Description

You will define, develop, and implement a Governance, Risk and Compliance (GRC) framework for both enterprise and product verticals at Mozilla, aligning security, privacy, regulatory, and risk management initiatives. You'll lead governance, risk management, and compliance efforts, partnering with cross-functional teams to ensure data-driven decision-making and adherence to standards like ISO, NIST, SOC2, CCPA, and GDPR.

Requirements

• 10+ years of progressive experience developing and delivering an integrated GRC framework
• Strong understanding of regulatory frameworks, processes, and tools for building robust GRC frameworks
• Experience leading cross-functional requirements to implement controls for compliance
• Relevant certifications (CISA, CISSP, CISM, CRISC) preferred
• Hands-on experience with SIEM, BI tools, and root cause analysis

Responsibilities

• Develop and maintain a comprehensive GRC strategy and roadmap aligned with business objectives
• Lead creation and enforcement of standards, policies, controls, audits, and reporting across enterprise and product verticals
• Develop and operationalize a risk assessment and management framework for periodic prioritization and remediation
• Ensure compliance with regulatory standards (ISO, NIST, SOC2, CCPA, GDPR) and lead internal/external audits
• Define requirements and reporting for data lifecycle management across enterprise and product domains