Security GRC Program Lead

2 weeks ago

London, Greater London, United Kingdom Meta Full time £80,000 - £120,000 per year
Meta is seeking a highly skilled Security GRC Program Lead to join our Risk Organization's Governance, Risk, and Compliance (GRC) pillar. This role is pivotal in providing second-line oversight of Meta's security risk management and compliance across multiple business units, regulatory entities, and governance forums. As a senior individual contributor, you will drive strategic risk initiatives, proactively identify and solve complex, ambiguous problems, and set a compelling vision for the team and organization. You will be expected to influence outcomes at the highest levels, build strong networks, and champion innovation and best practices in risk management.

This role operates within and in support of Meta's unified Security Governance, Risk, and Compliance program. You will align your work with Meta's canonical security framework and three strategic principles: protecting against top security risks, maturing core security capabilities at scale, and enabling the company to move fast securely.

This position offers the opportunity to shape Meta's security risk posture, collaborate with leaders across Security, Product, Engineering, and Legal, and deliver meaningful impact on Meta's ability to meet global regulatory requirements and business objectives. You will operate with significant autonomy, regularly leading cross-functional initiatives and driving company-wide impact through thought leadership and strategic execution.

Responsibilities
  • Lead and deliver on deeply complex, high-impact projects that shape Meta's risk profile and business trajectory.
  • Proactively identify long-term, critical, and ambiguous problems, setting a clear vision and strategy for risk management in alignment with company goals.
  • Partner with Central Security teams to analyze, streamline, and consolidate issues and risks from all sources (1LoD, 2LoD, 3LoD, external) into a clear, prioritized list for first-line-of-defense consumption and actioning.
  • Integrate security risk management with Meta's Security Prioritization Framework (SPF) and contribute to capability maturity assessments to drive risk-based prioritization across the organization.
  • Define and maintain clear interfaces and points of contact with the Security organization and other key partners, ensuring efficient governance and communication.
  • Prepare regular updates and compliance documents to ensure Meta meets board and regulatory obligations, adapting processes and strategies to evolving regulatory and business environments.
  • Drive cross-org execution, collaborating with Risk, Security, Legal, Product, and Engineering functions to deliver results and maximize impact.
  • Champion organizational efforts to build and sustain diversity, culture, recruitment, onboarding, mentoring, and development programs, serving as a role model and mentor for others.
  • Integrate learnings and best practices from/to sister 2LoD organizations (e.g., Integrity GRC, Privacy GRC), and partner with Product & Engineering teams on necessary second-line-of-defense tooling within the unified GRC framework.
Minimum Qualifications
  • Significant experience as a leader and contributor in security risk management and compliance, including providing second-line oversight
  • Strong track record of operating effectively and influencing outcomes with Engineering, Product, GRC, and Legal partners
  • Extensive experience with Governance, Risk, and Compliance (GRC) and Legal functions
  • Deep expertise in security, with the ability to holistically understand relevant issues, partners, and products, and go deep on technical details
  • Proven ability to identify critical issues, balance competing priorities, translate technical and regulatory concepts for diverse audiences, and personally drive initiatives to completion
  • In-depth knowledge of complex global regulatory requirements (e.g., GDPR, SEC, PCI-DSS, NYDFS)
  • Demonstrated ability to build strong formal and informal networks with key influencers and decision makers inside and outside the company
  • Experience working in integrated privacy-security environments or familiarity with unified GRC frameworks across multiple risk domains
Preferred Qualifications
  • Advanced degree in a relevant field
  • Experience integrating best practices from other GRC domains (Integrity, Privacy)
  • Recognized as a thought leader in risk management, with experience influencing external stakeholders and policies
  • Experience working in a fast-paced tech environment
  • Proven ability to operate hands-on across orgs and functions
  • Understanding of Meta's canonical security framework and experience with risk-based prioritization methodologies such as Security Prioritization Framework (SPF)

  • Information Security Specialist: GRC

    2 weeks ago

    London, Greater London, United Kingdom UK National Audit Office Full time £68,000 - £80,000 per year

    • Role: Information Security Specialist: GRC• Type of contract: Full Time, permanent• Location: Hybrid working. On-site, London or Newcastle, minimum 2 days pw• Salary: London c£68,000 Newcastle c£59,000 plus Civil Service employer pension contribution of 28.9%Please note, we are not able to sponsor work visas or accept temporary visas as we are...

  • Security GRC Lead EMEA

    4 days ago

    London, Greater London, United Kingdom Flowdesk Full time £80,000 - £120,000 per year

    Flowdesk's mission is to build a global financial institution for digital assets, one designed from the ground up for market integrity and efficiency.To achieve this in a rapidly evolving market, we apply a disciplined, first-principles approach to everything we do. This approach is embedded in our core services, from institutional liquidity provision,...

  • Information Security GRC Analyst

    2 weeks ago

    London, Greater London, United Kingdom British Heart Foundation Full time £60,000 - £80,000 per year

    Are you an Information Security expert looking to work for one of the UK's largest charities? British Heart Foundation (BHF) is undergoing a digital transformation and seeking an Information Security Manager to oversee Governance, Risk, and Compliance (GRC) within the security team and ensure regulatory and policy compliance. Joining a dynamic and growing...

  • Head of Information Security GRC

    2 days ago

    London, Greater London, United Kingdom Trainline Full time £50,000 - £120,000 per year

    About usWe are champions of rail, inspired to build a greener, more sustainable future of travel. Trainline enables millions of travellers to find and book the best value tickets across carriers, fares, and journey options through our highly rated mobile app, website, and B2B partner channels. Great journeys start with Trainline  Now Europe's number 1...

  • GRC Analyst

    4 days ago

    London, Greater London, United Kingdom Maxwell Bond Full time £50,000 - £57,000 per year

    GRC Analyst – Cybersecurity ConsultancyLocation: Remote UK (Occasional Office Visits)Salary:£50,000-£57,000 + BenefitsOverviewWe're representing a highly accredited UKcybersecurity consultancythat is seeking aGRC Analystto join its growing governance, risk, and compliance team.This role offers the opportunity to work across a diverse portfolio of...

  • Principal GRC Engineer

    1 week ago

    London, Greater London, United Kingdom AI Security Institute Full time £65,000 - £145,000 per year

    About The AI Security InstituteThe AI Security Institute is the world's largest and best-funded team dedicated to understanding advanced AI risks and translating that knowledge into action. We're in the heart of the UK government with direct lines to No. 10 (the Prime Minister's office), and we work with frontier developers and governments globally.We're...

  • Principal GRC Engineer

    1 week ago

    London, Greater London, United Kingdom AI Security Institute Full time £100,000 - £150,000 per year

    About The AI Security InstituteThe AI Security Institute is the world's largest and best-funded team dedicated to understanding advanced AI risks and translating that knowledge into action. We're in the heart of the UK government with direct lines to No. 10, and we work with frontier developers and governments globally.We're here because governments are...

  • Principal GRC Engineer

    7 days ago

    London, Greater London, United Kingdom AI Security Institute Full time £65,000 - £145,000 per year

    About the AI Security InstituteThe AI Security Institute is the world's largest and best-funded team dedicated to understanding advanced AI risks and translating that knowledge into action. We're in the heart of the UK government with direct lines to No. 10 (the Prime Minister's office), and we work with frontier developers and governments globally.We're...

  • GRC & Client Assurance Specialist

    4 days ago

    London, Greater London, United Kingdom beqom Full time £60,000 - £100,000 per year

    Join beqom - where tech meets impactbeqom is a high-growth B2B SaaS company that provides industry-leading tools for pay equity and transparency, compensation, and performance management.Trusted by some of the world's most respected companies, beqom enables HR and business leaders to navigate global compliance and make smarter pay decisions that attract,...

  • Program Director

    6 days ago

    London, Greater London, United Kingdom Leap29 Full time £80,000 - £120,000 per year

    Job DescriptionProgramme Director – Data Security (Banking & Finance)Location: London / NorthwestProject: 12 months Inside IR35About the Role:We are looking for a highly skilled Programme Manager with a strong background in banking and finance, specializing in Data Security. This is a fantastic opportunity to lead large-scale projects within a dynamic...