• Develop and execute a modern strategy for governance, risk, and compliance that empowers the company’s go-to-market strategy and ambitions. • Build and retain a top-tier team of subject matter experts and technicians that can effectively support and advise world-class Engineering and Product Security functions • Level up our governance, risk management, and assurance activities through practical implementation of automation and AI capabilities. Lead G&T with an “automation first” mindset, and be unreasonably dissatisfied with any control that requires manual, periodic assurance • Deliver a category-leading customer experience around trust and security. Collaborate with Sales, Marketing, and other security functions to build or strengthen the tools, processes, and documentation necessary to wow new customers and delight existing ones. • Level up our approach to policies, standards, and controls. Achieve a coherent, efficient, and outcome-focused approach to policy implementation and management that helps accelerate the business and removes friction • Translate regulatory, customer, and threat mitigation requirements into comprehensive, practical controls that improve the security, resiliency, and value of the company and its products. Drive policy-as-code and push a GitOps-based approach to control management wherever practical • Lead risk assessments that prioritize business context, engineering tradeoffs, and data-driven decision making over theoretical compliance risks. • Use the FAIR framework to implement a continuous risk management program that integrates with product development and engineering processes. • Partner with engineering and product teams to track risk remediation with transparency and accountability. • Sustain a best-in-class security and compliance posture with regards to key regulatory frameworks, customer preferences, and emerging threat actor tactics. Grow our certification posture beyond SOC2 and ISO 27001 to include certifications and audits against global standards like CRA. • Champion automation and policy as code to eliminate assurance toil and provide 24/7 views into control adherence and effectiveness. • Conduct internal control reviews, security assessments, and assurance activities using a collaborative, coaching-oriented approach. • Lead external audits with a focus on clarity, efficiency, and reuse of evidence. • Build cross-functional knowledge on topics such as emerging regulatory frameworks, interpreting security requirements, and customer-valued security practices by conducting ongoing training for functions including Sales, Marketing, Product, and Legal. • Act as a bridge between engineering, legal, product, and leadership, translating risks and requirements into actionable plans. • Advocate for technical solutions (automation, tooling, secure defaults) as primary ways to meet requirements, rather than manual process. For example, partner with Product Security and Engineering teams to embed security control validations into CI/CD pipelines.