Facebook Governance, Risk & Compliance Program Manager in Des Moines, Iowa
Facebook's mission is to give people the power to build community and bring the world closer together. Through our family of apps and services, we're building a different kind of company that connects billions of people around the world, gives them ways to share what matters most to them, and helps bring people closer together. Whether we're creating new products or helping a small business expand its reach, people at Facebook are builders at heart. Our global teams are constantly iterating, solving problems, and working together to empower people around the world to build community and connect in meaningful ways. Together, we can help people build stronger communities - we're just getting started.
Enterprise Engineering (EE) is looking for a Governance, Risk & Compliance (GRC) Program Manager for the GRC practice within the Business Operations Pillar. Business Operations enables cross-functional collaboration between EE pillars and our partners across the company, increases transparency on important topics, clarifies the EE strategy, boosts our brand by highlighting our people, product and engineering successes, and creates frameworks and processes to make us a more efficient organization. The GRC Program Manager would be part of a team that focuses on reducing the overall risk in the EE environment. This person should be able to understand and implement multi-faceted risk frameworks, assisting our business partners with making balanced decisions between risk exposure, growth, and innovation. This person should also be able to devise mechanisms to proactively identify, mitigate, and monitor risks by working with many cross-functional teams within Enterprise Engineering and at Facebook.
Continuously identify & assess risks to EE’s critical processes and assets through various technical and non-technical channels (i.e., security vulnerabilities, audits/assessments, and operational incidents)
Mature and automate repeatable processes to inventory, prioritize, manage, remediate, and monitor risks within the Enterprise Engineering environment
Manage a highly matrixed and fast-moving environment, including developing and socializing operating models to optimize risk and compliance engagement within EE and across FB enterprise
Serve as an interpreter and liaison between EE and enterprise SME teams, helping EE efficiently and comprehensively navigate the complexities of risk and compliance
Manage the data, technology, and automation platforms that drive key risk and performance reporting and insights
Demonstrate a strong understanding of risk management by navigating challenging conversations with leadership teams and driving risk-based decision making and accountability for those decisions
Develop quantitative risk and threat models to drive risk reporting and business prioritization
Stay abreast of latest industry trends and events that impact the security or regulatory environment of EE
10+ years working experience in Information and Physical Security, Internal Audit, Data Privacy, or other Governance, Risk & Compliance Fields
Experience moving technical or business driven projects from inception to delivery, and experience articulating the impact using metrics, growth examples, return, etc.
5+ years experience working within an IT or Technology organization with practical experience in implementing IT risk frameworks, controls, and methodologies
Experience in the areas of risks and controls across various IT platforms, web, middleware, cloud services (IaaS, PaaS, SaaS), database, operating systems, infrastructure and social media
CISSP, CISA, CISM, CRISC, CIPP, or similar industry certification(s)
Deep knowledge of industry standard regulations and risk management frameworks and standards (e.g., ISO, PCI, NIST, COBIT, GAPP, HIPAA, GDPR)
Experience with interpreting and implementing data privacy and protection regulatory requirements at scale
Experience with managing GRC products and implementations, including developing relevant business, technical, and data requirements
Experience creating and utilizing KPIs and KRIs, including dashboarding with data visualization tools
Experience in complex, matrixed environments and an experience navigating a constantly changing business
Strong communication with and organizational skills and an experience distilling complex risk data into impactful messaging to non-technical, leadership teams
Experience discerning business relevant risk associated with technology control deficiencies
Program and project management experience with process and organizational change implementation
Self-starter, experience working independently and as part of a team
Experience working independently and as part of a team
Strong analytical, research, and problem solving skills with a keen attention to detail
Equal Opportunity: Facebook is proud to be an Equal Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender, gender identity, gender expression, transgender status, sexual stereotypes, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law. Facebook is committed to providing reasonable accommodations for candidates with disabilities in our recruiting process. If you need any assistance or accommodations due to a disability, please let us know at email@example.com.
- Facebook Jobs