Remote Compliance Lead — SOC, ISO27001 & Audits
San Francisco, San Francisco County, California, 94199, USA
Listed on 2026-07-14
-
IT/Tech
Information Security, Cybersecurity
Overview
Figma is growing its team of passionate creatives and builders on a mission to make design accessible to all. Figma’s platform helps teams bring ideas to life—whether you’re brainstorming, creating prototypes, translating designs into code, or iterating with AI. From idea to product, Figma empowers teams to streamline workflows, move faster, and work together in real time from anywhere in the world.
Roleswe hire for on this team
- Compliance Management Lead compliance and certification programs across security and regulatory frameworks, manage audit cycles, partner with external assessors, drive audit readiness initiatives, and improve controls, processes, and evidence management practices across the organization.
- Security Risk Management build and maintain risk and controls frameworks that support Figma’s security posture, assess, prioritize, and communicate security risks across the business, and develop third‑party risk management strategies and enterprise risk reporting programs.
- Policy & Governance manage the lifecycle of organizational security policies, standards, and procedures, drive policy awareness and stakeholder engagement across the company, and ensure governance practices align with regulatory requirements and business objectives.
- GRC Platforms & Enablement select, implement, and optimize GRC platforms and supporting workflows, scale evidence collection, reporting, and program management capabilities, and identify opportunities to automate and streamline GRC operations.
- Customer Trust support customer trust and business enablement activities across the sales lifecycle, manage security knowledge bases, customer‑facing documentation, and trust publications, and respond to customer security inquiries, audits, and questionnaires.
This is a full‑time role that can be held from one of our US hubs or remotely in the United States.
Responsibilities- Lead compliance programs across frameworks such as SOC2, ISO
27001, FedRAMP, SOXITGC, GDPR, and NIS
2. - Manage external audits and certification activities while partnering with auditors and assessors.
- Build and maintain risk and controls frameworks, including common control frameworks that support multiple certifications.
- Conduct risk and gap assessments and drive remediation efforts across technical and business stakeholders.
- Improve control effectiveness and operational efficiency through rationalization and process optimization.
- Implement and optimize GRC platforms that scale evidence collection and program management.
- Maintain security policies and governance processes that align with organizational risk objectives.
- Support customer trust initiatives, including security questionnaires, audits, and customer‑facing security communications.
- 4+ years of experience in information security, compliance, risk management, or a related field.
- Hands‑on experience supporting security and compliance frameworks such as SOC2, ISO
27001, FedRAMP, PCI‑DSS, or SOXITGC. - Experience leading or supporting audits and partnering with external assessors.
- Demonstrated ability to conduct assessments, drive remediation efforts, and manage cross‑functional initiatives.
- Exceptional written and verbal communication skills across technical, business, and executive audiences.
- Demonstrated ability to improve processes, manage competing priorities, and build strong cross‑functional partnerships.
- Operated in a public company environment with SOXITGC requirements.
- Supported FedRAMP authorization, SSP development, 3
PAO coordination, or continuous monitoring activities. - Earned security or risk certifications such as CISA, CISSP, CISM, or CRISC.
- Implemented or administered GRC platforms such as Vanta, Drata, or similar tools.
- Scaled security, compliance, or risk programs in a high‑growth environment.
Annual Base Salary Range: $153,000 — $296,000
USD (for roles in the San Francisco or New York hubs). For remote positions, the pay range is localized by a factor of between 80% and 100% of the range.
Figma offers equity, a competitive package of benefits, and additional compensation. Benefits include health, dental & vision insurance,…
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).