Join Figma's GRC team to lead compliance and risk management initiatives in a dynamic and collaborative environment.
Requirements
- Experience
- 4+ years
Benefits
Joblaze summary
In the Governance Risk and Compliance role at Figma, the individual will focus on enhancing security and compliance frameworks while managing audits and risk assessments. Key skills include expertise in frameworks like SOC 2 and ISO 27001, along with strong communication abilities to engage cross-functional teams. This position is ideal for professionals with over four years of experience in information security or compliance, particularly those who thrive in dynamic, high-growth environments. Figma's commitment to building trust with users and partners underscores the importance of this role.
Joblaze insights
- Listed today on Joblaze — tracked directly from Figma's career page.
- Figma has 174 other open roles including Designer Advocate, Marketing Engineer, AI Deployment, Manager, Security Operations.
- 47 active SOC 2 roles on Joblaze right now.
- 40 active ISO 27001 roles on Joblaze right now.
- 40 active GDPR roles on Joblaze right now.
- Salary band is in line with the typical range for Security roles (median ~$168,000).
Quick facts
- Is the Governance Risk and Compliance role remote?
- It's hybrid — Figma expects some on-site time in United States.
- What's the salary range?
- Figma lists $153,000–$296,000 for this role.
- How much experience is required?
- At least 4 years of relevant experience for this Governance Risk and Compliance role.
- Where is the role based?
- Figma is hiring for this position in United States.
- What's the tech stack?
- Joblaze extracted these technologies from the posting: CRISC, CISM, SOC 2, ISO 27001, FedRAMP, Drata.
- What seniority level is this role?
- Figma targets mid-level candidates for this position.
- Is this full-time or contract?
- Full-time for this Governance Risk and Compliance role at Figma.
From the original posting
Figma is growing our team of passionate creatives and builders on a mission to make design accessible to all. Figma’s platform helps teams bring ideas to life—whether you're brainstorming, creating a prototype, translating designs into code, or iterating with AI. From idea to product, Figma empowers teams to streamline workflows, move faster, and work together in real time from anywhere in the world. If you're excited to shape the future of design and collaboration, join us!
Figma's GRC team helps build and maintain trust with our users, regulators, business partners, and the organizations that rely on Figma every day. We partner across the company to strengthen security, manage risk, maintain compliance, and scale the programs that support our continued growth.
We're growing our team and looking for security, risk, and compliance professionals across several disciplines. Whether your expertise is in compliance, risk management, governance, GRC tooling, or customer trust, you'll have the opportunity to build programs, improve processes, and help shape how Figma scales security and trust.
Roles we hire for on this team:
- Compliance Management
- Lead compliance and certification programs across security and regulatory frameworks
- Manage audit cycles, partner with external assessors, and drive audit readiness initiatives
- Improve controls, processes, and evidence management practices across the organization
- Security Risk Management
- Build and maintain risk and controls frameworks that support Figma's security posture
- Assess, prioritize, and communicate security risks across the business
- Develop third-party risk management strategies and enterprise risk reporting programs
- Policy & Governance
- Manage the lifecycle of organizational security policies, standards, and procedures
- Drive policy awareness and stakeholder engagement across the company
- Ensure governance practices align with regulatory requirements and business objectives
- GRC Platforms & Enablement
- Select, implement, and optimize GRC platforms and supporting workflows
- Scale evidence collection, reporting, and program management capabilities
- Identify opportunities to automate and streamline GRC operations
- Customer Trust
- Support customer trust and business enablement activities across the sales lifecycle
- Manage security knowledge bases, customer-facing documentation, and trust publications
- Respond to customer security inquiries, audits, and questionnaires
This is a full time role that can be held from one of our US hubs or remotely in the United States.
What you'll do at Figma:
- Lead compliance programs across frameworks such as SOC 2, ISO 27001, FedRAMP, SOX ITGC, GDPR, and NIS2
- Manage external audits and certification activities while partnering with auditors and assessors
- Build and maintain risk and controls frameworks, including common control frameworks that support multiple certifications
- Conduct risk and gap assessments and drive remediation efforts across technical and business stakeholders
- Improve control effectiveness and operational efficiency through rationalization and process optimization
- Implement and optimize GRC platforms that scale evidence collection and program management
- Maintain security policies and governance processes that align with organizational risk objectives
- Support customer trust initiatives, including security questionnaires, audits, and customer-facing security communications
We’d love to hear from you if you have:
- 4+ years of experience in information security, compliance, risk management, or a related field
- Hands-on experience supporting security and compliance frameworks such as SOC 2, ISO 27001, FedRAMP, PCI-DSS, or SOX ITGC
- Experience leading or supporting audits and partnering with external assessors
- Demonstrated ability to conduct assessments, drive remediation efforts, and manage cross-functional initiatives
- Exceptional written and verbal communication skills across technical, business, and executive audiences
- Demonstrated ability to improve processes, manage competing priorities, and build strong cross-functional partnerships
While it’s not required, it’s an added plus if you also have:
- Operated in a public company environment with SOX ITGC requirements
- Supported FedRAMP authorization, SSP development, 3PAO coordination, or continuous monitoring activities
- Earned security or risk certifications such as CISA, CISSP, CISM, or CRISC
- Implemented or administered GRC platforms such as Vanta, Drata, or similar tools
- Scaled security, compliance, or risk programs in a high-growth environment
At Figma, one of our values is Grow as you go. We believe in hiring smart, curious people who are excited to learn and develop their skills. If you’re excited about this role but your past experience doesn’t align perfectly with the points outlined in the job description, we encourage you to apply anyways. You may be just the right candidate for this or other roles.
Pay Transparency Disclosure
If based in Figma’s San Francisco or New York hub offices, this role has the annual base salary range stated below.
Job level and actual compensation will be decided based on factors including, but not limited to, individual qualifications objectively assessed during the interview process (including skills and prior relevant experience, potential impact, and scope of role), market demands, and specific work location. The listed range is a guideline, and the range for this role may be modified. For roles that are available to be filled remotely, the pay range is localized according to employee work location by a factor of between 80% and 100% of range. Please discuss your specific work location with your recruiter for more information.
Figma offers equity to employees, as well a competitive package of additional benefits, including health, dental & vision, retirement with company contribution, parental leave & reproductive or family planning support, mental health & wellness benefits, generous PTO, company recharge days, a learning & development stipend, a work from home stipend, and cell phone reimbursement. Figma also offers sales incentive pay for most sales roles and an annual bonus plan for eligible non-sales roles. Figma’s compensation and benefits are subject to change and may be modified in the future.
At Figma we celebrate and support our differences. We know employing a team rich in diverse thoughts, experiences, and opinions allows our employees, our product and our community to flourish. Figma is an equal opportunity workplace - we are dedicated to equal employment opportunities regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity/expression, veteran status, or any other characteristic protected by law. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements.
We will work to ensure individuals with disabilities are provided reasonable accommodation to apply for a role, participate in the interview process, perform essential job functions, and receive other benefits and privileges of employment. If you require accommodation, please reach out to accommodations-ext@figma.com. These modifications enable an individual with a disability to have an equal opportunity not only to get a job, but successfully perform their job tasks to the same extent as people without disabilities.
Examples of accommodations include but are not limited to:
- Holding interviews in an accessible location
- Enabling closed captioning on video conferencing
- Ensuring all written communication be compatible with screen readers
- Changing the mode or format of interviews
To ensure the integrity of our hiring process and facilitate a more personal connection, we require all candidates keep their cameras on during video interviews. Additionally, if hired you will be required to attend in person onboarding.
By applying for this job, the candidate acknowledges and agrees that any personal data contained in their application or supporting materials will be processed in accordance with Figma's Candidate Privacy Notice.