Governance Risk & Compliance Lead

🚀 Join the Future of Commerce with Whatnot! 

Whatnot is the largest livestream shopping platform in North America and Europe to buy, sell, and discover the things you love. We’re re-defining e-commerce by blending community, shopping, and entertainment into a community just for you. As a remote co-located team, we’re inspired by innovation and anchored in our values. With hubs in the US, UK, Ireland, Poland, and Germany, we’re building the future of online marketplaces—together.

From fashion, beauty, and electronics to rare collectibles like trading cards, comic books, and even live plants, our live auctions have something for everyone.

And we’re just getting started! As one of the fastest growing marketplaces, we’re looking for bold, forward-thinking problem solvers across all functional areas. Check out the latest Whatnot updates on our news and engineering blogs and join us as we enable anyone to turn their passion into a business, and bring people together through commerce.

💻 Role

• Reviewing and implementing secure configurations across various tools like Okta, Terraform, AWS, Lumos, Cloudflare, and Github.
• Developing security requirements for partner teams and driving progress towards the execution of those requirements.
• Preparing for and running our external security audits.
• Shaping the strategic direction of the Security GRC team.

Team members in this role are required to be within commuting distance of our Los Angeles, CA, San Francisco, CA, or New York, NY hubs.

👋 You

Curious about who thrives at Whatnot? We’ve found that low ego, a growth mindset, and leaning into action and high impact goes a long way here.

As our Governance, Risk, & Compliance Lead you should have a minimum of 8+ years of relevant experience in security governance, risk, and compliance, preferably in a tech startup environment, plus:

• A Bachelor’s degree in Computer Science, Information Security, or a related field.
• The successful candidate will have a deep knowledge of security best practices and industry standards, such as ISO 27001, SOC2, PCI, and GDPR/ CCPA.
• Experience at a Big 4 firm or similar reputable audit firm.
• Experience in supporting complex third party audit projects in a cloud centric environment, with a strong aptitude to understand emerging technologies to ensure regulatory and compliance requirements are met.
• Excellent written communication skills with the ability to document, communicate, and report security assessments as well as the status of the implementation and effectiveness of cybersecurity controls with product and business leaders.

💰Compensation

$180,000/year to $230,000/year + benefits + equity

The salary range may be inclusive of several levels that would be applicable to the position. Final salary will be based on a number of factors including, level, relevant prior experience, skills and expertise. This range is only inclusive of base salary, not benefits (more details below) or equity.

🎁 Benefits 

• Flexible Time off Policy and Company-wide Holidays (including a spring and winter break)
• Health Insurance options including Medical, Dental, Vision
• Work From Home Support
  • Home office setup allowance
  • Monthly allowance for cell phone and internet
• Care benefits
  • Monthly allowance for wellness
  • Annual allowance towards Childcare
  • Lifetime benefit for family planning, such as adoption or fertility expenses
• Retirement; 401k offering for Traditional and Roth accounts in the US (employer match up to 4% of base salary) and Pension plans internationally
• Monthly allowance to dogfood the app
• Parental Leave
  • 16 weeks of paid parental leave + one month gradual return to work *company leave allowances run concurrently with country leave requirements which take precedence.

💛 EOE 

Whatnot is proud to be an Equal Opportunity Employer. We value diversity, and we do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, parental status, disability status, or any other status protected by local law. We believe that our work is better and our company culture is improved when we encourage, support, and respect the different skills and experiences represented within our workforce.