Manager, Security Policy, Risk and Compliance
- Menlo Park, CA
Facebook's mission is to give people the power to build community and bring the world closer together. Through our family of apps and services, we're building a different kind of company that connects billions of people around the world, gives them ways to share what matters most to them, and helps bring people closer together. Whether we're creating new products or helping a small business expand its reach, people at Facebook are builders at heart. Our global teams are constantly iterating, solving problems, and working together to empower people around the world to build community and connect in meaningful ways. Together, we can help people build stronger communities - we're just getting started.
The Security Policy, Risk and Compliance Manager will be someone that has a passion for leading a team which evaluates Information Security risk to inform pragmatic policy, standards, and guidelines. This person will also be responsible for helping to design and iterate on security controls to address these risks in a way that helps empower and maintain Facebook's culture of rapid innovation. In this role, you will stay informed about the dynamic regulatory landscape, industry trends and internal operations, and will communicate and drive delivery of innovative solutions for compliance at scale. This position requires a mix of broad business and technical acumen with strong people-management skills, the ability to inspire and influence decisions around security risk management, and a polished ability to communicate with key executives, external regulators, and the public.
- Lead, build, retain, and develop a team of Information Security professionals that are passionate about identifying, assessing, and mitigating security risk while empowering Facebook's rapid innovation and growth.
- Support the team to develop and communicate policies, procedures, guidelines, and plans to internal stakeholders regarding security and risk management.
- Create robust, scalable programs to deliver policy and compliance objectives in product areas and general technical infrastructure.
- Design, implement, maintain, and improve programs to address key company risks and prepare internal teams for independent assessments against a wide variety of regulatory and compliance frameworks.
- Find practical solutions to standardize and scale compliance functions across Facebook.
- Provide robust assurance of the operational effectiveness of our compliance controls.
- Define metrics to track program progress and maturity for various stakeholders.
- Improve controls for internal systems, processes, and policies.
- Collaborate with internal teams and external auditors throughout compliance assessments.
- Understand technical implementation details necessary to assess general and situational Information Security risk.
- Responsible for the development and oversight of required mitigation plans relating to information security risk and policy exceptions.
- B.S. in computer science or equivalent experience.
- 5+ years of experience in global security policy and risk management.
- 3+ years of people management experience.
- Experience in Information Security policy development and risk management at tech companies.
- Knowledge of pragmatic security controls across all security domains such as access management, encryption methods, vulnerability management, network security, etc.
- Demonstrated leadership experience working and communicating at executive levels.
- Experience developing and producing security metrics and reports that are meaningful and actionable across various audiences.
- Conceptual, critical thinking, and sound judgment with strategic orientation and experience performing tactically.
- Experience providing technical knowledge appropriate to delivery of security protections.
- Experience in technical concepts similar to cloud computing environments: logical access control, agile development process, secure coding principles, security architecture, information security, network security, and privacy.
- Experience in influencing across all levels of the organization.
- Excellent project management skills.
- Eagerness to learn new things and discover emerging and new data trends.
- Great attention to detail with excellent leadership and problem-solving skills.
Back to top