Jobs · Information Technology · New York

Director, GRC & Privacy Security

Polymarket · New York, United States · 3 wk ago
HybridInformation Technology$21/hrFull-time

About the role

The Director of GRC & Privacy will build and lead the governance, risk, and compliance function within Polymarket's security organization. This role will establish the GRC program from scratch, manage compliance programs for SOC 2 Type II and PCI-DSS, oversee the data privacy program, and ensure privacy-by-design is embedded in product development.

Responsibilities

  • Build and own the enterprise security risk management program
  • Establish and maintain the security control framework
  • Lead the company's security committee and governance forums
  • Own the end-to-end compliance program for SOC 2 Type II and PCI-DSS
  • Manage relationships with external auditors, certification bodies, and regulators
  • Own the third-party risk management program
  • Ensure privacy-by-design is embedded in the product development process
  • Manage data subject rights obligations and privacy incident response

Requirements

  • 8+ years of experience in GRC, information security compliance, or a related field, with 3+ years in a management or program leadership role
  • Strong working knowledge of PCI-DSS v4.0 and experience implementing or managing PCI compliance programs
  • Demonstrated experience managing compliance across multiple legal entities or subsidiaries
  • Experience building or significantly maturing a GRC program
  • Professional certifications: CISM, CRISC, CISSP, CIPP/E, CIPP/US, or equivalent
  • Exposure to ISO 27001, CIS, or NIST CSF as additional compliance frameworks
  • Experience with GRC platforms (Vanta, Drata, Tugboat Logic, ServiceNow GRC, or equivalent)
  • Familiarity with AWS cloud environments and how cloud-native architectures affect control design and evidence collection

Qualifications

  • Experience in fintech, payments, cryptocurrency, or financial services
  • Prior experience standing up a GRC function in a high-growth, previously unstructured environment

Skills

  • Deep, hands-on experience with SOC 2 Type II
  • Strong communication skills to explain risk and compliance requirements to technical teams, business stakeholders, and executive leadership
  • Experience managing external auditor relationships and serving as the primary organizational point of contact during audit engagements

Benefits

  • Competitive salary & equity
  • Unlimited PTO
  • Full Health, Vision, & Dental coverage
  • 401k match
  • Hardware setup: new MacBook Pro, big display, & accessories

Similar jobs