Security Compliance Lead (GRC)

About The Position

Requirements

• 8+ years in the Security & IT Governance, Risk, and Compliance space
• Big 4 experience with security risk and compliance audits, or equivalent experience leading security compliance teams in financial services, technology firms, or other regulated industries.
• Hungry to expand outside typical GRC scope, assisting with SOX ITGCs.
• Experience in building policies and processes, and completing audits within following frameworks: ISO 27001, SOC2 Type II
• Proficiency with GRC tools and technologies used to manage risk and compliance programs
• Ability to collaborate cross-functionally, including engineering, sales, legal, finance, and other teams.
• Strong oral and written communication skills.
• Strong analytical and result-driven mindset.

Responsibilities

• Formulate and drive GRC roadmap, policies, vendor security reviews, and employee awareness training.
• Unique opportunity to expand into the SOX program
• Develop and maintain a robust governance framework to support Faire’s strategic objectives and ensure alignment with industry best practices.
• Ensure adherence to applicable laws, regulations, and standards (e.g. CCPA / GDPR).
• Develop and deliver GRC training programs for employees to promote a culture of accountability and awareness.
• Partner with external auditors to achieve security compliance certifications and reports.
• Regularly report on status, operational metrics and KPI’s, providing transparency to company leadership and internal stakeholder teams.
• Drive compliance certifications including ISO 27001, CCPA, GDPR, and SOC2 Type II.