Director, GRC & Privacy Security

ABOUT POLYMARKET

Polymarket is the world's largest prediction market platform. We enable individuals to express views on real-world events by trading on outcomes across politics, economics, sports, culture, and current affairs. Built as a peer-to-peer marketplace with no centralized "house," Polymarket aggregates diverse opinions into transparent, market-based probabilities that reflect collective expectations about the future.

We're growing fast — both in terms of volume ($21B traded in 2025) and adoption as an alternative news source. Our ambition is to become a ubiquitous beacon of truth in global media and we need your help adding fuel to the fire.

ABOUT THE ROLE

Polymarket is hiring a Director of GRC & Privacy to build and lead the governance, risk, and compliance function within our security organization. As a high-growth fintech operating across multiple jurisdictions with several subsidiary entities, we carry compliance obligations spanning PCI-DSS, SOC 2 Type II, data privacy regulations, and financial services requirements — and this role will establish the GRC program from scratch.

This is a senior, high-visibility role reporting directly to the CISO. You'll hire and develop a team of three and serve as the primary interface between security, legal, finance, and external auditors and regulators. It requires equal fluency in regulatory requirements, risk management frameworks, and executive communication.

WHAT YOU'LL DO

- Build and own the enterprise security risk management program — risk register, risk appetite framework, risk scoring methodology, and regular reporting to the CISO and executive leadership

- Establish and maintain the security control framework, mapping controls to applicable standards (SOC 2 TSCs, PCI-DSS, CIS Controls) across all entities and subsidiaries

- Drive security policy development and lifecycle management — authoring, reviewing, approving, and enforcing policies across the organization

- Lead the company...