Manager, Security Assurance

We are creating an operationally effective and highly efficient "service of common concern" for all Integrity, Security, Support, and Operations (ISSO) Governance, Risk, and Compliance (GRC) needs, ensuring Integrity, Security, Support, and Operations continue to meet global regulatory requirements and manage risk.Meta's ISSO GRC is the central engine driving risk management and compliance at the company, supporting Meta and the family of apps. We're seeking deeply experienced, integrity and security leadership talent to help enable and safeguard Meta's products and services which have a truly global scale. ISSO GRC is simultaneously responsible for, (a) enabling the business to achieve its goals at scale and pace (b) safeguarding the business against real world security risks and (c) addressing the regulatory scrutiny the business faces. Our goal is to make Meta the premier place to work for governance, risk, compliance, security, and integrity professionals. We are seeking an experienced Manager with deep knowledge of risk management, compliance, and Meta Security functions who will help ensure the company meets regulatory risk assessment requirements and obligations. You will build out and provide leadership and direction to the Security Assurance team and oversee the design, implementation, monitoring, and ongoing improvements of Meta's Security Assurance program. You will have strong executive communication and influencing skills, in order to effectively explain complex compliance issues and updates in a digestible manner to senior leadership and key stakeholders across product, policy, operations, and legal. The ideal candidate has experience working in ambiguous and fast-changing environments, with the ability to pivot quickly and effectively as required, bringing your team along to remain aligned on key priorities, deliverables, and changes to the regulatory landscape affecting Meta. Candidates should have knowledge/expertise in one or more of the following areas: audit, assurance, data security, policy management, risk management, issue & exception management, and governance & reporting.

• Provide vision, oversight, and guidance on all work related to the global Security Assurance team.
• Establish team goals, priorities, and KPIs
• as well as operating models and standards and ensure team members understand program goals and are able to effectively able prioritize and execute on deliverables.
• Provide thought leadership and drive structure for the broader ISSO GRC function, as well as for the team.
• Facilitate communication and collaboration with XFN partners
• ensuring roles, responsibilities, and deliverables are clear between the Security Assurance team and multiple XFN partners to drive impact and work toward mutual goals.
• Engage with internal audit and internal technical and non-technical teams to develop a working relationship and provide concise and accurate regulatory and audit responses when requested.
• Provide updates to senior management and leadership
• facilitating escalations, decision support, and removal of blockers when necessary.
• Share relevant expertise with the Assurance team by providing them with the necessary support and training.
• Evaluate methods to streamline risk assessment approaches and methodologies, improve control testing activities, and enhance control monitoring.
• Implement maturity frameworks across multiple programs factoring in emerging regulations and proactive detection of risks.
• Support business travel on an as needed basis (up to 10%).

• Bachelor's Degree in technical or business discipline or related experience.
• 10+ years of experience in information security, cybersecurity, transparency reporting, integrity, and/or technology risk including one or more domains (e.g., access management, vulnerability management, change management, business continuity, application security, asset management).
• 5+ years experience managing a diverse, dispersed team.
• 5+ years of experience in effectively analyzing data and programs for security risk, compliance, and maturity.
• Knowledge of industry risk frameworks and best practices (COSO, ISO, NIST).
• Communication skills, with proven success influencing a variety of audiences including senior leadership across both technical and non-technical teams.

• Advanced degree and/or certification.
• Advanced program management skills including planning, organizing, pre-empting risks/blockers, and communicating with stakeholders to deliver successful programs or projects, while operating with minimal guidance.
• Experience moving seamlessly from strategy to execution and delivering tangible results.