Security Compliance Lead (GRC)
About The Position
Faire is an online wholesale marketplace built on the belief that the future is local — independent retailers around the globe are doing more revenue than Walmart and Amazon combined, but individually, they are small compared to these massive entities. At Faire, we're using the power of tech, data, and machine learning to connect this thriving community of entrepreneurs across the globe. Picture your favorite boutique in town — we help them discover the best products from around the world to sell in their stores. With the right tools and insights, we believe that we can level the playing field so that small businesses everywhere can compete with these big box and e-commerce giants. By supporting the growth of independent businesses, Faire is driving positive economic impact in local communities, globally. We're looking for smart, resourceful and passionate people to join us as we power the shop local movement. If you believe in community, come join ours. About the role As Faire's inaugural GRC Lead, you will be responsible for designing, implementing, and scaling our governance, risk, and compliance program from the ground up. This role blends strategic planning with hands-on execution to establish the frameworks, processes, and controls that strengthen our security, privacy, and compliance posture. You will work closely with teams across engineering, IT, legal, and finance to integrate risk management into everyday operations, ensure alignment with regulatory and industry standards, and support Faire's evolving business and product needs. In addition to building the core GRC program, you will lead our preparation for SOX ITGC readiness by collaborating with internal partners and external auditors to define scope, document controls, and enhance our audit processes. This role is ideal for someone who enjoys building programs from the ground up, can navigate both technical and compliance challenges, and is eager to shape how Faire manages risk at scale.
Requirements
- 8+ years in the Security & IT Governance, Risk, and Compliance space
- Big 4 experience with security risk and compliance audits, or equivalent experience leading security compliance teams in financial services, technology firms, or other regulated industries.
- Hungry to expand outside typical GRC scope, assisting with SOX ITGCs.
- Experience in building policies and processes, and completing audits within following frameworks: ISO 27001, SOC2 Type II
- Proficiency with GRC tools and technologies used to manage risk and compliance programs
- Ability to collaborate cross-functionally, including engineering, sales, legal, finance, and other teams.
- Strong oral and written communication skills.
- Strong analytical and result-driven mindset.
Responsibilities
- Formulate and drive GRC roadmap, policies, vendor security reviews, and employee awareness training.
- Unique opportunity to expand into the SOX program
- Develop and maintain a robust governance framework to support Faire's strategic objectives and ensure alignment with industry best practices.
- Ensure adherence to applicable laws, regulations, and standards (e.g. CCPA / GDPR).
- Develop and deliver GRC training programs for employees to promote a culture of accountability and awareness.
- Partner with external auditors to achieve security compliance certifications and reports.
- Regularly report on status, operational metrics and KPI's, providing transparency to company leadership and internal stakeholder teams.
- Drive compliance certifications including ISO 27001, CCPA, GDPR, and SOC2 Type II.
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Education Level
No Education Listed
