Director, GRC & Privacy Security at Polymarket

<h2>About Polymarket</h2><p style="min-height:1.5em">Polymarket is the world's largest prediction market platform. We enable individuals to express views on real-world events by trading on outcomes across politics, economics, sports, culture, and current affairs. Built as a peer-to-peer marketplace with no centralized "house," Polymarket aggregates diverse opinions into transparent, market-based probabilities that reflect collective expectations about the future.</p><p style="min-height:1.5em">We're growing fast — both in terms of volume ($21B traded in 2025) and adoption as an alternative news source. Our ambition is to become a ubiquitous beacon of truth in global media and we need your help adding fuel to the fire.</p><p style="min-height:1.5em"></p><h2>About the Role</h2><p style="min-height:1.5em">Polymarket is hiring a Director of GRC &amp; Privacy to build and lead the governance, risk, and compliance function within our security organization. As a high-growth fintech operating across multiple jurisdictions with several subsidiary entities, we carry compliance obligations spanning PCI-DSS, SOC 2 Type II, data privacy regulations, and financial services requirements — and this role will establish the GRC program from scratch.</p><p style="min-height:1.5em">This is a senior, high-visibility role reporting directly to the CISO. You'll hire and develop a team of three and serve as the primary interface between security, legal, finance, and external auditors and regulators. It requires equal fluency in regulatory requirements, risk management frameworks, and executive communication.</p><p style="min-height:1.5em"></p><h2>What You'll Do</h2><ul style="min-height:1.5em"><li><p style="min-height:1.5em">Build and own the enterprise security risk management program — risk register, risk appetite framework, risk scoring methodology, and regular reporting to the CISO and executive leadership</p></li><li><p style="min-height:1.5em">Establish and maintain the security control framework, mapping controls to applicable standards (SOC 2 TSCs, PCI-DSS, CIS Controls) across all entities and subsidiaries</p></li><li><p style="min-height:1.5em">Drive security policy development and lifecycle management — authoring, reviewing, approving, and enforcing policies across the organization</p></li><li><p style="min-height:1.5em">Lead the company's security committee and governance forums, ensuring risk decisions are documented, escalated appropriately, and tracked to resolution</p></li><li><p style="min-height:1.5em">Own the end-to-end compliance program for SOC 2 Type II and PCI-DSS — scoping, control design, evidence collection, auditor management, and remediation tracking</p></li><li><p style="min-height:1.5em">Build continuous audit readiness rather than a point-in-time posture; automate compliance evidence collection where possible</p></li><li><p style="min-height:1.5em">Manage relationships with external auditors, certification bodies, and regulators; serve as