Role Overview
Polymarket is hiring a Director, GRC & Privacy Security. This is a full-time remote role, with the team based in New York. posted 3 weeks ago. Full responsibilities, required qualifications, and the apply link are listed in the description below.
Resume Keywords to Include
Make sure these keywords appear in your resume to improve ATS scoring
Job description
ABOUT POLYMARKET
Polymarket is the world's largest prediction market platform. We enable individuals to express views on real-world events by trading on outcomes across politics, economics, sports, culture, and current affairs. Built as a peer-to-peer marketplace with no centralized "house," Polymarket aggregates diverse opinions into transparent, market-based probabilities that reflect collective expectations about the future.
We're growing fast — both in terms of volume ($21B traded in 2025) and adoption as an alternative news source. Our ambition is to become a ubiquitous beacon of truth in global media and we need your help adding fuel to the fire.
ABOUT THE ROLE
Polymarket is hiring a Director of GRC & Privacy to build and lead the governance, risk, and compliance function within our security organization. As a high-growth fintech operating across multiple jurisdictions with several subsidiary entities, we carry compliance obligations spanning PCI-DSS, SOC 2 Type II, data privacy regulations, and financial services requirements — and this role will establish the GRC program from scratch.
This is a senior, high-visibility role reporting directly to the CISO. You'll hire and develop a team of three and serve as the primary interface between security, legal, finance, and external auditors and regulators. It requires equal fluency in regulatory requirements, risk management frameworks, and executive communication.
WHAT YOU'LL DO
- Build and own the enterprise security risk management program — risk register, risk appetite framework, risk scoring methodology, and regular reporting to the CISO and executive leadership
- Establish and maintain the security control framework, mapping controls to applicable standards (SOC 2 TSCs, PCI-DSS, CIS Controls) across all entities and subsidiaries
- Drive security policy development and lifecycle management — authoring, reviewing, approving, and enforcing policies across the organization
- Lead the company's security committee and governance forums, ensuring risk decisions are documented, escalated appropriately, and tracked to resolution
- Own the end-to-end compliance program for SOC 2 Type II and PCI-DSS — scoping, control design, evidence collection, auditor management, and remediation tracking
- Build continuous audit readiness rather than a point-in-time posture; automate compliance evidence collection where possible
- Manage relationships with external auditors, certification bodies, and regulators; serve as the primary point of contact for audit engagements across all entities
- Own the third-party risk management program — vendor security assessments, contractual security requirements, ongoing monitoring, and escalation of high-risk findings
- Oversee the data privacy program in partnership with Legal, ensuring compliance with GDPR, CCPA, and applicable regulations across all jurisdictions where the company operates
- Ensure privacy-by-design is embedded in the product development process and that data processing activities are documented, lawful, and consistent with stated privacy notices
- Manage data subject rights obligations and privacy incident response, including breach notification requirements under applicable law
WHAT WE'RE LOOKING FOR
- 8+ years of experience in GRC, information security compliance, or a related field, with 3+ years in a management or program leadership role
- Deep, hands-on experience with SOC 2 Type II — you have managed or led multiple audit cycles and understand the TSCs, evidence requirements, and auditor dynamics from the inside
- Strong working knowledge of PCI-DSS v4.0 and experience implementing or managing PCI compliance programs
- Demonstrated experience managing compliance across multiple legal entities or subsidiaries with overlapping and distinct regulatory obligations
- Experience building or significantly maturing a GRC program — not just maintaining one someone else built
- Working knowledge of GDPR and CCPA and the operational requirements they impose on a data-handling business
- Ability to communicate risk and compliance requirements clearly to technical teams, business stakeholders, and executive leadership
- Experience managing external auditor relationships and serving as the primary organizational point of contact during audit engagements
- (Plus) Experience in fintech, payments, cryptocurrency, or financial services — familiarity with money transmitter licensing or FinCEN obligations is a meaningful plus
- (Plus) Professional certifications: CISM, CRISC, CISSP, CIPP/E, CIPP/US, or equivalent
- (Plus) Exposure to ISO 27001, CIS, or NIST CSF as additional compliance frameworks
- (Plus) Experience with GRC platforms (Vanta, Drata, Tugboat Logic, ServiceNow GRC, or equivalent)
- (Plus) Familiarity with AWS cloud environments and how cloud-native architectures affect control design and evidence collection
- (Plus) Prior experience standing up a GRC function in a high-growth, previously unstructured environment
BENEFITS
- Competitive salary & equity
- Unlimited PTO
- Full Health, Vision, & Dental coverage
- 401k match
- Hardware setup: new MacBook Pro, big display, & accessories
About Polymarket
Polymarket
40 other open roles at Polymarket on TryApplyNow.
Frequently Asked Questions
How do I apply for the Director, GRC & Privacy Security position at Polymarket?
Use the Apply button above to submit your application directly to Polymarket. Most applications take less than 5 minutes if your resume and contact details are ready, and you'll be routed to the employer's official application system to finish.
Is the Director, GRC & Privacy Security role at Polymarket remote?
Yes. This is a remote role. The team is based in New York, but the position itself does not require relocating to that office.
What does a Director, GRC & Privacy Security at Polymarket earn?
Polymarket has not disclosed a salary range in this posting. Many employers share specifics later in the interview process; you can also ask during a recruiter screen if compensation transparency is important to you.
When was the Director, GRC & Privacy Security role at Polymarket posted?
This role was posted on June 18, 2026 (22 days ago). It's still listed as actively hiring; we re-confirm openings against the source system multiple times per day and remove closed roles.
How much experience does the Director, GRC & Privacy Security role at Polymarket require?
This is a senior-level position. Most senior roles call for 5+ years of directly relevant experience. Polymarket lists their specific requirements in the description below, so review the must-have qualifications closely before applying.
More Jobs at Polymarket
View all →AI-powered job search
Get every job scored to your resume
Upload your resume and get jobs ranked, your resume tailored, and employee contacts found automatically.
Get started freeNo credit card to start