Home Jobs Governance Risk and Compliance

Governance Risk and Compliance

Full-Time GREENHOUSE
Figma  ·  San Francisco, CA • New York, NY • United States
Job TypeFull-Time
LocationSan Francisco, CA • New York, NY • United States
Posted6 days ago
Apply Now Redirect to Company Website
Job Description
<div class="content-intro"><p>Figma is growing our team of passionate creatives and builders on a mission to make design accessible to all. Figma’s platform helps teams bring ideas to life—whether you're brainstorming, creating a prototype, translating designs into code, or iterating with AI. From idea to product, Figma empowers teams to streamline workflows, move faster, and work together in real time from anywhere in the world. If you're excited to shape the future of design and collaboration, join us!</p></div><p class="font-claude-response-body break-words whitespace-normal leading-[1.7]">Figma's GRC team helps build and maintain trust with our users, regulators, business partners, and the organizations that rely on Figma every day. We partner across the company to strengthen security, manage risk, maintain compliance, and scale the programs that support our continued growth.</p>
<p class="font-claude-response-body break-words whitespace-normal leading-[1.7]">We're growing our team and looking for security, risk, and compliance professionals across several disciplines. Whether your expertise is in compliance, risk management, governance, GRC tooling, or customer trust, you'll have the opportunity to build programs, improve processes, and help shape how Figma scales security and trust.</p>
<p class="font-claude-response-body break-words whitespace-normal leading-[1.7]">Roles we hire for on this team:</p>
<ul>
<li><strong>Compliance Management</strong>
<ul>
<li>Lead compliance and certification programs across security and regulatory frameworks</li>
<li>Manage audit cycles, partner with external assessors, and drive audit readiness initiatives</li>
<li>Improve controls, processes, and evidence management practices across the organization</li>
</ul>
</li>
<li><strong>Security Risk Management</strong>
<ul>
<li>Build and maintain risk and controls frameworks that support Figma's security posture</li>
<li>Assess, prioritize, and communicate security risks across the business</li>
<li>Develop third-party risk management strategies and enterprise risk reporting programs</li>
</ul>
</li>
<li><strong>Policy & Governance</strong>
<ul>
<li>Manage the lifecycle of organizational security policies, standards, and procedures</li>
<li>Drive policy awareness and stakeholder engagement across the company</li>
<li>Ensure governance practices align with regulatory requirements and business objectives</li>
</ul>
</li>
<li><strong>GRC Platforms & Enablement</strong>
<ul>
<li>Select, implement, and optimize GRC platforms and supporting workflows</li>
<li>Scale evidence collection, reporting, and program management capabilities</li>
<li>Identify opportunities to automate and streamline GRC operations</li>
</ul>
</li>
<li><strong>Customer Trust</strong>
<ul>
<li>Support customer trust and business enablement activities across the sales lifecycle</li>
<li>Manage security knowledge bases, customer-facing documentation, and trust publications</li>
<li>Respond to customer security inquiries, audits, and questionnaires</li>
</ul>
</li>
</ul>
<p>This is a full time role that can be held from one of our US hubs or remotely in the United States. </p>
<h4 class="font-claude-response-body break-words whitespace-normal leading-[1.7]"><strong>What you'll do at Figma:</strong></h4>
<ul class="[li_&]:mb-0 [li_&]:mt-1 [li_&]:gap-1 [&:not(:last-child)_ul]:pb-1 [&:not(:last-child)_ol]:pb-1 list-disc flex flex-col gap-1 pl-8 mb-3">
<li class="font-claude-response-body whitespace-normal break-words pl-2">Lead compliance programs across frameworks such as SOC 2, ISO 27001, FedRAMP, SOX ITGC, GDPR, and NIS2</li>
<li class="font-claude-response-body whitespace-normal break-words pl-2">Manage external audits and certification activities while partnering with auditors and assessors</li>
<li class="font-claude-response-body whitespace-normal break-words pl-2">Build and maintain risk and controls frameworks, including common control frameworks that support multiple certifications</li>
<li class="font-claude-response-body whitespace-normal break-words pl-2">Conduct risk and gap assessments and drive remediation efforts across technical and business stakeholders</li>
<li class="font-claude-response-body whitespace-normal break-words pl-2">Improve control effectiveness and operational efficiency through rationalization and process optimization</li>
<li class="font-claude-response-body whitespace-normal break-words pl-2">Implement and optimize GRC platforms that scale evidence collection and program management</li>
<li class="font-claude-response-body whitespace-normal break-words pl-2">Maintain security policies and governance processes that align with organizational risk objectives</li>
<li class="font-claude-response-body whitespace-normal break-words pl-2">Support customer trust initiatives, including security questionnaires, audits, and customer-facing security communications</li>
</ul>
<p><strong>We’d love to hear from you if you have:</strong></p>
<ul class="[li_&]:mb-0 [li_&]:mt-1 [li_&]:gap-1 [&:not(:last-child)_ul]:pb-1 [&:not(:last-child)_ol]:pb-1 list-disc flex flex-col gap-1 pl-8 mb-3">
<li class="font-claude-response-body whitespace-normal break-words pl-2">4+ years of experience in information security, compliance, risk management, or a related field</li>
<li class="font-claude-response-body whitespace-normal break-words pl-2">Hands-on experience supporting security and compliance frameworks such as SOC 2, ISO 27001, FedRAMP, PCI-DSS, or SOX ITGC</li>
<li class="font-claude-response-body whitespace-normal break-words pl-2">Experience leading or supporting audits and partnering with external assessors</li>
<li class="font-claude-response-body whitespace-normal break-words pl-2">Demonstrated ability to conduct assessments, drive remediation efforts, and manage cross-functional initiatives</li>
<li class="font-claude-response-body whitespace-normal break-words pl-2">Exceptional written and verbal communication skills across technical, business, and executive audiences</li>
<li class="font-claude-response-body whitespace-normal break-words pl-2">Demonstrated ability to improve processes, manage competing priorities, and build strong cross-functional partnerships</li>
</ul>
<p><strong>While it’s not required, it’s an added plus if you also have:</strong></p>
<ul class="[li_&]:mb-0 [li_&]:mt-1 [li_&]:gap-1 [&:not(:last-child)_ul]:pb-1 [&:not(:last-child)_ol]:pb-1 list-disc flex flex-col gap-1 pl-8 mb-3">
<li class="font-claude-response-body whitespace-normal break-words pl-2">Operated in a public company environment with SOX ITGC requirements</li>
<li class="font-claude-response-body whitespace-normal break-words pl-2">Supported FedRAMP authorization, SSP development, 3PAO coordination, or continuous monitoring activities</li>
<li class="font-claude-res
Post a Job on HiringYes — Reach 10,000+ Candidates Get Started →
More Jobs You May Like
Senior Platform Manager, Defense Platform
Airbnb · United States · 2w ago
Future Opportunities: Retirement Client Relationsh
Gusto · Denver, CO, Chicago, · 2w ago
Full-stack Engineer (Python, TDD)
Talent Shore · South Africa · Today
Customer Success Manager (French speaking)
Stripe · London · 4w ago
Global Head of Specialist Solutions Architecture,
Stripe · London · Today
Associate IT Engineer
Casey’s · USA · 3d ago
Browse all jobs
Apply Now Redirect to Company Website
Job Overview
Job TypeFull-Time
LocationSan Francisco, CA • New York, NY • United States
PostedJun 06, 2026
CompanyFigma
Similar Jobs