Senior Staff Analyst, GRC

This role is part of the Security Function within the broader Mozilla Infrastructure team. The Security team supports Product, Enterprise and GRC functions across the organization aligned with the mission to build a safe & secure internet. This role is responsible for defining, developing and helping implement a Governance, Risk and Compliance framework for both Enterprise and Product verticals. The ideal candidate will be responsible to deliver an integrated framework that aligns security, privacy, regulatory, and risk management initiatives across the organization. The ideal candidate is a collaborative leader with deep domain expertise in information security, regulatory compliance, risk governance, and cross-functional stakeholder engagement. Governance : develop and maintain a comprehensive GRC strategy and roadmap aligned with business objectives. Lead the creation and enforcement of standards, policies, controls, audits, reporting across various enterprise and product verticals. Risk Mgmt : develop and operationalize a risk assessment and management framework on a periodic basis to enable prioritization and remediation of critical issues. Define and deliver measurable scorecards and metrics to enable data driven decision making Compliance : ensure compliance with various regulatory standards and frameworks ( ISO, NIST, SOC2, CCPA, GDPR, etc). Lead internal and external audit activities including tracking and resolving deficiencies and remediations. Partner closely with Legal / IT / Finance / Security to align on the GRC program and deliver a cohesive integrated risk management framework. Led defining requirement and reporting (scorecards) of data life cycle management across enterprise and product domains working with data platform and legal team.