Governance Risk and Compliance
Figma · San Francisco, CA · 2 wk ago
Sales$153k–$296k/yrFull-time
About the role
Figma is growing its team of security, risk, and compliance professionals. This role supports the GRC team in building and maintaining trust with users, regulators, business partners, and organizations relying on Figma.
Responsibilities
- Lead compliance programs across frameworks such as SOC 2, ISO 27001, FedRAMP, SOX ITGC, GDPR, and NIS2
- Manage external audits and certification activities while partnering with auditors and assessors
- Build and maintain risk and controls frameworks, including common control frameworks that support multiple certifications
- Conduct risk and gap assessments and drive remediation efforts across technical and business stakeholders
- Improve control effectiveness and operational efficiency through rationalization and process optimization
- Select, implement, and optimize GRC platforms that scale evidence collection and program management capabilities
- Maintain security policies and governance processes that align with organizational risk objectives
- Support customer trust initiatives, including security questionnaires, audits, and customer-facing security communications
Requirements
- 4+ years of experience in information security, compliance, risk management, or a related field
- Hands-on experience supporting security and compliance frameworks such as SOC 2, ISO 27001, FedRAMP, PCI-DSS, or SOX ITGC
- Experience leading or supporting audits and partnering with external assessors
- Demonstrated ability to conduct assessments, drive remediation efforts, and manage cross-functional initiatives
- Exceptional written and verbal communication skills across technical, business, and executive audiences
- Demonstrated ability to improve processes, manage competing priorities, and build strong cross-functional partnerships
Qualifications
- Operated in a public company environment with SOX ITGC requirements
- Supported FedRAMP authorization, SSP development, 3PAO coordination, or continuous monitoring activities
- Earned security or risk certifications such as CISA, CISSP, CISM, or CRISC
- Implemented or administered GRC platforms such as Vanta, Drata, or similar tools
- Scaled security, compliance, or risk programs in a high-growth environment
Skills
- Strong understanding of security, risk, and compliance frameworks
- Experience with GRC platforms and tools
- Excellent communication and collaboration skills
- Ability to manage complex projects and prioritize tasks
Benefits
- Competitive compensation package including annual base salary range of $153,000 - $296,000 USD
- Health, dental, and vision insurance
- Roth and traditional 401(k) plans with company contributions
- Paid parental leave and reproductive or family planning support
- Mental health and wellness benefits
- Generous paid time off and company recharge days
- Learner’s development stipend and work-from-home stipend
- Cell phone reimbursement
- Opportunities for professional growth and development
Pay
The annual base salary range for this role is $153,000 - $296,000 USD. Actual compensation will be determined based on factors including individual qualifications, market demand, and specific work location.
Schedule
This role can be held from one of Figma’s US hubs or remotely in the United States.