Jobs · Finance

Governance Risk and Compliance

Figma · New York, NY · 2 wk ago
Finance$153k–$296k/yrFull-time

About the role

Figma is growing its team of security, risk, and compliance professionals. This team helps build and maintain trust with users, regulators, business partners, and organizations relying on Figma. Roles include Compliance Management, Security Risk Management, Policy & Governance, GRC Platforms & Enablement, and Customer Trust.

Responsibilities

  • Lead compliance programs across frameworks such as SOC 2, ISO 27001, FedRAMP, SOX ITGC, GDPR, and NIS2
  • Manage external audits and certification activities while partnering with auditors and assessors
  • Build and maintain risk and controls frameworks, including common control frameworks that support multiple certifications
  • Conduct risk and gap assessments and drive remediation efforts across technical and business stakeholders
  • Improve control effectiveness and operational efficiency through rationalization and process optimization
  • Select, implement, and optimize GRC platforms that scale evidence collection and program management capabilities
  • Maintain security policies and governance processes that align with organizational risk objectives
  • Support customer trust initiatives, including security questionnaires, audits, and customer-facing security communications

Requirements

  • 4+ years of experience in information security, compliance, risk management, or a related field
  • Hands-on experience supporting security and compliance frameworks such as SOC 2, ISO 27001, FedRAMP, PCI-DSS, or SOX ITGC
  • Experience leading or supporting audits and partnering with external assessors
  • Demonstrated ability to conduct assessments, drive remediation efforts, and manage cross-functional initiatives
  • Exceptional written and verbal communication skills across technical, business, and executive audiences
  • Demonstrated ability to improve processes, manage competing priorities, and build strong cross-functional partnerships

Qualifications

  • Operated in a public company environment with SOX ITGC requirements
  • Supported FedRAMP authorization, SSP development, 3PAO coordination, or continuous monitoring activities
  • Earned security or risk certifications such as CISA, CISSP, CISM, or CRISC
  • Implemented or administered GRC platforms such as Vanta, Drata, or similar tools
  • Scaled security, compliance, or risk programs in a high-growth environment

Skills

  • Strong understanding of security, risk, and compliance frameworks
  • Experience with GRC platforms and tools
  • Excellent communication and collaboration skills
  • Ability to manage complex projects and prioritize tasks

Benefits

  • Competitive compensation and benefits package
  • Health, dental, and vision insurance
  • Roth and traditional 401(k) plans with company contributions
  • Paternity and maternity leave, reproductive or family planning support
  • Mental health and wellness benefits
  • Generous paid time off and company recharge days
  • Learner's development stipend
  • Work from home stipend
  • Cell phone reimbursement

Pay

The annual base salary range for this role is $153,000 - $296,000 USD. Actual compensation will be determined based on factors including individual qualifications, market demand, and specific work location.

Schedule

This is a full-time role that can be held from one of Figma's US hubs or remotely in the United States.

Similar jobs