Security GRC Program Lead

About The Position

Requirements

• Significant experience as a leader and contributor in security risk management and compliance, including providing second-line oversight
• Strong track record of operating effectively and influencing outcomes with Engineering, Product, GRC, and Legal partners
• Extensive experience with Governance, Risk, and Compliance (GRC) and Legal functions
• Deep expertise in security, with the ability to holistically understand relevant issues, partners, and products, and go deep on technical details
• Proven ability to identify critical issues, balance competing priorities, translate technical and regulatory concepts for diverse audiences, and personally drive initiatives to completion
• In-depth knowledge of complex global regulatory requirements (e.g., GDPR, SEC, PCI-DSS, NYDFS)
• Demonstrated ability to build strong formal and informal networks with key influencers and decision makers inside and outside the company
• Experience working in integrated privacy-security environments or familiarity with unified GRC frameworks across multiple risk domains

Nice To Haves

• Advanced degree in a relevant field
• Experience integrating best practices from other GRC domains (Integrity, Privacy)
• Recognized as a thought leader in risk management, with experience influencing external stakeholders and policies
• Experience working in a fast-paced tech environment
• Proven ability to operate hands-on across orgs and functions
• Understanding of Meta's canonical security framework and experience with risk-based prioritization methodologies such as Security Prioritization Framework (SPF)

Responsibilities

• Lead and deliver on deeply complex, high-impact projects that shape Meta's risk profile and business trajectory.
• Proactively identify long-term, critical, and ambiguous problems, setting a clear vision and strategy for risk management in alignment with company goals.
• Partner with Central Security teams to analyze, streamline, and consolidate issues and risks from all sources (1LoD, 2LoD, 3LoD, external) into a clear, prioritized list for first-line-of-defense consumption and actioning.
• Integrate security risk management with Meta's Security Prioritization Framework (SPF) and contribute to capability maturity assessments to drive risk-based prioritization across the organization.
• Define and maintain clear interfaces and points of contact with the Security organization and other key partners, ensuring efficient governance and communication.
• Prepare regular updates and compliance documents to ensure Meta meets board and regulatory obligations, adapting processes and strategies to evolving regulatory and business environments.
• Drive cross-org execution, collaborating with Risk, Security, Legal, Product, and Engineering functions to deliver results and maximize impact.
• Champion organizational efforts to build and sustain diversity, culture, recruitment, onboarding, mentoring, and development programs, serving as a role model and mentor for others.
• Integrate learnings and best practices from/to sister 2LoD organizations (e.g., Integrity GRC, Privacy GRC), and partner with Product & Engineering teams on necessary second-line-of-defense tooling within the unified GRC framework.