Senior GRC Analyst
Serve Robotics
Director of Risk and Compliance
Mixbook
full-time
Posted on:
Origin: • 🇺🇸 United States
Visit company websiteJob Level
Lead
About the role
- Design, implement, and oversee a global risk and compliance program enabling Mixbook to scale responsibly while maintaining trust with customers, employees, vendors, and regulators.
- Establish and continuously evolve Mixbook’s enterprise-wide risk management framework across strategic, operational, technological, financial, reputational, and compliance categories.
- Develop, test, and maintain Business Continuity and Disaster Recovery (BC/DR) plans to sustain critical operations and recover from disruptions.
- Ensure global compliance strategy and execution, including data protection, privacy compliance programs, privacy impact assessments, and lawful processing across jurisdictions.
- Deliver clear and consistent risk reporting to the Executive Team and Board, including quarterly business reviews and proactive recommendations.
- Author and steward durable policies that enable teams to move fast without compromising compliance or security.
- Embed risk mitigation into day-to-day operations with clear ownership, documented controls, and auditable evidence.
- Lead audit and certification readiness (eg, SOC 2), manage privacy-related audits, regulatory inquiries, breach notifications, and remediation efforts.
- Partner cross-functionally with Legal, Security, People Ops, Finance, Data, Product, and Engineering to integrate privacy and risk into business decisions.
- Build a culture of risk awareness through education, self-assessments, enterprise-wide training, and proactive ownership.
Requirements
- 8+ years of progressive experience in risk management, compliance, internal audit, legal, or governance roles, preferably within fast-scaling or global organizations.
- 3 - 5 years in a senior leadership role with direct accountability for enterprise-wide risk or compliance programs, ideally reporting to or advising C-level executives or Boards.
- Deep understanding of risk management standards (eg, NIST, ISO 31000), SOC 2, internal audit, and enterprise risk frameworks.
- Comprehensive knowledge of global privacy laws (GDPR, CCPA, etc.), data governance frameworks, and privacy program management.
- Experience crafting globally applicable policies that stand up to audits and support business growth.
- Proven ability to build control environments with appropriate documentation, evidence, and accountability.
- Strong ability to translate technical risk language into executive-level business implications and decisions.
- Capable of aligning diverse stakeholders and establishing systems of accountability across departments.
- Skilled in leading initiatives end-to-end, from design through implementation and continuous improvement.
- Adept at managing across multiple regulatory regimes, cultural contexts, and partnership types (employees, contractors, vendors).
- Experience identifying high-risk issues early and facilitating coordinated responses and mitigation strategies.
- Hands-on experience leading complex audits and managing certification readiness (eg, SOC 2, GDPR, third-party risk assessments).
