Director, GRC & Privacy Security Job at Polymarket, New York, NY

R3JHL211aTBNMDZDa2RQbHY5dUVYU2VXWWc9PQ==
  • Polymarket
  • New York, NY

Job Description

About Polymarket

Polymarket is the world's largest prediction market platform. We enable individuals to express views on real-world events by trading on outcomes across politics, economics, sports, culture, and current affairs. Built as a peer-to-peer marketplace with no centralized "house," Polymarket aggregates diverse opinions into transparent, market-based probabilities that reflect collective expectations about the future.

We're growing fast — both in terms of volume ($21B traded in 2025) and adoption as an alternative news source. Our ambition is to become a ubiquitous beacon of truth in global media and we need your help adding fuel to the fire.

About the Role

Polymarket is hiring a Director of GRC & Privacy to build and lead the governance, risk, and compliance function within our security organization. As a high-growth fintech operating across multiple jurisdictions with several subsidiary entities, we carry compliance obligations spanning PCI-DSS, SOC 2 Type II, data privacy regulations, and financial services requirements — and this role will establish the GRC program from scratch.

This is a senior, high-visibility role reporting directly to the CISO. You'll hire and develop a team of three and serve as the primary interface between security, legal, finance, and external auditors and regulators. It requires equal fluency in regulatory requirements, risk management frameworks, and executive communication.

What You'll Do

  • Build and own the enterprise security risk management program — risk register, risk appetite framework, risk scoring methodology, and regular reporting to the CISO and executive leadership
  • Establish and maintain the security control framework, mapping controls to applicable standards (SOC 2 TSCs, PCI-DSS, CIS Controls) across all entities and subsidiaries
  • Drive security policy development and lifecycle management — authoring, reviewing, approving, and enforcing policies across the organization
  • Lead the company's security committee and governance forums, ensuring risk decisions are documented, escalated appropriately, and tracked to resolution
  • Own the end-to-end compliance program for SOC 2 Type II and PCI-DSS — scoping, control design, evidence collection, auditor management, and remediation tracking
  • Build continuous audit readiness rather than a point-in-time posture; automate compliance evidence collection where possible
  • Manage relationships with external auditors, certification bodies, and regulators; serve as the primary point of contact for audit engagements across all entities
  • Own the third-party risk management program — vendor security assessments, contractual security requirements, ongoing monitoring, and escalation of high-risk findings
  • Oversee the data privacy program in partnership with Legal, ensuring compliance with GDPR, CCPA, and applicable regulations across all jurisdictions where the company operates
  • Ensure privacy-by-design is embedded in the product development process and that data processing activities are documented, lawful, and consistent with stated privacy notices
  • Manage data subject rights obligations and privacy incident response, including breach notification requirements under applicable law

What We're Looking For

  • 8+ years of experience in GRC, information security compliance, or a related field, with 3+ years in a management or program leadership role
  • Deep, hands-on experience with SOC 2 Type II — you have managed or led multiple audit cycles and understand the TSCs, evidence requirements, and auditor dynamics from the inside
  • Strong working knowledge of PCI-DSS v4.0 and experience implementing or managing PCI compliance programs
  • Demonstrated experience managing compliance across multiple legal entities or subsidiaries with overlapping and distinct regulatory obligations
  • Experience building or significantly maturing a GRC program — not just maintaining one someone else built
  • Working knowledge of GDPR and CCPA and the operational requirements they impose on a data-handling business
  • Ability to communicate risk and compliance requirements clearly to technical teams, business stakeholders, and executive leadership
  • Experience managing external auditor relationships and serving as the primary organizational point of contact during audit engagements
  • (Plus) Experience in fintech, payments, cryptocurrency, or financial services — familiarity with money transmitter licensing or FinCEN obligations is a meaningful plus
  • (Plus) Professional certifications: CISM, CRISC, CISSP, CIPP/E, CIPP/US, or equivalent
  • (Plus) Exposure to ISO 27001, CIS, or NIST CSF as additional compliance frameworks
  • (Plus) Experience with GRC platforms (Vanta, Drata, Tugboat Logic, ServiceNow GRC, or equivalent)
  • (Plus) Familiarity with AWS cloud environments and how cloud-native architectures affect control design and evidence collection
  • (Plus) Prior experience standing up a GRC function in a high-growth, previously unstructured environment

Benefits

  • Competitive salary & equity
  • Unlimited PTO
  • Full Health, Vision, & Dental coverage
  • 401k match
  • Hardware setup: new MacBook Pro, big display, & accessories

Job Tags

Remote job, Full time

Similar Jobs

Avera Medical Group Family Health Center

Medical Laboratory Scientist - Family He... Job at Avera Medical Group Family Health Center

 ...Job Description Avera Medical Group Family Health Center Laboratory Sioux Falls , SD Full Time Night Shift Varied Shifts...  ...about opportunities in the lab: I completed a six-month internship in the Avera McKennan laboratory while completing my degree. One... 

CBH Homes

Contracts Transaction Coordinator Job at CBH Homes

 ...keeping things organized, supporting others, and creating a smooth customer experience? CBH Homes is looking for a Contracts Transaction Coordinator to help guide buyers through the homebuying journey while supporting our Sales Team behind the scenes. This role is... 

Ad Astra, Inc.

Spanish In-Person Interpreter Job at Ad Astra, Inc.

 ...Spanish speaker ready to use your bilingual skills in a meaningful, in-person role? We are currently seeking Spanish In-Person Interpreters to join our growing freelance team. In this role, you will serve as a vital link between our clients and the communities they... 

Confidential

ON SITE CALL CENTER - CUSTOMER SERVICE REP. Job at Confidential

 ...performing team? Randstad is looking for dynamic, customer-focused individuals to support our client call center in Harrisburg PA. If you have at least one year...  ...Weekends!) Key Responsibilities: Exceptional Service: Resolve customer issues efficiently while... 

Clough AMEC.

Industrial Cleaner / Bus Driver Job at Clough AMEC.

 ...talented workforce who share in our passion for projects. Who you are Your role will include: Facility cleaning Bus driving and cleaning Airport runs Contractor shift changes Must be able to drive 55-seater buses What you will bring to the team/...