Cloud Security GRC Specialist

Meta's Security Governance, Risk and Compliance function (Security GRC) serves as the primary hub for Security risk management and compliance across the company, providing support to Meta and its family of apps. Within Security GRC, the Cloud Security GRC function is a horizontal capability providing guidance and direction to first line teams in making Meta’s Cloud platforms secure, available and compliant.
At Meta, we understand the significance of security, data protection, and privacy for the billions of people who use our services. We are committed to ensuring compliance with applicable laws and regulations such as the General Data Protection Regulation (GDPR), the European Electronic Communications Code (EECC), the Network and Information Security Directive (NIS2), and others, while enabling the business to rapidly and securely use appropriate Cloud solutions.
We are currently seeking highly experienced information security professionals to join our Cloud Security Function to continue to develop our Cloud Security GRC capabilities. This role is critical in driving change and ensuring compliance with these and other obligations. As part of this role, you will collaborate closely with engineers, analysts, technical program managers, business stakeholders, legal teams, and risk & compliance teams across the Meta organization.
This role requires a comprehensive understanding of various aspects of information security and the capability to apply this knowledge to solve problems at scale. This role demands a blend of business and technical acumen, demonstrated capability to communicate clearly with a broad range of stakeholders, and a demonstrated desire to learn.
Our goal is to make Meta the premier place to work for governance, risk, compliance, security, and integrity professionals.Cloud Security GRC Specialist Responsibilities

• Lead significant programs of work across various levels of cross-functional teams in Cloud Security and Cloud Governance, Risk and Compliance areas
• Collaborate with team members and stakeholders to understand or identify defined work problems and program goals, obtain prioritized deliverables, and discuss program impact.
• Designing, implementing, and/or assessing security controls and frameworks
• Implement maturity frameworks across multiple programs factoring in emerging regulations and proactive detection of risks.
• Assess and document emerging regulatory impact on established policy and control frameworks
• Identify, communicate, and collaborate with relevant stakeholders within one or more teams to drive impact and work toward mutual goals.
• Establish learnings, best practices, standardized frameworks and tools across GRC and related teams.
• Develop detailed program/project plans in partnership with cross-functional teams
• Identify opportunities for information sharing, process improvement and automation.
• Support business travel on an as needed basis (up to 10%).

Minimum Qualifications

• 17+ years of relevant experience, including:
• At least 8+ years experience in information security and/or technology risk including one or more domains (e.g., access management, vulnerability management, change management, business continuity, application security, asset management).
• Experience of and demonstrable familiarity with key Cloud Security, Risk Management and Compliance concepts
• Several years (5+) of hands on security experience with at least one of the major Cloud Service Providers (AWS, GCP, Azure)
• Experience in a Governance, Risk and Compliance function overseeing Cloud implementations at scale
• Experience in designing and implementing control frameworks
• Experience in assessing security deficiencies in information systems and recommending mitigating controls in a corporate environment
• Familiarity with compliance frameworks and regulatory requirements such as NIST, ISO-27001, ISO27018, SOC2, GDPR, EECC, eDP, NIS2, and other relevant structures.

Preferred Qualifications

• Security industry qualification (CISSP, CISM, CISA or similar)
• Cloud-specific Cloud Certifications (CCSP, AWS Certified Security Specialist, CCSK, etc.)
• BSc/MSc or equivalent in Computer Science, Information Systems, Engineering, Cybersecurity or related field

About Meta Meta builds technologies that help people connect, find communities, and grow businesses. When Facebook launched in 2004, it changed the way people connect. Apps like Messenger, Instagram and WhatsApp further empowered billions around the world. Now, Meta is moving beyond 2D screens toward immersive experiences like augmented and virtual reality to help build the next evolution in social technology. People who choose to build their careers by building with us at Meta help shape a future that will take us beyond what digital connection makes possible today—beyond the constraints of screens, the limits of distance, and even the rules of physics.


Equal Employment Opportunity Meta is proud to be an Equal Employment Opportunity employer. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, reproductive health decisions, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, genetic information, political views or activity, or other applicable legally protected characteristics. You may view our Equal Employment Opportunity notice here.
Meta is committed to providing reasonable accommodations for qualified individuals with disabilities and disabled veterans in our job application procedures. If you need assistance or an accommodation due to a disability, fill out the Accommodations request form.