Description

You will define, develop, and implement a Governance, Risk and Compliance framework for both Enterprise and Product verticals at Mozilla. This role involves leading GRC strategy, risk assessments, and compliance with standards like ISO, NIST, SOC2, CCPA, and GDPR.

Requirements

• 10+ years of progressive experience in integrated GRC framework development and delivery
• Deep knowledge of regulatory frameworks, processes, and tools for GRC
• Experience leading cross-functional requirements for product and enterprise teams
• Relevant certifications (CISA, CISSP, CISM, CRISC, etc.)
• Ability to develop Root Cause Analysis (RCA) and remediation plans

Responsibilities

• Develop and maintain comprehensive GRC strategy and roadmap
• Create and enforce standards, policies, controls, audits, reporting across enterprise and product verticals
• Operationalize risk assessment and management framework with periodic reviews
• Ensure compliance with regulatory standards (ISO, NIST, SOC2, CCPA, GDPR) and lead audit activities
• Define requirements and reporting for data life cycle management across enterprise and product domains