Director of Governance, Risk, and Compliance
200k – 275kNew York, NYSan Francisco, CALegalOnsite8+ YOE
Summary
Lead and scale the GRC program across SOC, PCI, HIPAA, and ISO frameworks. Own audit relationships, vendor risk management, policy development, and team building while partnering with Legal, Security, and business stakeholders.
About the role
Key Responsibilities
- Own and lead the company's GRC program, setting strategic direction across frameworks including SOC 1, SOC 2, PCI, HITRUST, and HIPAA
- Serve as the primary owner of audit relationships, overseeing planning, evidence collection, documentation, and auditor communications
- Define and enforce compliance roadmaps, ensuring cross-functional alignment and accountability on regulatory requirements
- Attract top-tier talent to scale the GRC team, providing mentorship, setting priorities, and managing team performance
- Oversee the vendor risk management program, including third-party due diligence, risk tiering, and escalation of critical findings
- Lead reviews of vendor and client security questionnaires (DDQs) in partnership with Security Engineering, with final sign-off authority
- Own the security and compliance policy framework — driving creation, review cycles, and organization-wide adoption
- Partner with Legal and Security leadership on security-related contractual obligations, including review and negotiation of security addenda
Requirements
- 8+ years of experience in Governance, Risk, and Compliance, Information Security, or a related field, with at least 3 years in a leadership or program ownership role
- Deep expertise across compliance frameworks including SOC1, SOC 2, PCI, HIPAA, and ISO certifications
- Proven track record managing audit programs end-to-end, including direct relationships with external auditors
- Experience building or scaling a GRC function, including team hiring and development
- Strong understanding of vendor risk management, third-party due diligence, and risk-based decision-making
- Ability to translate complex compliance and risk topics for executive and board-level audiences
- Excellent cross-functional influencing skills — comfortable working with Legal, Engineering, and business leadership
- Willingness to work in person at our office 4-5 days a week
Benefits
- Equity in the company
- Medical, Dental and Vision premiums covered at 100%
- Fully paid parental leave
- Commuter benefits
- 401k benefits
- Fitness & home services stipend
- Collaborative in-office environment with an open floor plan, fully stocked kitchen, and all meals covered in the office
- Unlimited vacation and paid holidays
- Relocation packages covered
Skills
SOC 1SOC 2PCIHIPAAHITRUSTISO certificationsVendor risk managementThird-party due diligenceAudit managementCompliance frameworks
Similar roles at this salary range
All Legal jobs →Head of Legal & Compliance
Lead Check's legal and compliance function as a strategic partner on the Leadership Team. Manage a small team, drive commercial deals, own regulatory relationships, and support board and corporate matters for a fast-growing fintech.
217k – 281kNew York, NY +1LegalRemote6+ YOELegalFintech
Senior Regulatory & Policy Counsel
Senior legal counsel advising on AI, data privacy, and background screening regulations. Partners with Product, Engineering, and policymakers to translate complex laws into compliance guidance and drive advocacy efforts.
229k – 269kSan Francisco, CALegalHybrid8+ YOEFCRAAI policy