Governance, Risk & Compliance Lead



New York, NY, USA · Seattle, WA, USA · Denver, CO, USA · San Francisco, CA, USA · Los Angeles, CA, USA · San Francisco, CA, USA · Los Angeles, CA, USA · Denver, CO, USA · Arizona, USA · Seattle, WA, USA
Posted on Saturday, January 20, 2024

🚀 Whatnot

Whatnot is a livestream shopping platform and marketplace backed by Andreessen Horowitz, Y Combinator, and CapitalG. We’re building the future of ecommerce, bringing together community, shopping and entertainment. We are committed to our values, and as a remote-first team, we operate out of hubs within the US, Canada, UK, and Germany today.

We’re innovating in the fast-paced world of live auctions in categories including sports, fashion, video games, and streetwear. The platform couples rigorous seller vetting with a focus on community to create a welcoming space for buyers and sellers to share their passions with others.

And, we’re growing. Whatnot has been the fastest growing marketplace in the US over the past two years and we’re hiring forward-thinking problem solvers across all functional areas.

💻 Role

  • The successful candidate will be responsible for developing and managing a comprehensive security governance, risk, and compliance program.
  • Evaluate existing security policies and procedures and recommend improvements.
  • Ensure compliance with security standards, such as ISO 27001, NIST 800-53, PCI and GDPR/ CCPA.
  • Create and maintain security awareness and training programs.
  • Conduct security risk assessments and develop risk mitigation plans.
  • Own security program reporting, metrics and dashboards for presentations to senior level leadership in the areas of security governance, risk management, security awareness, and third-party risk management.

👋 You

Curious about who thrives at Whatnot? We’ve found that low ego, a growth mindset, and leaning into action and high impact goes a long way here.

As our GRC Lead you should have a minimum of 8+ years of relevant experience in security governance, risk, and compliance, preferably in a large enterprise environment, plus:

  • A Bachelor’s degree in Computer Science, Information Security, or a related field.
  • Deep knowledge of security best practices and industry standards, such as ISO 27001, SOC-2, NIST 800-53, PCI and GDPR/ CCPA.
  • Experience in supporting complex third party audit projects in a cloud centric environment, with a strong aptitude to understand emerging technologies to assure regulatory and compliance requirements are met.
  • Excellent written communication skills with the ability to document, communicate, and report security assessments as well as the status of the implementation and effectiveness of cybersecurity controls with product and business leaders.


For US-based applicants: $240,000/year to $320,000/year + benefits + stock options

The salary range may be inclusive of several levels that would be applicable to the position. Final salary will be based on a number of factors including, level, relevant prior experience, skills and expertise. This range is only inclusive of base salary, not benefits (more details below) or equity in the form of stock options.

🎁 Benefits

  • Flexible Time off Policy and Company-wide Holidays (including a spring and winter break)
  • Health Insurance options including Medical, Dental, Vision
  • Work From Home Support
    • $1,000 home office setup allowance
    • $150 monthly allowance for cell phone and internet
  • Care benefits
    • $450 monthly allowance on food
    • $500 monthly allowance for wellness
    • $5,000 annual allowance towards Childcare
    • $20,000 lifetime benefit for family planning, such as adoption or fertility expenses
  • Retirement; 401k offering for Traditional and Roth accounts in the US (employer match up to 4% of base salary) and Pension plans internationally
  • Parental Leave
    • 16 weeks of paid parental leave + one month gradual return to work *company leave allowances run concurrently with country leave requirements which take precedence.


Whatnot is proud to be an Equal Opportunity Employer. We value diversity, and we do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, parental status, disability status, or any other status protected by local law. We believe that our work is better and our company culture is improved when we encourage, support, and respect the different skills and experiences represented within our workforce.