Director, Governance, Risk and Compliance (GRC)

Director, Governance, Risk and Compliance (GRC) We’re not just building better tech. We’re rewriting how data moves and what the world can do with it. With Confluent, data doesn’t sit still. Our platform puts information in motion, streaming in near real-time so companies can react faster, build smarter, and deliver experiences as dynamic as the world around them. It takes a certain kind of person to join this team. Those who ask hard questions, give honest feedback, and show up for each other. No egos, no solo acts. Just smart, curious humans pushing toward something bigger, together. One Confluent. One Team. One Data Streaming Platform. ABOUT THE ROLE: Trust is the currency of the cloud. As Confluent continues to mobilize data for the world's leading organizations, ensuring the security, privacy, and integrity of that data is paramount. We are seeking a Director of Governance, Risk, and Compliance (GRC) to continue the evolution of our GRC program from a control-based mandate to a strategic business enabler. In this role, you will not just manage compliance and risk. You will architect the framework that allows Confluent to meet the needs of our customers, underpin trust relationship by providing attestations and evidence of controls, develop frameworks and tools to help management understand and manage risk, and operate our Technical Program Management (TPM) reducing risk by driving the execution of horizontal engineering programs. You will provide the vision and north star to guide Confluent to a proactive risk management culture. You will lead the strategy for internal governance, enterprise wide risk management, and external compliance obligations, serving as the bridge between technical engineering realities and executive risk appetite. WHAT YOU WILL DO: Strategic Governance & Program Leadership - Own the Framework: Design, implement, and maintain a common control framework (CCF) that maps to multiple standards (SOC 2, ISO 27001, FedRAMP, NIST CSF, PCI-DSS) to ensure "test once, comply many" efficiency. - Risk Quantification: Evolve our risk management program towards quantitative risk analysis (e.g. leveraging FAIR, OCTAVE methodologies), utilizing AI to continuously process & analyze complex data sets, and providing executive leadership with data-driven insights on security posture and residual risk and an updated view of Top Risks impacting Confluent. - Program Modernization: Develop and maintain security policies that are agile, easily discoverable, and practical for an AI-native engineering culture, enforceable through automation. Technical Risk Program Management (TPM) - Remediation Strategy & Engineering Partnership: Interface directly with Information Security Engineering (InfoSec Eng) to co-develop technical remediation strategies that are secure by design and operationally feasible. You will ensure that top risk concerns, audit findings and compliance gaps are translated into actionable engineering programs and drive them to closure. - Risk Reporting: Develop and maintain a visual presentation layer (e.g., dynamic dashboards, executive scorecards, and trend analysis) that simplifies complex risk data. This layer will be the primary tool to assist Confluent's management staff in understanding the landscape, understanding severity, and prioritizing risk items effectively. - Risk Treatment: Evolve current risk management programs to ensure risks are properly tracked, treated, and communicated. - Program Execution: Apply technical program management best practices to complex security initiatives. Via your TPM team, lead cross-functional projects, such as identity management improvements, AI governance controls, or secret management overhauls, ensuring they are delivered on time and with minimal friction to developer velocity. - Communication & Accountability: Regularly report to the Trust and Security staff, eStaff and prepare occasion Board level content via weekly, monthly and quarterly executi ... (truncated, view full listing at source)