Director, Product Risk and Compliance

What you'll be doing

• Lead three teams — privacy compliance, safety and revenue compliance, and security GRC — bringing them under a unified operating philosophy and setting clear direction on priorities, maturity targets, and program development
• Partner with product and engineering teams to identify and navigate compliance obligations and build sustainable controls — providing substantive guidance on privacy, safety, and security requirements
• Own Discord's product risk registers across privacy, safety, and security — identifying and tracking risks, driving consistent risk scoring, and leading remediation and gap-closing efforts in partnership with the business
• Build and maintain a control library and compliance maturity framework that gives us a clear picture of where we are and where we need to go — and helps us get there in a prioritized way
• Produce risk and compliance reporting calibrated to different audiences inside the company, from team leads to senior leadership, feeding into Discord's broader enterprise risk processes
• Lay the foundation for audits and potential certifications (SOC 2, ISO 27001, and others as they arise)
• Work cross-functionally across Product, Engineering, Security, Policy, and Trust & Safety to make sure compliance considerations are integrated into planning processes and how we build our product
• Serve as a credible, trusted voice on product risk and compliance at every level of the company — able to walk into a room with senior leadership and make the case for what matters, what doesn't, and what realistic progress looks like

What you should have

• 12+ years of experience in compliance, risk management, or a related field, with demonstrated experience leading compliance functions across multiple subject matter areas — not just running a single-subject program
• Breadth across at least two of our core domains: privacy (GDPR, CCPA, and global privacy frameworks), online safety and content regulation (DSA, COPPA, children's safety laws), or security compliance (SOC 2, ISO 27001, NIST CSF)
• Experience owning risk registers, building and maintaining control libraries, setting maturity targets, and producing risk reporting for different audiences
• Experience managing teams across multiple compliance disciplines, with the people management and prioritization skills to lead a function of seven or more people across three distinct areas
• Strong executive communication skills — able to represent our risk and compliance posture clearly and credibly to senior leadership, make realistic tradeoffs out loud, and bring stakeholders along without overpromising
• A real point of view on how compliance programs should be built and run, and the ability to adapt that philosophy to Discord's stage, culture, and risk profile
• Comfort operating in a fast-moving environment with incomplete information — this person cannot be paralyzed waiting for certainty

Bonus Points

• Experience at a consumer-facing technology platform with significant regulatory complexity and scale
• Direct experience building or maturing a compliance program from an early stage, including selecting and implementing GRC tooling and moving from manual to automated compliance processes
• Familiarity with AI governance frameworks (EU AI Act, ISO 42001) and payments compliance
• JD or legal background
• Experience in gaming, social platforms, or communications technology