Incident Response Program Manager

Incident Response Program Manager at Meta

This Incident Response Program Manager role at Meta is responsible for the execution and program management of Incident Response functions within the Risk Oversight pillar of Meta’s Regulatory Compliance Program Organization. This position manages the full lifecycle of product risk incidents, from initial identification through closure, and supports the implementation of enhancements to incident response processes across all risk pillars. The team's scope ensures oversight and accountability for privacy incident outcomes across various Risk Pillars, including privacy, security, integrity, and AI risks.

You will thrive in an ambiguous, cross-functional environment, understanding diverse perspectives, driving progress to manage incidents to closure, and supporting analysis for appropriate remediation. You will also support reporting and informed decision-making across Product and Risk Organization leadership teams.

Incident Response Program Manager Responsibilities:

• Plan and drive cross-functional incident management projects involving Legal, Policy, Communications, Product, and Engineering teams for complex risk incidents across all risk pillars (e.g., privacy, security, integrity, and AI).
• Implement and execute ongoing management of compliance operations for incident management across privacy and other risk pillars, ensuring processes and controls meet regulatory obligations and internal standards.
• Build and maintain relationships with stakeholders across Legal, Product, and Engineering to drive alignment and prioritization of incident management and compliance activities for assigned cases.
• Translate technical and compliance details into clear, actionable communications for wide-ranging audiences, from executives to engineers. Deliver concise updates and recommendations on incident status, compliance posture, and impact to stakeholders and Risk Organization leadership.
• Perform retrospectives to understand the root cause of incidents and support feedback loops to reduce future incidents and improve incident management processes.
• Advise on industry standards related to incident response and risk oversight practices.
• Identify, champion, and implement process improvements to increase the efficiency and effectiveness of incident management and compliance operations.
• Project manage and prioritize work based on urgency and complexity while building operational cadences across technical and operational teams to coordinate work.

Minimum Qualifications:

• 5+ years of experience in program management, consulting, business operations, technical program management, incident management, risk management, compliance management, or other GRC operational discipline.
• 3+ years of experience leading large, technical, cross-functional projects and/or programs.
• 3+ years of direct experience working in corporate privacy incident response or security/privacy compliance functions (e.g., GDPR, CCPA, SOC2).
• 1+ years work experience collaborating directly with technology product management and engineering teams.
• Ability to set priorities, multi-task and work with autonomy in a rapidly changing workplace environment.
• Bachelor’s degree or higher.

Preferred Qualifications:

• 6+ years of work experience in risk and compliance, legal, consulting, business operations or other operational disciplines.
• 4+ years of work experience in technical program and/or project management in collaboration with product management and engineering teams.
• 3+ years of experience working in GRC, regulatory domains like privacy, integrity or security.
• 3+ years of experience working in a role associated with data protection, regulatory response, audit and implementation of control frameworks.
• 1+ years experience using Artificial Intelligence (AI) tools to deliver incident response, GRC or regulatory oriented processes.
• Bachelor's Degree in a related field or equivalent experience.

Key skills/competency:

• Incident Management
• Program Management
• Risk Oversight
• Regulatory Compliance
• Privacy Incident Response
• Cross-functional Collaboration
• GRC Operations
• Process Improvement
• Stakeholder Communication
• AI Risk Management