Tech Stack

Description

You will define and implement a Governance, Risk and Compliance framework for both Enterprise and Product verticals at Mozilla, ensuring alignment with security, privacy, and regulatory initiatives. You'll lead audits, risk assessments, and cross-functional collaboration to protect the organization.

Requirements

• 10+ years of progressive experience in developing and delivering an integrated GRC framework
• Strong understanding of regulatory frameworks, processes, and tools for a robust GRC program
• Experience leading cross-functional requirements for implementing compliance controls
• Relevant industry certifications (CISA, CISSP, CISM, CRISC, etc.)
• Hands-on experience with technology tools (SIEM, BI tools)

Responsibilities

• Develop and maintain a comprehensive GRC strategy and roadmap aligned with business objectives
• Lead creation and enforcement of standards, policies, controls, audits, and reporting across enterprise and product verticals
• Develop and operationalize a risk assessment and management framework with periodic reviews and measurable scorecards
• Ensure compliance with regulatory standards (ISO, NIST, SOC2, CCPA, GDPR) and lead internal/external audit activities
• Define requirements and reporting for data lifecycle management across enterprise and product domains