Sr. Director of Cyber Security, Governance & Risk Compliance



JUUL's mission is to improve the lives of the world’s one billion adult smokers by driving innovation to eliminate cigarettes. JUUL is the number one US-based vapor product. Headquartered in San Francisco and backed by leading technology investors including Tiger Global, Fidelity Investments and Tao Invest LLC, JUUL Labs is disrupting one of the world’s largest and oldest industries.

We’re an exceptional team with backgrounds in technology, healthcare, CPG and biotech, and we’re growing rapidly to deliver on our mission. We’re actively looking to hire the world’s best scientists, engineers, designers, product managers, supply chain experts, customer service and business professionals.



The Senior Director of Cyber Security Governance, Risk and Compliance (GRC) for JUUL will provide oversight for the corporate cyber security governance framework and drives enterprise cyber security risk management program to ensure that the company's technology systems and data are adequately protected. The successful candidate will report to the Chief Information Security Officer (CISO) and will work as part of a broader security organization to focus on implementing and growing a GRC strategy that ultimately reduces corresponding risk to the company.



  • Develop and lead strategies for the governance, risk and compliance functions across the company that support transformation of the security function, ensure exposures to cyber risks are identified and managed at an acceptable level
  • Create and deploy the corporate governance framework for Cyber Security risk. This includes writing a charter, forming/leading various risk committees and working groups that bring risk awareness to relevant stakeholders for decision making. Provide briefings to senior leaders and advise them of critical issues that may affect business or security posture
  • Define, document and publish Information Security policies, standards, and procedures. Present and shepherd new policies through a developed security governance process.
  • Develop and manage the cybersecurity risk management strategy, framework, methodology and approach. Integrate the risk program into the enterprise risk framework
  • Direct the implementation and administration of one or more GRC platforms, such as RSA Archer, MetricStream, or BWise
  • Conduct risk assessments and identify key stakeholders such as risk owner, control owner, etc.
  • Partner with Technology & Architecture and Engineering teams to identify required controls and develop risk mitigation plans
  • Effectively report risk and mitigation status to relevant stakeholders across the company
  • Overall control management to include adoption and maintenance of standards, control testing, monitoring and creation of metrics to measure control effectiveness
  • Manage, coordinate, track and report all Cyber Security related external assessments and internal audits including action plans and responses
  • Develop and manage the global 3rd Party Information Security oversight program. To include the initial risk assessment of supplier/vendor information security controls to protect our data and ongoing monitoring for compliance to our cyber security policies and standards
  • Maintain a risk register and risk visual with clearly defined owners for each risk.
  • Form and lead a Business Services team that supports sales and marketing functions to respond to business development opportunities customer requests.
  • Lead and deliver Information Security training and awareness enterprise wide
  • Lead a high performing team of GRC Managers and Analysts
  • Build solid working relationships with business stakeholders to maintain and improve product and application security processes.


Required Skills & Experience

  • Minimum 5 years of Information Security GRC or Technology GRC
  • 10 years of leadership experience in Cyber Security
  • 10 years experience as people leader
  • Proven track record of accomplishments
  • In-depth familiarity with, risk methodologies, GRC systems and tools, industry control standard frameworks, service catalogue, awareness and training programs.
  • Good understanding of popular application security standards including OWASP TOP 10, SANS TOP 25, etc.
  • Strong leadership attributes, business acumen, analytical skills and problem solving
  • Excellent verbal and written communication skills
  • Experience leading change in a global environment and ability to bring others along
  • Interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences
  • Project management skills and exhibit the ability to manage multiple projects under strict timelines
  • Ability to work in a demanding, dynamic, fast-paced, high growth environment



  • A place to grow your career. We’ll help you set big goals - and exceed them
  • People. Work with talented, committed and supportive teammates
  • Equity and performance bonuses. Every employee is a stakeholder in our success
  • Boundless snacks and drinks
  • Cell phone subsidy, commuter benefits and discounts on JUUL products
  • Excellent medical, dental and vision benefits
  • Location. Work in the heart of San Francisco, one of the world’s greatest cities

Vapor, JUUL, Work Culture, Fast Paced, Start-up, Growth, Vape, Technology, Software, Hardware, Consumer Electronics, Manufacturing, Design, Product, Disruptive, Revolutionary, Cutting Edge, App, Android, eCommerce, B2C, San Francisco, Bay Area, IoT, San Jose, Los Angeles


Back to top