Work in Iowa Jobs

Job Information

Facebook Governance, Risk & Compliance Program Manager in Des Moines, Iowa


Facebook's mission is to give people the power to build community and bring the world closer together. Through our family of apps and services, we're building a different kind of company that connects billions of people around the world, gives them ways to share what matters most to them, and helps bring people closer together. Whether we're creating new products or helping a small business expand its reach, people at Facebook are builders at heart. Our global teams are constantly iterating, solving problems, and working together to empower people around the world to build community and connect in meaningful ways. Together, we can help people build stronger communities - we're just getting started.


Enterprise Engineering (EE) is looking for a Governance, Risk & Compliance (GRC) Program Manager for the GRC practice within the Business Operations Pillar. Business Operations enables cross-functional collaboration between EE pillars and our partners across the company, increases transparency on important topics, clarifies the EE strategy, boosts our brand by highlighting our people, product and engineering successes, and creates frameworks and processes to make us a more efficient organization. The GRC Program Manager would be part of a team that focuses on reducing the overall risk in the EE environment. This person should be able to understand and implement multi-faceted risk frameworks, assisting our business partners with making balanced decisions between risk exposure, growth, and innovation. This person should also be able to devise mechanisms to proactively identify, mitigate, and monitor risks by working with many cross-functional teams within Enterprise Engineering and at Facebook.

Required Skills:

  1. Continuously identify & assess risks to EE’s critical processes and assets through various technical and non-technical channels (i.e., security vulnerabilities, audits/assessments, and operational incidents)

  2. Mature and automate repeatable processes to inventory, prioritize, manage, remediate, and monitor risks within the Enterprise Engineering environment

  3. Manage a highly matrixed and fast-moving environment, including developing and socializing operating models to optimize risk and compliance engagement within EE and across FB enterprise

  4. Serve as an interpreter and liaison between EE and enterprise SME teams, helping EE efficiently and comprehensively navigate the complexities of risk and compliance

  5. Manage the data, technology, and automation platforms that drive key risk and performance reporting and insights

  6. Demonstrate a strong understanding of risk management by navigating challenging conversations with leadership teams and driving risk-based decision making and accountability for those decisions

  7. Develop quantitative risk and threat models to drive risk reporting and business prioritization

  8. Stay abreast of latest industry trends and events that impact the security or regulatory environment of EE

Minimum Qualifications:

  1. 10+ years working experience in Information and Physical Security, Internal Audit, Data Privacy, or other Governance, Risk & Compliance Fields

  2. Experience moving technical or business driven projects from inception to delivery, and experience articulating the impact using metrics, growth examples, return, etc.

Preferred Qualifications:

  1. 5+ years experience working within an IT or Technology organization with practical experience in implementing IT risk frameworks, controls, and methodologies

  2. Experience in the areas of risks and controls across various IT platforms, web, middleware, cloud services (IaaS, PaaS, SaaS), database, operating systems, infrastructure and social media

  3. CISSP, CISA, CISM, CRISC, CIPP, or similar industry certification(s)

  4. Deep knowledge of industry standard regulations and risk management frameworks and standards (e.g., ISO, PCI, NIST, COBIT, GAPP, HIPAA, GDPR)

  5. Experience with interpreting and implementing data privacy and protection regulatory requirements at scale

  6. Experience with managing GRC products and implementations, including developing relevant business, technical, and data requirements

  7. Experience creating and utilizing KPIs and KRIs, including dashboarding with data visualization tools

  8. Experience in complex, matrixed environments and an experience navigating a constantly changing business

  9. Strong communication with and organizational skills and an experience distilling complex risk data into impactful messaging to non-technical, leadership teams

  10. Experience discerning business relevant risk associated with technology control deficiencies

  11. Program and project management experience with process and organizational change implementation

  12. Self-starter, experience working independently and as part of a team

  13. Experience working independently and as part of a team

  14. Strong analytical, research, and problem solving skills with a keen attention to detail

Industry: Internet

Equal Opportunity: Facebook is proud to be an Equal Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender, gender identity, gender expression, transgender status, sexual stereotypes, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law. Facebook is committed to providing reasonable accommodations for candidates with disabilities in our recruiting process. If you need any assistance or accommodations due to a disability, please let us know at