Skip to content
FigmaFigmaSan Francisco, CA

Governance Risk and Compliance

Lead compliance, risk management, governance, and customer trust programs across security frameworks including SOC 2, ISO 27001, FedRAMP, and SOX. Requires 4+ years in information security or compliance with audit and cross-functional experience.

153k – 296k/yr
Remote4+ YOEOther

About the role

Compliance Management

  • Lead compliance and certification programs across security and regulatory frameworks
  • Manage audit cycles, partner with external assessors, and drive audit readiness initiatives
  • Improve controls, processes, and evidence management practices across the organization

Security Risk Management

  • Build and maintain risk and controls frameworks that support Figma's security posture
  • Assess, prioritize, and communicate security risks across the business
  • Develop third-party risk management strategies and enterprise risk reporting programs

Policy & Governance

  • Manage the lifecycle of organizational security policies, standards, and procedures
  • Drive policy awareness and stakeholder engagement across the company
  • Ensure governance practices align with regulatory requirements and business objectives

GRC Platforms & Enablement

  • Select, implement, and optimize GRC platforms and supporting workflows
  • Scale evidence collection, reporting, and program management capabilities
  • Identify opportunities to automate and streamline GRC operations

Customer Trust

  • Support customer trust and business enablement activities across the sales lifecycle
  • Manage security knowledge bases, customer-facing documentation, and trust publications
  • Respond to customer security inquiries, audits, and questionnaires

What you'll do at Figma

  • Lead compliance programs across frameworks such as SOC 2, ISO 27001, FedRAMP, SOX ITGC, GDPR, and NIS2
  • Manage external audits and certification activities while partnering with auditors and assessors
  • Build and maintain risk and controls frameworks, including common control frameworks that support multiple certifications
  • Conduct risk and gap assessments and drive remediation efforts across technical and business stakeholders
  • Improve control effectiveness and operational efficiency through rationalization and process optimization
  • Implement and optimize GRC platforms that scale evidence collection and program management
  • Maintain security policies and governance processes that align with organizational risk objectives
  • Support customer trust initiatives, including security questionnaires, audits, and customer-facing security communications

We'd love to hear from you if you have

  • 4+ years of experience in information security, compliance, risk management, or a related field
  • Hands-on experience supporting security and compliance frameworks such as SOC 2, ISO 27001, FedRAMP, PCI-DSS, or SOX ITGC
  • Experience leading or supporting audits and partnering with external assessors
  • Demonstrated ability to conduct assessments, drive remediation efforts, and manage cross-functional initiatives
  • Exceptional written and verbal communication skills across technical, business, and executive audiences
  • Demonstrated ability to improve processes, manage competing priorities, and build strong cross-functional partnerships

Nice to have

  • Operated in a public company environment with SOX ITGC requirements
  • Supported FedRAMP authorization, SSP development, 3PAO coordination, or continuous monitoring activities
  • Earned security or risk certifications such as CISA, CISSP, CISM, or CRISC
  • Implemented or administered GRC platforms such as Vanta, Drata, or similar tools
  • Scaled security, compliance, or risk programs in a high-growth environment

Skills

SOC 2ISO 27001FedRAMPPci-DssSox ItgcGDPRNis2Grc PlatformsVantaDrataCisaCisspCismCrisc

Similar roles

Parafin

Compliance Manager

ParafinSan Francisco, CA

Compliance Manager advising on information security, data sharing, vendor oversight, and regulatory matters for funding, lending, and card products. Lead remediation, build policies, and partner cross-functionally at a Series C fintech serving small businesses.

155k – 170k/yr
Hybrid3+ YOEOther
Astera

Residency Manager

AsteraEmeryville, CA

Own end-to-end operations for Astera's fully-funded research Residency program, serving as primary point of contact for residents while managing selection, onboarding, needs anticipation, and scaling processes in a fast-moving early-stage environment. Requires 5-10 years operations or program management experience, exceptional organization, and cultural alignment with ambitious science and technology goals.

150k – 250k/yr
On-site5+ YOEOther
Fluidstack

Site Manager, Datacenter Operations

FluidstackBuffalo, NY

Lead and scale operations teams of 10+ across multiple datacenter facilities. Own 24x7 uptime, reliability, and SLA performance while managing infrastructure lifecycle, team development, and cross-functional coordination.

150k – 200k/yr
On-site5+ YOEOther
Cardless

Payment Operations Manager

CardlessSan Francisco, CA

Manages and scales payment operations infrastructure for credit card programs, handling processors, banks, networks, and automations. Requires 5+ years in payments, strong SQL, and experience with reconciliation and card lifecycles.

150k – 180k/yr
On-site5+ YOEOther
Rokt

AI Systems Specialist

RoktNew York, NY

Support and improve core business/finance systems (incl. NetSuite) while driving AI and automation adoption. Partner with Finance, Security, and People teams on workflows, documentation, and integrations. Ideal for someone with 3-5 years in systems or consulting who is technically curious.

157k – 214k/yr
On-site3+ YOEOther