Apply

Ready to go for it?

AI Apply speeds things up—apply directly if you prefer.

FREE ACCESS
5,000–10,000 jobs/day
JobTailor Logo

See all jobs on JobTailor

Search thousands of fresh jobs every day.

Discover
  • Fresh listings
  • Fast filters
  • No subscription required
Create a free account and start exploring right away.
Polymarket

Director, GRC & Privacy Security

Polymarket

Director of GRC & Privacy security building compliance programs for Polymarket in fintech. Leading risk management and governance across multiple jurisdictions with hands-on experience in SOC 2 and PCI-DSS.

Posted 6/18/2026full-timeNew York City • New York • 🇺🇸 United StatesLeadWebsite

Tech Stack

Tools & technologies
AWSCloudServiceNow

About the role

Key responsibilities & impact
  • Build and own the enterprise security risk management program — risk register, risk appetite framework, risk scoring methodology, and regular reporting to the CISO and executive leadership
  • Establish and maintain the security control framework, mapping controls to applicable standards (SOC 2 TSCs, PCI-DSS, CIS Controls) across all entities and subsidiaries
  • Drive security policy development and lifecycle management — authoring, reviewing, approving, and enforcing policies across the organization
  • Lead the company's security committee and governance forums, ensuring risk decisions are documented, escalated appropriately, and tracked to resolution
  • Own the end-to-end compliance program for SOC 2 Type II and PCI-DSS — scoping, control design, evidence collection, auditor management, and remediation tracking
  • Build continuous audit readiness rather than a point-in-time posture; automate compliance evidence collection where possible
  • Manage relationships with external auditors, certification bodies, and regulators; serve as the primary point of contact for audit engagements across all entities
  • Own the third-party risk management program — vendor security assessments, contractual security requirements, ongoing monitoring, and escalation of high-risk findings
  • Oversee the data privacy program in partnership with Legal, ensuring compliance with GDPR, CCPA, and applicable regulations across all jurisdictions where the company operates
  • Ensure privacy-by-design is embedded in the product development process and that data processing activities are documented, lawful, and consistent with stated privacy notices
  • Manage data subject rights obligations and privacy incident response, including breach notification requirements under applicable law

Requirements

What you’ll need
  • 8+ years of experience in GRC, information security compliance, or a related field, with 3+ years in a management or program leadership role
  • Deep, hands-on experience with SOC 2 Type II — you have managed or led multiple audit cycles and understand the TSCs, evidence requirements, and auditor dynamics from the inside
  • Strong working knowledge of PCI-DSS v4.0 and experience implementing or managing PCI compliance programs
  • Demonstrated experience managing compliance across multiple legal entities or subsidiaries with overlapping and distinct regulatory obligations
  • Experience building or significantly maturing a GRC program — not just maintaining one someone else built
  • Working knowledge of GDPR and CCPA and the operational requirements they impose on a data-handling business
  • Ability to communicate risk and compliance requirements clearly to technical teams, business stakeholders, and executive leadership
  • Experience managing external auditor relationships and serving as the primary organizational point of contact during audit engagements
  • (Plus) Experience in fintech, payments, cryptocurrency, or financial services — familiarity with money transmitter licensing or FinCEN obligations is a meaningful plus
  • (Plus) Professional certifications: CISM, CRISC, CISSP, CIPP/E, CIPP/US, or equivalent
  • (Plus) Exposure to ISO 27001, CIS, or NIST CSF as additional compliance frameworks
  • (Plus) Experience with GRC platforms (Vanta, Drata, Tugboat Logic, ServiceNow GRC, or equivalent)
  • (Plus) Familiarity with AWS cloud environments and how cloud-native architectures affect control design and evidence collection
  • (Plus) Prior experience standing up a GRC function in a high-growth, previously unstructured environment

Benefits

Comp & perks
  • Competitive salary & equity
  • Unlimited PTO
  • Full Health, Vision, & Dental coverage
  • 401k match
  • Hardware setup: new MacBook Pro, big display, & accessories

ATS Keywords

✓ Tailor your resume
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
GRCinformation security complianceSOC 2 Type IIPCI-DSS v4.0GDPRCCPArisk managementaudit readinessthird-party risk managementdata privacy
Soft Skills
communicationleadershiprelationship managementpolicy developmentrisk decision documentationproblem-solvingorganizational skillsstakeholder engagementescalation managementincident response
Certifications
CISMCRISCCISSPCIPP/ECIPP/USISO 27001CISNIST CSFfintech certificationspayments certifications