Compliance Manager, Customer Trust and Third Party Risk

Compliance Manager, Customer Trust and Third Party Risk at Figma

Figma is growing our team of passionate creatives and builders on a mission to make design accessible to all. Figma’s platform helps teams bring ideas to life—whether you're brainstorming, creating a prototype, translating designs into code, or iterating with AI. From idea to product, Figma empowers teams to streamline workflows, move faster, and work together in real time from anywhere in the world. If you're excited to shape the future of design and collaboration, join us!

The Compliance Manager, Customer Trust and Third Party Risk will be responsible for leading third-party vendor reviews and advancing customer trust initiatives. The role is divided equally between performing vendor assessments and collaborating with internal stakeholders to ensure clear communication of our security posture and timely resolution of customer security and compliance inquiries.

This is a full time role that can be held from our SF, Seattle, or NY hub.

What you’ll do at Figma:

• Conduct and maintain third-party vendor security assessments, monitor ongoing vendor risk, and track remediation efforts to ensure alignment with internal policies and standards
• Partner with Procurement, Legal, Contracts, and Security teams to embed appropriate risk and compliance controls into vendor agreements and support negotiations or escalations
• Develop and maintain reporting and metrics that provide leadership visibility into vendor and third-party risk posture
• Coordinate timely, accurate responses to customer security questionnaires, audits, and other trust-related inquiries by collaborating with IT, Legal, Security, Sales, and Customer Success
• Prepare, present, and maintain security documentation and reports that demonstrate the organization’s security and compliance commitments
• Manage customer audits and risk assessments, proactively identifying and addressing customer-raised risks or concerns
• Create, centralize, and scale security assurance content and evidence, continuously improving processes to enhance customer trust and support sales acceleration

What we're looking for:

• Strong understanding of security frameworks and standards (e.g., ISO 27001, NIST, SOC 2)
• Excellent communication and interpersonal skills, with the ability to convey complex security concepts to non-technical audiences
• Experience in responding to security questionnaires and managing customer audits
• Strong organizational and project management skills
• Ability to build and maintain strong customer relationships

Bonus points if you have:

• Experience with audit tools, GRC platforms, and automation technologies
• Ability to work efficiently and independently in a fast-paced, high-volume environment
• CISA, CRISC, and CISSP certifications

Key skills/competency

• Third-party risk management
• Vendor security assessments
• Customer trust initiatives
• Security posture communication
• Compliance controls
• Security frameworks (ISO 27001, NIST, SOC 2)
• Security questionnaires
• Customer audits
• GRC platforms
• Project management