Director, Security GRC Program Lead

Meta is seeking a highly skilled Security GRC Program Lead to join our Risk Organization's Governance, Risk, and Compliance (GRC) pillar. This role is pivotal in providing second-line oversight of Meta's security risk management and compliance across multiple business units, regulatory entities, and governance forums. As a senior individual contributor, you will drive strategic risk initiatives, proactively identify and solve complex, ambiguous problems, and set a compelling vision for the team and organization. You will be expected to influence outcomes at the highest levels, build strong networks, and champion innovation and best practices in risk management. This role operates within and in support of Meta's unified Security Governance, Risk, and Compliance program. You will align your work with Meta's canonical security framework and three strategic principles: protecting against top security risks, maturing core security capabilities at scale, and enabling the company to move fast securely. This position offers the opportunity to shape Meta's security risk posture, collaborate with leaders across Security, Product, Engineering, and Legal, and deliver meaningful impact on Meta's ability to meet global regulatory requirements and business objectives. You will operate with significant autonomy, regularly leading cross-functional initiatives and driving company-wide impact through thought leadership and strategic execution.

• Lead and deliver on deeply complex, high-impact projects that shape Meta's risk profile and business trajectory.
• Proactively identify long-term, critical, and ambiguous problems, setting a clear vision and strategy for risk management in alignment with company goals.
• Partner with Central Security teams to analyze, streamline, and consolidate issues and risks from all sources (1LoD, 2LoD, 3LoD, external) into a clear, prioritized list for first-line-of-defense consumption and actioning.
• Integrate security risk management with Meta's Security Prioritization Framework (SPF) and contribute to capability maturity assessments to drive risk-based prioritization across the organization.
• Define and maintain clear interfaces and points of contact with the Security organization and other key partners, ensuring efficient governance and communication.
• Prepare regular updates and compliance documents to ensure Meta meets board and regulatory obligations, adapting processes and strategies to evolving regulatory and business environments.
• Drive cross-org execution, collaborating with Risk, Security, Legal, Product, and Engineering functions to deliver results and maximize impact.
• Champion organizational efforts to build and sustain diversity, culture, recruitment, onboarding, mentoring, and development programs, serving as a role model and mentor for others.
• Integrate learnings and best practices from/to sister 2LoD organizations (e.g., Integrity GRC, Privacy GRC), and partner with Product & Engineering teams on necessary second-line-of-defense tooling within the unified GRC framework.

• Significant experience as a leader and contributor in security risk management and compliance, including providing second-line oversight.
• Strong track record of operating effectively and influencing outcomes with Engineering, Product, GRC, and Legal partners.
• Extensive experience with Governance, Risk, and Compliance (GRC) and Legal functions.
• Deep expertise in security, with the ability to holistically understand relevant issues, partners, and products, and go deep on technical details.
• Proven ability to identify critical issues, balance competing priorities, translate technical and regulatory concepts for diverse audiences, and personally drive initiatives to completion.
• In-depth knowledge of complex global regulatory requirements (e.g., GDPR, SEC, PCI-DSS, NYDFS).
• Demonstrated ability to build strong formal and informal networks with key influencers and decision makers inside and outside the company.
• Experience working in integrated privacy-security environments or familiarity with unified GRC frameworks across multiple risk domains.

• Advanced degree in a relevant field.
• Experience integrating best practices from other GRC domains (Integrity, Privacy).
• Recognized as a thought leader in risk management, with experience influencing external stakeholders and policies.
• Experience working in a fast-paced tech environment.
• Proven ability to operate hands-on across orgs and functions.
• Understanding of Meta's canonical security framework and experience with risk-based prioritization methodologies such as Security Prioritization Framework (SPF).

Internet