Director, Security GRC Program Lead

Lead and deliver on deeply complex, high-impact projects that shape Meta's risk profile and business trajectory.

Proactively identify long-term, critical, and ambiguous problems, setting a clear vision and strategy for risk management in alignment with company goals.

Partner with Central Security teams to analyze, streamline, and consolidate issues and risks from all sources (1

LoD, 2

LoD, 3

LoD, external) into a clear, prioritized list for first-line-of-defense consumption and actioning.

Integrate security risk management with Meta's Security Prioritization Framework (SPF) and contribute to capability maturity assessments to drive risk-based prioritization across the organization.

Define and maintain clear interfaces and points of contact with the Security organization and other key partners, ensuring efficient governance and communication.

Prepare regular updates and compliance documents to ensure Meta meets board and regulatory obligations, adapting processes and strategies to evolving regulatory and business environments.

Drive cross-org execution, collaborating with Risk, Security, Legal, Product, and Engineering functions to deliver results and maximize impact.

Champion organizational efforts to build and sustain diversity, culture, recruitment, onboarding, mentoring, and development programs, serving as a role model and mentor for others.

Integrate learnings and best practices from/to sister 2

LoD organizations (e.g., Integrity GRC, Privacy GRC), and partner with Product & Engineering teams on necessary second-line-of-defense tooling within the unified GRC framework.

Significant experience as a leader and contributor in security risk management and compliance, including providing second-line oversight

Strong track record of operating effectively and influencing outcomes with Engineering, Product, GRC, and Legal partners

Extensive experience with Governance, Risk, and Compliance (GRC) and Legal functions

Deep expertise in security, with the ability to holistically understand relevant issues, partners, and products, and go deep on technical details

Proven ability to identify critical issues, balance competing priorities, translate technical and regulatory concepts for diverse audiences, and personally drive initiatives to completion

In-depth knowledge of complex global regulatory requirements (e.g., GDPR, SEC, PCI-DSS, NYDFS)

Demonstrated ability to build strong formal and informal networks with key influencers and decision makers inside and outside the company

Experience working in integrated privacy-security environments or familiarity with unified GRC frameworks across multiple risk domains

Advanced degree in a relevant field

Experience integrating best practices from other GRC domains (Integrity, Privacy)

Recognized as a thought leader in risk management, with experience influencing external stakeholders and policies

Experience working in a fast-paced tech environment

Proven ability to operate hands-on across orgs and functions

Understanding of Meta's canonical security framework and experience with risk-based prioritization methodologies such as Security Prioritization Framework (SPF)