Governance Risk and Compliance
About The Position
Figma is growing our team of passionate creatives and builders on a mission to make design accessible to all. Figma’s platform helps teams bring ideas to life—whether you're brainstorming, creating a prototype, translating designs into code, or iterating with AI. From idea to product, Figma empowers teams to streamline workflows, move faster, and work together in real time from anywhere in the world. If you're excited to shape the future of design and collaboration, join us! Figma's GRC team helps build and maintain trust with our users, regulators, business partners, and the organizations that rely on Figma every day. We partner across the company to strengthen security, manage risk, maintain compliance, and scale the programs that support our continued growth. We're growing our team and looking for security, risk, and compliance professionals across several disciplines. Whether your expertise is in compliance, risk management, governance, GRC tooling, or customer trust, you'll have the opportunity to build programs, improve processes, and help shape how Figma scales security and trust.
Requirements
- 4+ years of experience in information security, compliance, risk management, or a related field
- Hands-on experience supporting security and compliance frameworks such as SOC 2, ISO 27001, FedRAMP, PCI-DSS, or SOX ITGC
- Experience leading or supporting audits and partnering with external assessors
- Demonstrated ability to conduct assessments, drive remediation efforts, and manage cross-functional initiatives
- Exceptional written and verbal communication skills across technical, business, and executive audiences
- Demonstrated ability to improve processes, manage competing priorities, and build strong cross-functional partnerships
Nice To Haves
- Operated in a public company environment with SOX ITGC requirements
- Supported FedRAMP authorization, SSP development, 3PAO coordination, or continuous monitoring activities
- Earned security or risk certifications such as CISA, CISSP, CISM, or CRISC
- Implemented or administered GRC platforms such as Vanta, Drata, or similar tools
- Scaled security, compliance, or risk programs in a high-growth environment
Responsibilities
- Lead compliance programs across frameworks such as SOC 2, ISO 27001, FedRAMP, SOX ITGC, GDPR, and NIS2
- Manage external audits and certification activities while partnering with auditors and assessors
- Build and maintain risk and controls frameworks, including common control frameworks that support multiple certifications
- Conduct risk and gap assessments and drive remediation efforts across technical and business stakeholders
- Improve control effectiveness and operational efficiency through rationalization and process optimization
- Implement and optimize GRC platforms that scale evidence collection and program management
- Maintain security policies and governance processes that align with organizational risk objectives
- Support customer trust initiatives, including security questionnaires, audits, and customer-facing security communications
Benefits
- health, dental & vision
- retirement with company contribution
- parental leave & reproductive or family planning support
- mental health & wellness benefits
- generous PTO
- company recharge days
- a learning & development stipend
- a work from home stipend
- cell phone reimbursement
- sales incentive pay for most sales roles
- an annual bonus plan for eligible non-sales roles
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Education Level
No Education Listed
