Lead and scale the GRC program across SOC, PCI, HIPAA, and ISO frameworks. Own audit relationships, vendor risk management, policy development, and team building while partnering with Legal, Security, and business stakeholders.
200k – 275k/yr
On-site8+ YOELegal
About the role
Key Responsibilities
Own and lead the company's GRC program, setting strategic direction across frameworks including SOC 1, SOC 2, PCI, HITRUST, and HIPAA
Serve as the primary owner of audit relationships, overseeing planning, evidence collection, documentation, and auditor communications
Define and enforce compliance roadmaps, ensuring cross-functional alignment and accountability on regulatory requirements
Attract top-tier talent to scale the GRC team, providing mentorship, setting priorities, and managing team performance
Oversee the vendor risk management program, including third-party due diligence, risk tiering, and escalation of critical findings
Lead reviews of vendor and client security questionnaires (DDQs) in partnership with Security Engineering, with final sign-off authority
Own the security and compliance policy framework — driving creation, review cycles, and organization-wide adoption
Partner with Legal and Security leadership on security-related contractual obligations, including review and negotiation of security addenda
Requirements
8+ years of experience in Governance, Risk, and Compliance, Information Security, or a related field, with at least 3 years in a leadership or program ownership role
Deep expertise across compliance frameworks including SOC1, SOC 2, PCI, HIPAA, and ISO certifications
Proven track record managing audit programs end-to-end, including direct relationships with external auditors
Experience building or scaling a GRC function, including team hiring and development
Strong understanding of vendor risk management, third-party due diligence, and risk-based decision-making
Ability to translate complex compliance and risk topics for executive and board-level audiences
Excellent cross-functional influencing skills — comfortable working with Legal, Engineering, and business leadership
Willingness to work in person at our office 4-5 days a week
Benefits
Equity in the company
Medical, Dental and Vision premiums covered at 100%
Fully paid parental leave
Commuter benefits
401k benefits
Fitness & home services stipend
Collaborative in-office environment with an open floor plan, fully stocked kitchen, and all meals covered in the office
Unlimited vacation and paid holidays
Relocation packages covered
Skills
Soc 1SOC 2PCIHIPAAHitrustIso CertificationsVendor Risk ManagementThird-Party Due DiligenceAudit ManagementCompliance Frameworks
The Director, AML/BSA Compliance will lead and enhance Current's Anti-Money Laundering and Bank Secrecy Act compliance program. This role involves overseeing policies, procedures, internal controls, and a team of subject matter experts, while advising leadership on regulatory requirements and new product development.
200k – 260k/yr
On-site10+ YOELegal
Director, Financial Crimes Compliance
UpstartUnited States
Lead and scale Upstart’s enterprise BSA/AML/OFAC compliance program, overseeing risk assessments, KYC/CDD/EDD frameworks, regulatory exams, and board reporting for consumer deposit and lending products.
201k – 279k/yr
Remote10+ YOELegal
Director, Compliance & Control Oversight - Growth
UpstartUnited States
Leads first-line compliance and controls for Upstart’s growth engine, overseeing acquisition channels, marketing programs, partner relationships, and product launches for regulatory and fair lending risk. Requires 7+ years in consumer lending compliance with deep knowledge of UDAAP, Reg B, CAN-SPAM, and TCPA.
201k – 279k/yr
Remote7+ YOELegal
Director, Legal Counsel, Corporate & Securities
CrusoeDenver, CO
Provides legal support for capital markets transactions, corporate governance, board support, and securities compliance. Requires JD, state bar membership, and 4-7 years of corporate/securities experience at a top-tier law firm.
204k – 255k/yr
On-site4+ YOELegal
Head of Legal Operations
BasetenSan Francisco, CA +1
Baseten is seeking a Head of Legal Operations to build and scale their legal function. This senior role involves owning legal systems, driving legal technology and AI strategy, and managing operations to support a high-growth technology company.