Governance Risk and Compliance

Compliance Management

• Lead compliance and certification programs across security and regulatory frameworks
• Manage audit cycles, partner with external assessors, and drive audit readiness initiatives
• Improve controls, processes, and evidence management practices across the organization

Security Risk Management

• Build and maintain risk and controls frameworks that support Figma's security posture
• Assess, prioritize, and communicate security risks across the business
• Develop third-party risk management strategies and enterprise risk reporting programs

Policy & Governance

• Manage the lifecycle of organizational security policies, standards, and procedures
• Drive policy awareness and stakeholder engagement across the company
• Ensure governance practices align with regulatory requirements and business objectives

GRC Platforms & Enablement

• Select, implement, and optimize GRC platforms and supporting workflows
• Scale evidence collection, reporting, and program management capabilities
• Identify opportunities to automate and streamline GRC operations

Customer Trust

• Support customer trust and business enablement activities across the sales lifecycle
• Manage security knowledge bases, customer-facing documentation, and trust publications
• Respond to customer security inquiries, audits, and questionnaires

What you'll do at Figma

• Lead compliance programs across frameworks such as SOC 2, ISO 27001, FedRAMP, SOX ITGC, GDPR, and NIS2
• Manage external audits and certification activities while partnering with auditors and assessors
• Build and maintain risk and controls frameworks, including common control frameworks that support multiple certifications
• Conduct risk and gap assessments and drive remediation efforts across technical and business stakeholders
• Improve control effectiveness and operational efficiency through rationalization and process optimization
• Implement and optimize GRC platforms that scale evidence collection and program management
• Maintain security policies and governance processes that align with organizational risk objectives
• Support customer trust initiatives, including security questionnaires, audits, and customer-facing security communications

We'd love to hear from you if you have

• 4+ years of experience in information security, compliance, risk management, or a related field
• Hands-on experience supporting security and compliance frameworks such as SOC 2, ISO 27001, FedRAMP, PCI-DSS, or SOX ITGC
• Experience leading or supporting audits and partnering with external assessors
• Demonstrated ability to conduct assessments, drive remediation efforts, and manage cross-functional initiatives
• Exceptional written and verbal communication skills across technical, business, and executive audiences
• Demonstrated ability to improve processes, manage competing priorities, and build strong cross-functional partnerships

Nice to have

• Operated in a public company environment with SOX ITGC requirements
• Supported FedRAMP authorization, SSP development, 3PAO coordination, or continuous monitoring activities
• Earned security or risk certifications such as CISA, CISSP, CISM, or CRISC
• Implemented or administered GRC platforms such as Vanta, Drata, or similar tools
• Scaled security, compliance, or risk programs in a high-growth environment