Director, GRC & Privacy Security
Polymarket · New York, United States · 3 wk ago
HybridInformation Technology$21/hrFull-time
About the role
The Director of GRC & Privacy will build and lead the governance, risk, and compliance function within Polymarket's security organization. This role will establish the GRC program from scratch, manage compliance programs for SOC 2 Type II and PCI-DSS, oversee the data privacy program, and ensure privacy-by-design is embedded in product development.
Responsibilities
- Build and own the enterprise security risk management program
- Establish and maintain the security control framework
- Lead the company's security committee and governance forums
- Own the end-to-end compliance program for SOC 2 Type II and PCI-DSS
- Manage relationships with external auditors, certification bodies, and regulators
- Own the third-party risk management program
- Ensure privacy-by-design is embedded in the product development process
- Manage data subject rights obligations and privacy incident response
Requirements
- 8+ years of experience in GRC, information security compliance, or a related field, with 3+ years in a management or program leadership role
- Strong working knowledge of PCI-DSS v4.0 and experience implementing or managing PCI compliance programs
- Demonstrated experience managing compliance across multiple legal entities or subsidiaries
- Experience building or significantly maturing a GRC program
- Professional certifications: CISM, CRISC, CISSP, CIPP/E, CIPP/US, or equivalent
- Exposure to ISO 27001, CIS, or NIST CSF as additional compliance frameworks
- Experience with GRC platforms (Vanta, Drata, Tugboat Logic, ServiceNow GRC, or equivalent)
- Familiarity with AWS cloud environments and how cloud-native architectures affect control design and evidence collection
Qualifications
- Experience in fintech, payments, cryptocurrency, or financial services
- Prior experience standing up a GRC function in a high-growth, previously unstructured environment
Skills
- Deep, hands-on experience with SOC 2 Type II
- Strong communication skills to explain risk and compliance requirements to technical teams, business stakeholders, and executive leadership
- Experience managing external auditor relationships and serving as the primary organizational point of contact during audit engagements
Benefits
- Competitive salary & equity
- Unlimited PTO
- Full Health, Vision, & Dental coverage
- 401k match
- Hardware setup: new MacBook Pro, big display, & accessories