"Alerted.org

Summary:

Meta is seeking a highly skilled Security GRC Program Manager to join our Risk Organization's Governance, Risk, and Compliance (GRC) pillar. This role is pivotal in providing second-line oversight of Meta's security risk management and compliance across multiple business units, regulatory entities, and governance forums. As a senior individual contributor, you will drive strategic risk initiatives, proactively identify and solve complex, ambiguous problems, and set a compelling vision for the team and organization. You will be expected to influence outcomes at the highest levels, build strong networks, and champion innovation and best practices in risk management.This role operates within and in support of Meta's unified Security Governance, Risk, and Compliance program. You will align your work with Meta's canonical security framework and three strategic principles: protecting against top security risks, maturing core security capabilities at scale, and enabling the company to move fast securely.This position offers the opportunity to shape Meta's security risk posture, collaborate with leaders across Security, Product, Engineering, and Legal, and deliver meaningful impact on Meta's ability to meet global regulatory requirements and business objectives. You will operate with significant autonomy, regularly leading cross-functional initiatives and driving company-wide impact through thought leadership and strategic execution.

Required Skills:

Director, Security GRC Program Lead Responsibilities:

1. Lead and deliver on deeply complex, high-impact projects that shape Meta's risk profile and business trajectory.

2. Proactively identify long-term, critical, and ambiguous problems, setting a clear vision and strategy for risk management in alignment with company goals.

3. Partner with Central Security teams to analyze, streamline, and consolidate issues and risks from all sources (1LoD, 2LoD, 3LoD, external) into a clear, prioritized list for first-line-of-defense consumption and actioning.

4. Integrate security risk management with Meta's Security Prioritization Framework (SPF) and contribute to capability maturity assessments to drive risk-based prioritization across the organization.

5. Define and maintain clear interfaces and points of contact with the Security organization and other key partners, ensuring efficient governance and communication.

6. Prepare regular updates and compliance documents to ensure Meta meets board and regulatory obligations, adapting processes and strategies to evolving regulatory and business environments.

7. Drive cross-org execution, collaborating with Risk, Security, Legal, Product, and Engineering functions to deliver results and maximize impact.

8. Champion organizational efforts to build and sustain diversity, culture, recruitment, onboarding, mentoring, and development programs, serving as a role model and mentor for others.

9. Integrate learnings and best practices from/to sister 2LoD organizations (e.g., Integrity GRC, Privacy GRC), and partner with Product & Engineering teams on necessary second-line-of-defense tooling within the unified GRC framework.

Minimum Qualifications:

Minimum Qualifications:

10. Significant experience as a leader and contributor in security risk management and compliance, including providing second-line oversight

11. Strong track record of operating effectively and influencing outcomes with Engineering, Product, GRC, and Legal partners

12. Extensive experience with Governance, Risk, and Compliance (GRC) and Legal functions

13. Deep expertise in security, with the ability to holistically understand relevant issues, partners, and products, and go deep on technical details

14. Proven ability to identify critical issues, balance competing priorities, translate technical and regulatory concepts for diverse audiences, and personally drive initiatives to completion

15. In-depth knowledge of complex global regulatory requirements (e.g., GDPR, SEC, PCI-DSS, NYDFS)

16. Demonstrated ability to build strong formal and informal networks with key influencers and decision makers inside and outside the company

17. Experience working in integrated privacy-security environments or familiarity with unified GRC frameworks across multiple risk domains

Preferred Qualifications:

Preferred Qualifications:

18. Advanced degree in a relevant field

19. Experience integrating best practices from other GRC domains (Integrity, Privacy)

20. Recognized as a thought leader in risk management, with experience influencing external stakeholders and policies

21. Experience working in a fast-paced tech environment

22. Proven ability to operate hands-on across orgs and functions

23. Understanding of Meta's canonical security framework and experience with risk-based prioritization methodologies such as Security Prioritization Framework (SPF)

Public Compensation:

$222,000/year to $287,000/year + bonus + equity + benefits

**Industry:** Internet

Equal Opportunity:

Meta is proud to be an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender, gender identity, gender expression, transgender status, sexual stereotypes, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law. Meta participates in the E-Verify program in certain locations, as required by law. Please note that Meta may leverage artificial intelligence and machine learning technologies in connection with applications for employment.

Meta is committed to providing reasonable accommodations for candidates with disabilities in our recruiting process. If you need any assistance or accommodations due to a disability, please let us know at [email protected].