Manufacturing Jobs Marketing, Digital Marketing, SEO, SEM Jobs Media Jobs Nursing Jobs Office Administration Jobs Pharmacy Jobs Physical Work Jobs Public Relations Jobs Public Sector Jobs Purchasing Jobs Quality Control Jobs Real Estate Jobs Research and Development Jobs Sales Jobs
Job Positions Jobs by Country
United States Jobs United Kingdom Jobs India Jobs Canada Jobs Australia Jobs Germany Jobs Ireland Jobs Poland Jobs
Company
Blog About Us Contact
Follow Us
Facebook
X (Twitter)
LinkedIn
Instagram
CrawlJobs Group
ITFlashcards AllDevBlogs
© 2026 CrawlJobs Ltd. All Rights Reserved
Terms & Conditions Privacy Policy