Director - Governance, Risk and Compliance
About The Position
We are a fast-growing fintech company seeking a proactive and highly organized Governance, Risk, and Compliance (GRC) Manager to join our Security & Compliance team. This individual will play a key role in establishing, maturing, and maintaining our governance and risk management frameworks, ensuring ongoing compliance with regulatory, customer, and industry requirements. The ideal candidate is hands-on, detail-oriented, capable of owning cross-functional initiatives, and comfortable operating in a dynamic startup environment.
Requirements
- 7+ years of experience in GRC, security compliance, risk management, or related functions.
- Strong understanding of common security frameworks (SOC 2, ISO 27001, NIST CSF, PCI-DSS).
- Experience managing audits end-to-end.
- Demonstrated ability to build and maintain governance processes and cross-functional compliance programs.
- Excellent documentation, communication, and stakeholder-management skills.
- Experience in technology, fintech, financial services, or other highly regulated industries.
Nice To Haves
- Experience working in a startup or high-growth environment.
- Familiarity with GRC platforms (e.g., Vanta, Drata, Tugboat, ServiceNow GRC).
- Understanding of relevant regulatory requirements (e.g., GLBA, SOX, GDPR, PSD2, NYDFS 500).
Responsibilities
- Develop, maintain, and manage the company's security and compliance policy framework.
- Ensure policies are current, properly communicated, approved, and effectively implemented across the organization.
- Oversee periodic reviews of all internal policies to ensure alignment with regulatory changes, industry best practices, and contractual obligations.
- Educate teams on policy requirements and drive adherence across the organization.
- Build, implement, and continuously refine the company's cyber security risk management framework.
- Lead risk identification, assessment, scoring, and periodic re-evaluations for technical and non-technical risks.
- Maintain the corporate risk register.
- Manage all internal and external audits including SOC 2, ISO 27001, regulatory exams, and customer due-diligence requests.
- Coordinate and prepare audit evidence, ensuring controls are well-designed and operating effectively.
- Serve as the primary liaison with external auditors, security assessors, and regulatory bodies.
- Track audit findings, remediation tasks, and ensure timely closure of identified gaps.
- Oversee internal compliance testing and continuous monitoring activities.
- Maintain and improve the company's control inventory aligned with frameworks such as SOC 2, ISO 27001, NIST, PCI, GDPR, etc.
- Partner with engineering, IT, product, and business teams to ensure controls are implemented and validated.
- Drive improvements to operational processes to strengthen our compliance posture.
Benefits
- competitive compensation packages
- company equity
- 401k matching
- gender-neutral parental leave
- full medical, dental and vision insurance
- lunch stipends
- fully stocked kitchens
- happy hours
- a great location
- amazing views
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Director
Industry
Securities, Commodity Contracts, and Other Financial Investments and Related Activities
Education Level
No Education Listed
Number of Employees
501-1,000 employees
