Director, GRC & Security

Engineering · United States

Job description

The Job

We're looking for a Director of GRC and Security, to lead Panther's security and compliance initiatives. In this role, you’ll be responsible for driving our security strategy, ensuring the safety of our environment, and managing key certifications such as SOC2, HIPAA, ISO 27001, and PCI DSS. You’ll collaborate with teams across the organization, including Engineering, IT, and Sales, as well as external stakeholders and auditors, to ensure our security and compliance efforts align with business objectives. Additionally, you’ll lead initiatives to implement new compliance programs like FedRAMP, all while maintaining operational efficiency and fostering a culture of security throughout Panther. If you thrive in a fast-paced environment and have a passion for balancing security with compliance, we’d love to hear from you!

The Company

Panther is a cybersecurity company dedicated to making security teams smarter and faster than attackers. Founded by practitioners who faced the challenges of protecting large organizations, we provide a platform that empowers teams to effectively combat modern threats through detection-as-code, a cloud-native architecture, and a robust security data lake. Our solution allows organizations to focus on detecting attacks and safeguarding their assets without incurring excessive operational costs.

Backed by top investors including Coatue Management and Lightspeed Venture Partners, Panther has raised $140M to drive innovation in cybersecurity. Our clients include leading technology companies like Figma, Gusto, Coinbase, and Dropbox, that must move fast to secure constantly expanding digital threat landscapes.

As a remote-first company, Panther promotes a culture of flexibility, open communication, and collaboration. Guided by our core values—Be an Owner, Create Customer Love, and Take Care of the Team—we strive to build a diverse and inclusive environment that supports our mission and fosters a rewarding experience for our entire team.

The Responsibilities

  • Leading and building Panther’s Security and Compliance organization, and participating in the build out of Panther’s IT organization
  • Partnering closely with internal teams such as IT, Sales, and Engineering to improve operational efficiency and achieve business outcomes beyond strictly compliance
  • Acting as the primary conduit for communication between Panther’s engineering organization and external security and compliance partners (including auditors, ongoing security advisors, pentesters, and short-term contractors)
  • Collaborating with other leaders across the company to develop an ongoing compliance strategy that drives quality and unlocks sales
  • Owning Panther's existing compliance programs (SOC2, ISO 27001, and PCI DSS), ensuring continuity for Panther's certifications
  • Leading Panther’s audit processes end to end, including directly interacting with auditors during assessments
  • Identifying and implementing improvements to Panther’s compliance programs to reduce operational burden and complexity (e.g. introducing better automation or processes for evidence gathering, thoughtful alignment of audit calendars, streamlining responses to security and compliance questionnaires, etc)
  • Implementing new compliance programs at Panther, such as FedRAMP, HIPAA, and others, partnering with external subject matter experts when appropriate
  • Defining, executing, measuring, monitoring and reporting on compliance controls and initiatives, and maintaining all related documentation in Drata

The Requirements

  • Ability to self-manage work and meet important deadlines in a fast-paced, rapidly evolving environment 
  • Strong track record of successful collaboration across a diverse range of stakeholders, including internal teams (Engineering, Legal, etc) as well as external parties (auditors, contractors, etc)
  • Excellent communication skills, with the ability to effectively translate needs and requirements across Engineering, Security and Legal disciplines
  • Familiarity with modern security controls and concepts and ability to apply those concepts well enough to translate compliance requirements into modern, safe, efficient and effective controls
  • Experience leading compliance initiatives, such as SOC2, ISO 27001, PCI DSS, HIPAA, FedRAMP, etc at a high-growth cloud-based company
  • Experience defining, documenting, updating and mapping controls, policies, procedures, exceptions, risks, assets, vendors and people
  • Firm technical grasp on cloud, cloud security, and engineering workflows, with specific experience in organizations that use AWS and Github.
  • Preferred candidates: experience creating and maintaining compliance artifacts in Drata (or similar system)
  • Preferred candidates:  Experience communicating directly with customers through activities such as answering compliance documentation questions or sales enablement calls


The Perks

  • Equity
  • Unlimited PTO policy, with a minimum requirement of 15 days off per year, as well as Observing major US holidays, as well as a 2-week break, end of year
  • Latest tech equipment & budget for your customized tech needs
  • Comprehensive medical, dental, and vision coverage
  • 401k program 
  • Remote-friendly
  • Opportunities to attend industry conferences  (remote or in-person, and in conjunction with our in-person health and safety policy)
  • Annual company off-sites in awesome locations (in conjunction with our in-person health and safety policy)

Cash compensation range: $180,000 - $230,000 USD Annually

The cash compensation above includes base salary and on-target commission for employees in eligible roles. In addition to cash compensation, all full-time Pantherinos are eligible to participate in our equity plan to receive Incentive Stock Options (ISO). Individual compensation packages are based on a few factors unique to each candidate, including their location, experience, and expertise, and may vary from the above-mentioned range.

Panther labs is an Equal Opportunity Employer. The Company prohibits discrimination and harassment on the basis of: race, color, national origin, ancestry, sex (including pregnancy, childbirth, breastfeeding), gender, gender identity, gender expression, sexual orientation, marital status, age, religious creed, physical disability, mental disability, genetic information, military or veteran status, or any other status protected by law. All employment decisions are decided on the basis of qualifications, merit, and business need.


Org chart