GRC Third Party Security

We are creating an operationally effective and highly efficient "service of common concern" for all Integrity, Security, Support, and Operations (ISSO) Governance, Risk, and Compliance (GRC) needs, ensuring Integrity, Security, Support, and Operations continue to meet global regulatory requirements and manage risk. Meta's ISSO GRC is the central engine driving risk management and compliance at the company, supporting Meta and the family of apps. Security engineering is a critical component of supporting integrity and security risk domain governance, risk, and compliance (GRC). GRC initiatives are designed to enable the business to proactively manage risk, to protect sensitive information, and to meet or exceed legal and regulatory obligations and expectations.We're seeking deeply experienced, integrity and security talent to help enable and safeguard Meta's products and services which have a truly global scale. Our goal is to make Meta the premier place to work for governance, risk, compliance, security, and integrity professionals.

• Collaborate with team members and stakeholders to understand or identify defined work problems and program goals, prioritize deliverables, and discuss program impact.
• Identify and implement opportunities for increased automation across the program factoring in emerging regulations and proactive detection of risks.
• Increase Integration of systems to provision simplified engagements for the business, consolidated and efficient workflows, and consumable view of risk for leadership.
• Designing, implementing, and/or assessing security controls.
• Validating vulnerability assessments, controls testing outcomes.
• Identification of risks and detailing of a mitigation plan to ensure that the project stays on track, or is brought back on track in the event of delays or blockers.
• Providing technical challenge to risk domain strategies, products, designs, features, components.
• Support business travel on an as needed basis (up to 10%)

• 7+ years of experience in information security, cybersecurity, transparency reporting, integrity, and/or technology risk including one or more domains (e.g., access management, vulnerability management, change management, business continuity, application security, asset management).
• Experience of execution in third party security and delivering tangible results.
• Experience in assessing security deficiencies in information systems and recommending mitigating controls in a corporate environment.

• BSc/MSc or equivalent experience in Computer Science, Information Systems, Engineering, Cybersecurity or related field.
• Experience in technical challenge and validation of controls and features effectively analyzing risk, compliance, and maturity within the context of business, and technology problems.
• Experience in effectively analyzing risk, compliance, and maturity within the context of business, and technology problems.
• Industry qualification (CISSP / CISA or similar)