# Governance Risk and Compliance

**Company:** [Figma](https://hotfix.jobs/companies/figma)
**Location:** Remote
**Role:** Other
**Salary:** $153k – $296k/yr
**Experience:** 4+ years
**Skills:** SOC 2, ISO 27001, FedRAMP, Pci-Dss, Sox Itgc, GDPR, Nis2, Grc Platforms, Vanta, Drata, Cisa, Cissp, Cism, Crisc
**Posted:** 2026-06-06

> Lead compliance, risk management, governance, and customer trust programs across security frameworks including SOC 2, ISO 27001, FedRAMP, and SOX. Requires 4+ years in information security or compliance with audit and cross-functional experience.

## Job Description

## Compliance Management
- Lead compliance and certification programs across security and regulatory frameworks
- Manage audit cycles, partner with external assessors, and drive audit readiness initiatives
- Improve controls, processes, and evidence management practices across the organization

## Security Risk Management
- Build and maintain risk and controls frameworks that support Figma's security posture
- Assess, prioritize, and communicate security risks across the business
- Develop third-party risk management strategies and enterprise risk reporting programs

## Policy & Governance
- Manage the lifecycle of organizational security policies, standards, and procedures
- Drive policy awareness and stakeholder engagement across the company
- Ensure governance practices align with regulatory requirements and business objectives

## GRC Platforms & Enablement
- Select, implement, and optimize GRC platforms and supporting workflows
- Scale evidence collection, reporting, and program management capabilities
- Identify opportunities to automate and streamline GRC operations

## Customer Trust
- Support customer trust and business enablement activities across the sales lifecycle
- Manage security knowledge bases, customer-facing documentation, and trust publications
- Respond to customer security inquiries, audits, and questionnaires

## What you'll do at Figma
- Lead compliance programs across frameworks such as SOC 2, ISO 27001, FedRAMP, SOX ITGC, GDPR, and NIS2
- Manage external audits and certification activities while partnering with auditors and assessors
- Build and maintain risk and controls frameworks, including common control frameworks that support multiple certifications
- Conduct risk and gap assessments and drive remediation efforts across technical and business stakeholders
- Improve control effectiveness and operational efficiency through rationalization and process optimization
- Implement and optimize GRC platforms that scale evidence collection and program management
- Maintain security policies and governance processes that align with organizational risk objectives
- Support customer trust initiatives, including security questionnaires, audits, and customer-facing security communications

## We'd love to hear from you if you have
- 4+ years of experience in information security, compliance, risk management, or a related field
- Hands-on experience supporting security and compliance frameworks such as SOC 2, ISO 27001, FedRAMP, PCI-DSS, or SOX ITGC
- Experience leading or supporting audits and partnering with external assessors
- Demonstrated ability to conduct assessments, drive remediation efforts, and manage cross-functional initiatives
- Exceptional written and verbal communication skills across technical, business, and executive audiences
- Demonstrated ability to improve processes, manage competing priorities, and build strong cross-functional partnerships

## Nice to have
- Operated in a public company environment with SOX ITGC requirements
- Supported FedRAMP authorization, SSP development, 3PAO coordination, or continuous monitoring activities
- Earned security or risk certifications such as CISA, CISSP, CISM, or CRISC
- Implemented or administered GRC platforms such as Vanta, Drata, or similar tools
- Scaled security, compliance, or risk programs in a high-growth environment

## Similar roles

- [Compliance Manager](https://hotfix.jobs/jobs/f7879e05-5904-4a76-937b-5476e9ffdab5) - Parafin - San Francisco, CA - $155k – $170k/yr
- [Residency Manager](https://hotfix.jobs/jobs/72c745f7-712d-4f5b-83a3-d713b22bfbad) - Astera - Emeryville, CA - $150k – $250k/yr
- [Site Manager, Datacenter Operations](https://hotfix.jobs/jobs/459ea64b-9c03-4f29-9f95-d6e770dc3378) - Fluidstack - Buffalo, NY - $150k – $200k/yr
- [Payment Operations Manager](https://hotfix.jobs/jobs/9d0613b8-149f-49d8-8390-a66b3637f6ec) - Cardless - San Francisco, CA - $150k – $180k/yr
- [AI Systems Specialist](https://hotfix.jobs/jobs/fd693faf-fb94-4c6f-9ded-71b97ba88b7a) - Rokt - New York, NY - $157k – $214k/yr

**Apply:** https://hotfix.jobs/jobs/31b35d45-3980-46db-a695-25a28cfaf364
**Canonical:** https://hotfix.jobs/jobs/31b35d45-3980-46db-a695-25a28cfaf364