Governance Risk & Compliance Lead

🚀 Whatnot

Whatnot is the largest livestream shopping platform in North America and Europe to buy, sell, and discover the things you love. We’re building the future of ecommerce, bringing together community, shopping and entertainment. We are committed to our values, and as a remote co-located team, we operate out of hubs within the US, UK, Ireland, Poland, and Germany today.

We’re innovating in the fast-paced world of live auctions from fashion, beauty, electronics to collectibles like trading cards, comic books, and even live plants. Whatnot has something for everyone.

And, we’re growing. Whatnot has been one of the fastest growing marketplaces and we’re hiring forward-thinking problem solvers across all functional areas.

💻 Role

A successful candidate will be responsible for developing and managing a comprehensive security governance, risk, and compliance program as well as: 

• Evaluate existing security policies and procedures and recommend improvements.
• Ensure compliance with security and privacy standards such as ISO 27001, SOC2, PCI, and GDPR/ CCPA.
• Create and maintain security awareness and training programs.
• Conduct security risk assessments and develop risk mitigation plans.
• Own security program reporting, metrics and dashboards for presentations to senior level leadership in the areas of security governance, risk management, security awareness, and third-party risk management.

Team members in this role are required to be within commuting distance of our Los Angeles, CA, San Francisco, CA, or New York, NY hubs.

👋 You

Curious about who thrives at Whatnot? We’ve found that low ego, a growth mindset, and leaning into action and high impact goes a long way here.

As our Governance, Risk, & Compliance Lead you should have a minimum of 8+ years of relevant experience in security governance, risk, and compliance, preferably in a tech startup environment, plus:

• A Bachelor’s degree in Computer Science, Information Security, or a related field.
• The successful candidate will have a deep knowledge of security best practices and industry standards, such as ISO 27001, SOC2, PCI, and GDPR/ CCPA.
• Experience at a Big 4 firm or similar reputable audit firm.
• Experience in supporting complex third party audit projects in a cloud centric environment, with a strong aptitude to understand emerging technologies to ensure regulatory and compliance requirements are met.
• Excellent written communication skills with the ability to document, communicate, and report security assessments as well as the status of the implementation and effectiveness of cybersecurity controls with product and business leaders.

💰Compensation

$180,000/year to $230,000/year + benefits + equity

The salary range may be inclusive of several levels that would be applicable to the position. Final salary will be based on a number of factors including, level, relevant prior experience, skills and expertise. This range is only inclusive of base salary, not benefits (more details below) or equity.

🎁 Benefits

• Flexible Time off Policy and Company-wide Holidays (including a spring and winter break)
• Health Insurance options including Medical, Dental, Vision
• Work From Home Support
  • Home office setup allowance
  • Monthly allowance for cell phone and internet
• Care benefits
  • Monthly allowance on both food and wellness
  • Annual allowance towards Childcare
  • Lifetime benefit for family planning, such as adoption or fertility expenses
• Retirement; 401k offering for Traditional and Roth accounts in the US (employer match up to 4% of base salary) and Pension plans internationally
• Monthly allowance to dogfood the app
• Parental Leave
  • 16 weeks of paid parental leave + one month gradual return to work *company leave allowances run concurrently with country leave requirements which take precedence.

💛 EOE

Whatnot is proud to be an Equal Opportunity Employer. We value diversity, and we do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, parental status, disability status, or any other status protected by local law. We believe that our work is better and our company culture is improved when we encourage, support, and respect the different skills and experiences represented within our workforce.