Senior Staff Analyst, GRC

The Mozilla Corporation is wholly owned by the non‑profit 501(c) Mozilla Foundation. This means we aren’t beholden to any shareholders — only to our mission. Along with thousands of volunteer contributors and collaborators all over the world, Mozillians design, build and distribute open-source software that enables people to enjoy the internet on their terms.About this team and role:The role is part of the Security Function within the broader Mozilla Infrastructure team. The Security team supports Product, Enterprise and GRC functions across the organization aligned with the mission to build a safe & secure internet. This role is responsible for defining, developing and helping implement a Governance, Risk and Compliance framework for both Enterprise and Product verticals. The ideal candidate will be responsible to deliver an integrated framework that aligns security, privacy, regulatory, and risk management initiatives across the organization. The ideal candidate is a collaborative leader with deep domain expertise in information security, regulatory compliance, risk governance, and cross‑functional stakeholder engagement.What you’ll do:Governance : develop and maintain a comprehensive GRC strategy and roadmap aligned with business objectives. Lead the creation and enforcement of standards, policies, controls, audits, reporting across various enterprise and product verticals.Risk Mgmt : develop and operationalize a risk assessment and management framework on a periodic basis to enable prioritization and remediation of critical issues. Define and deliver measurable scorecards and metrics to enable data driven decision makingCompliance : ensure compliance with various regulatory standards and frameworks ( ISO, NIST, SOC2, CCPA, GDPR, etc). Lead internal and external audit activities including tracking and resolving deficiencies and remediations.Partner closely with Legal / IT / Finance / Security to align on the GRC program and deliver a cohesive integrated risk management framework.Led defining requirement and reporting (scorecards) of data life cycle management across enterprise and product domains working with data platform and legal team.What you’ll bring:10+ years of progressive experience in developing and delivering an integrated GRC frameworkStrong understanding and deep knowledge of regulatory frameworks, processes and tools related to building a robust GRC frameworkExperience leading and delivering cross functional requirements for product & enterprise teams to implement controls and measures to meet compliance requirementsHands‑on understanding of using various technology and tools (SEIM, BI Tools, )Ability to develop Root Cause Analysis (RCA) and remediation plans to resolve risk deficiencies working with respective stakeholder teams.Strong critical thinking skills with the ability to drive long term organizational impactA background that demonstrates a bias for action and the ability to navigate constraints in order to achieve business outcomesAbility to collaborate and influence a diverse group of stakeholders to address cross‑functional challenges and lead changeWhat you’ll get:Generous performance‑based bonus plans to all eligible employees - we share in our success as one teamRich medical, dental, and vision coverageGenerous retirement contributions with 100% immediate vesting (regardless of whether you contribute)Quarterly all‑company wellness days where everyone takes a pause togetherCountry specific holidays plus a day off for your birthdayOne‑time home office stipendQuarterly well‑being stipendConsiderable paid parental leaveEmployee referral bonus programOther benefits (life/AD&D, disability, EAP, etc. - varies by country)About MozillaWhen you work at Mozilla, you give yourself a chance to make a difference in the lives of web users everywhere. And you give us a chance to make a difference in your life every single day. Join us to work on the web as the platform and help create more opportunity and innovation for everyone online. We’re not a normal tech company. The things we create prioritize people and their privacy over profits. We exist to make the internet a healthier, happier place for everyone.Commitment to diversity, equity and inclusionMozilla believes in the value of diverse creative practices and forms of knowledge, and knows diversity, equity and inclusion are crucial to and enrich the company’s core mission. We encourage applications from everyone, including members of all equity‑seeking communities, such as (but not limited to) women, racialized and Indigenous persons, persons with disabilities, persons of all sexual orientations, gender identities and expressions.We will ensure that qualified individuals with disabilities are provided reasonable accommodations to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment, as appropriate. Please contact us at hiringaccommodation@mozilla.com to request accommodation.We are an equal opportunity employer. We do not discriminate on the basis of race (including hairstyle and texture), religion (including religious grooming and dress practices), gender, gender identity, gender expression, color, national origin, pregnancy, ancestry, domestic partner status, disability, sexual orientation, age, genetic predisposition, medical condition, marital status, citizenship status, military or veteran status, or any other basis covered by applicable laws. Mozilla will not tolerate discrimination or harassment based on any of these characteristics or any other unlawful behavior, conduct, or purpose.At Mozilla, we’re serving humanity—by maintaining a safe, open internet—while also helping the individual humans employed here to reach their personal and professional goals. With a relatively small team serving hundreds of millions of people, a culture of exploration, and a commitment to mentorship, opportunities abound to learn and grow at Mozilla.Purpose is built into our work, with our mission driving every decisionWe challenge assumptions, the status quo, ourselves, and each otherWe are transparent: in our code, our business partnerships, and our everyday interactionsWe seek out people from diverse backgrounds and with perspectives different from our ownWe pair purpose with performance and put people ahead of profitOur impact is global1000+ paid staff from over 30 countriesThousands of volunteer contributors across six continents2 global offices: Berlin and Toronto9 coworking space locations: San Francisco, San Mateo, London, Paris, Portland, Tulsa, Vancouver, Chicago, and BellevueHundreds of home offices globallyOur benefits are world‑classFlexible work environment (majority of Mozillians work remotely)Industry‑leading paid parental leave (up to 26 weeks of fully paid leave for childbearing parents and up to 12 weeks for non‑childbearing parents)Reimbursement for professional development (up to $3,000/year)A work setup including the latest hardware and software of your choice #J-18808-Ljbffr