Security Compliance Lead

About Faire

Faire is an online wholesale marketplace built on the belief that the future is local - independent retailers around the globe are doing more revenue than Walmart and Amazon combined, but individually, they are small compared to these massive entities. At Faire, we're using the power of tech, data, and machine learning to connect this thriving community of entrepreneurs across the globe. Picture your favorite boutique in town - we help them discover the best products from around the world to sell in their stores. With the right tools and insights, we believe that we can level the playing field so that small businesses everywhere can compete with these big box and e-commerce giants.

By supporting the growth of independent businesses, Faire is driving positive economic impact in local communities, globally. We're looking for smart, resourceful and passionate people to join us as we power the shop local movement. If you believe in community, come join ours.

About the role

As Faire's inaugural GRC Lead, you will be responsible for designing, implementing, and scaling our governance, risk, and compliance program from the ground up. This role blends strategic planning with hands-on execution to establish the frameworks, processes, and controls that strengthen our security, privacy, and compliance posture.

You will work closely with teams across engineering, IT, legal, and finance to integrate risk management into everyday operations, ensure alignment with regulatory and industry standards, and support Faire's evolving business and product needs.

In addition to building the core GRC program, you will lead our preparation for SOX ITGC readiness by collaborating with internal partners and external auditors to define scope, document controls, and enhance our audit processes. This role is ideal for someone who enjoys building programs from the ground up, can navigate both technical and compliance challenges, and is eager to shape how Faire manages risk at scale.

What You'll Do:

• Formulate and drive GRC roadmap, policies, vendor security reviews, and employee awareness training.
• An opportunity to expand into the SOX ITGC program
• Develop and maintain a robust governance framework to support Faire's strategic objectives and ensure alignment with industry best practices.
• Ensure adherence to applicable laws, regulations, and standards (e.g. CCPA / GDPR).
• Develop and deliver GRC training programs for employees to promote a culture of accountability and awareness.
• Partner with external auditors to achieve security compliance certifications and reports.
• Regularly report on status, operational metrics and KPI's, providing transparency to company leadership and internal stakeholder teams.
• Drive compliance certifications including ISO 27001, CCPA, GDPR, and SOC2 Type II.

What it takes:

• 8+ years in the Security & IT Governance, Risk, and Compliance space
• Big 4 experience with security risk and compliance audits, or equivalent experience leading security compliance teams in financial services, technology firms, or other regulated industries.
• Hungry to expand outside typical GRC scope, assisting with SOX ITGCs.
• Experience in building policies and processes, and completing audits within following frameworks: ISO 27001, SOC2 Type II
• Proficiency with GRC tools and technologies used to manage risk and compliance programs
• Ability to collaborate cross-functionally, including engineering, sales, legal, finance, and other teams.
• Strong oral and written communication skills.
• Strong analytical and result-driven mindset.

Salary Range

California: the pay range for this role is $178,000 to $245,000 per year.

This role will also be eligible for equity and benefits. Actual base pay will be determined based on permissible factors such as transferable skills, work experience, market demands, and primary work location. The base pay range provided is subject to change and may be modified in the future.

Hybrid Faire employees currently go into the office 2 days per week on Tuesdays and Thursdays. Effective starting in January 2026, employees will be expected to go into the office on a third flex day of their choosing (Monday, Wednesday, or Friday). Additionally, hybrid in-office roles will have the flexibility to work remotely up to 4 weeks per year. Specific Workplace and Information Technology positions may require onsite attendance 5 days per week as will be indicated in the job posting.

Applications for this position will be accepted for a minimum of 30 days from the posting date.

Why you'll love working at Faire

• We are entrepreneurs: Faire is being built for entrepreneurs, by entrepreneurs. We believe entrepreneurship is a calling and our mission is to empower entrepreneurs to chase their dreams. Every member of our team is taking part in the founding process.
• We are using technology and data to level the playing field: We are leveraging the power of product innovation and machine learning to connect brands and boutiques from all over the world, building a growing community of more than 350,000 small business owners.
• We build products our customers love: Everything we do is ultimately in the service of helping our customers grow their business because our goal is to grow the pie - not steal a piece from it. Running a small business is hard work, but using Faire makes it easy.
• We are curious and resourceful: Inquisitive by default, we explore every possibility, test every assumption, and develop creative solutions to the challenges at hand. We lead with curiosity and data in our decision making, and reason from a first principles mentality.

Faire was founded in 2017 by a team of early product and engineering leads from Square. We're backed by some of the top investors in retail and tech including: Y Combinator, Lightspeed Venture Partners, Forerunner Ventures, Khosla Ventures, Sequoia Capital, Founders Fund, and DST Global. We have headquarters in San Francisco and Kitchener-Waterloo, and a global employee presence across offices in Toronto, London, and New York. To learn more about Faire and our customers, you can read more on our blog.

Faire provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability, genetics, sexual orientation, gender identity or gender expression.

Faire is committed to providing access, equal opportunity and reasonable accommodation for individuals with disabilities in employment, its services, programs, and activities. Accommodations are available throughout the recruitment process and applicants with a disability may request to be accommodated throughout the recruitment process. We will work with all applicants to accommodate their individual accessibility needs. To request reasonable accommodation, please fill out our Accommodation Request Form (https://bit.ly/faire-form)

Privacy

For information about the type of personal data Faire collects from applicants, as well as your choices regarding the data collected about you, please visit Faire's Privacy Notice (https://www.faire.com/privacy)

---