This job might no longer be available.

Director of Governance Risk and Compliance

AppLovin was named one of the Hottest Adtech Companies of 2021 by Business Insider, as well as a Certified Great Place to Work in 2021 and 2022. The San Francisco Business Times and Silicon Valley Business Journal awarded AppLovin one of the Bay Area’s Best Places to Work in 2019, 2020, and 2021. Our team members are regularly recognized for their work and leadership, including recent award wins in Business Insider’s Rising Stars of Adtech 2022, Glassdoor’s Top CEOs 2019, and the 2021 Women in Content Marketing Awards.

The director of governance, risk management, and compliance (GRC) provides leadership and direction for the company’s GRC requirements. The director is responsible for establishing and maintaining the company’s overall IT and security GRC program, as well as for developing and managing a global, enterprise-wide information GRC program. The role includes implementation and maintenance of policies, as well as a comprehensive controls framework with global third-party risk management, business continuity management and data privacy knowledge. The position requires a diverse background to understand a variety of systems, including new technologies and legacy systems considered business-critical. The GRC program is led by the director, who reports to the company's Head of Information Security and Compliance.

Responsibilities

• Direct and conduct ongoing risk analysis organization-wide.
• Build and lead a program dedicated to an ongoing security maturation program, where areas of strength are amplified and areas needing improvement are documented.
• Emphasize privacy, security, business resiliency and compliance frameworks.
• Document, communicate and enforce areas of security improvement that balance risk with business operations, as well as ensure controls are not weakening efficiencies or business innovation.
• Establish and maintain a strategy for managing security-related audits, compliance checks, data privacy laws and external assessment processes for auditors, including but not limited to, the EU’s General Data Protection Regulation (GDPR), Sarbanes-Oxley (SOX), ISO 27001, Gramm-Leach-Bliley Act (GLBA), Service Organization Controls (SOC) 2, California Consumer Privacy Act (CCPA) and other applicable industry standards.
• Create strong oversight with third parties, vendors and business partners.
• Partner with the Data Privacy team to ensure key data is labeled and protected.
• Act as a key point of contact when risk is identified to raise awareness with security management and business unit leads on a risk reduction plan.
• Play a key role in the vendor risk assessment process and ensure all business units follow and uphold process rigor.
• Partner with business units when onboarding solutions to ensure adequate controls are available and enabled in production.
• Oversee findings brought forward through team analysis, requiring thorough documentation and recommendations to report to security leadership where gaps exist.
• Maintain a high degree of knowledge with current and proposed security changes impacting regulatory, privacy and security industry best practice guidance.
• Effectively communicate knowledge of GRC controls across business units with a focus on, but not limited to, company practices, procedures, third-party integrations, product development and financials.
• Provide leadership for disaster recovery and business continuity as they relate to security frameworks, compliance and privacy laws.

Requirements

• 10+ years of cybersecurity or information technology practitioner and management experience.
• CISSP, CISM, CISA, CRISC are preferable, but not required.

AppLovin is an equal opportunity employer and considers qualified applicants without regard to race, gender, sexual orientation, gender identity or expression, genetic information, national origin, age, disability, medical condition, religion, marital status or veteran status, or any other basis protected by law.