Responsibilities
- Lead and deliver on deeply complex, high-impact projects that shape Meta's risk profile and business trajectory.
- Proactively identify long-term, critical, and ambiguous problems, setting a clear vision and strategy for risk management in alignment with company goals.
- Partner with Central Security teams to analyze, streamline, and consolidate issues and risks from all sources (1LoD, 2LoD, 3LoD, external) into a clear, prioritized list for first-line-of-defense consumption and actioning.
- Integrate security risk management with Meta's Security Prioritization Framework (SPF) and contribute to capability maturity assessments to drive risk-based prioritization across the organization.
- Define and maintain clear interfaces and points of contact with the Security organization and other key partners, ensuring efficient governance and communication.
- Prepare regular updates and compliance documents to ensure Meta meets board and regulatory obligations, adapting processes and strategies to evolving regulatory and business environments.
- Drive cross-org execution, collaborating with Risk, Security, Legal, Product, and Engineering functions to deliver results and maximize impact.
- Champion organizational efforts to build and sustain diversity, culture, recruitment, onboarding, mentoring, and development programs, serving as a role model and mentor for others.
- Integrate learnings and best practices from/to sister 2LoD organizations (e.g., Integrity GRC, Privacy GRC), and partner with Product & Engineering teams on necessary second-line-of-defense tooling within the unified GRC framework.
Minimum Qualifications
- Significant experience as a leader and contributor in security risk management and compliance, including providing second-line oversight
- Strong track record of operating effectively and influencing outcomes with Engineering, Product, GRC, and Legal partners
- Extensive experience with Governance, Risk, and Compliance (GRC) and Legal functions
- Deep expertise in security, with the ability to holistically understand relevant issues, partners, and products, and go deep on technical details
- Proven ability to identify critical issues, balance competing priorities, translate technical and regulatory concepts for diverse audiences, and personally drive initiatives to completion
- In-depth knowledge of complex global regulatory requirements (e.g., GDPR, SEC, PCI-DSS, NYDFS)
- Demonstrated ability to build strong formal and informal networks with key influencers and decision makers inside and outside the company
- Experience working in integrated privacy-security environments or familiarity with unified GRC frameworks across multiple risk domains
Preferred Qualifications
- Advanced degree in a relevant field
- Experience integrating best practices from other GRC domains (Integrity, Privacy)
- Recognized as a thought leader in risk management, with experience influencing external stakeholders and policies
- Experience working in a fast-paced tech environment
- Proven ability to operate hands-on across orgs and functions
- Understanding of Meta's canonical security framework and experience with risk-based prioritization methodologies such as Security Prioritization Framework (SPF)
$227,000/year to $287,000/year + bonus + equity + benefits
Learn more about this Employer on their Career Site
