Senior Security GRC Manager

About Discord

Discord is used by over 200 million people every month for many different reasons, but there’s one thing that nearly everyone does on our platform: play video games. Over 90% of our users play games, spending a combined 1.5 billion hours playing thousands of unique titles on Discord each month. Discord plays a uniquely important role in the future of gaming. We are focused on making it easier and more fun for people to talk and hang out before, during, and after playing games.

About the Role

Discord's Legal team is looking for a Senior Security GRC Manager to help build and scale our security compliance program. This role will own our Security Compliance function within GRC, driving certification readiness, policy development, and control documentation and review that keep pace with Discord's growth. You'll work closely with Security, Engineering, IT, and Legal to build systems that make compliance efficient and sustainable—not a box-checking exercise. This role reports to Discord's Senior Director, Product Law.

What you'll be doing:

• Build and mature Discord's GRC program, including selecting and implementing tooling, defining workflows, and establishing scalable processes for ongoing compliance.
• Develop and maintain security policies and standards that meet certification requirements while being practical for engineering teams to implement.
• Plan and lead audit and certification engagements (SOC 2, ISO 27001/27701/42001) or other frameworks (as business needs evolve).
• Design and implement control frameworks with automated testing and evidence collection—building systems that check compliance by default rather than requiring manual effort.
• Own Discord's security risk register, balancing external and internal inputs, and create frameworks for consistent risk scoring and acceptance decisions.
• Conduct oversight activities (monitoring, testing, internal audits) and manage reporting of compliance risks to senior leadership and steering committees.
• Partner cross-functionally to align security frameworks with broader company risk management approaches.

What you should have:

• 8+ years of experience in security compliance, GRC, or related fields, with demonstrated experience building compliance programs (not just maintaining them).
• Deep familiarity with common compliance frameworks (SOC 2, ISO 27001, NIST 800-53) and experience leading organizations through certification processes.
• Experience selecting, implementing, and operationalizing GRC tooling.
• Strong policy drafting skills with the ability to translate complex requirements into clear, actionable standards.
• Ability to understand how engineering teams work and how to design controls that integrate into their workflows.
• Ability to work cross-functionally and influence without authority; comfort operating in a fast-paced environment with competing priorities.
• A "GRC by default" mindset—you think about how to automate and systematize compliance rather than relying on manual processes.

Bonus Points:

• Experience with AI safety frameworks or emerging AI compliance requirements (ISO 42001).
• FedRAMP experience or familiarity with government compliance requirements.
• Background in consumer technology companies.

Location & Compensation:

Candidates must reside in or be willing to relocate to the San Francisco Bay Area (Alameda, Contra Costa, Marin, Napa, San Francisco, San Mateo, Santa Clara, Solano, and Sonoma counties). Relocation assistance may be available. For this role, the Hiring Manager would like folks to be in the San Francisco office 2-3 days a week. The US base salary range for this full-time position is $180,000 to $202,000 + equity + benefits. Our salary ranges are determined by role and level. Within the range, individual pay is determined by additional factors, including job-related skills, experience, and relevant education or training. Please note that the compensation details listed in US role postings reflect the base salary only, and do not include equity, or benefits.

Key skills/competency:

• Security Compliance
• GRC Program Management
• SOC 2
• ISO 27001
• NIST 800-53
• Policy Development
• Risk Management
• Audit Leadership
• Security Automation
• Cross-functional Collaboration