Polymarket at a glance
polymarket.com- Founded 2020
SEC filings mentioning "Polymarket": 32 — search EDGAR
Source: Wikipedia
Polymarket
About Polymarket
Polymarket is the world’s largest prediction market platform. We enable individuals to express views on real-world events by trading on outcomes across politics, economics, sports, culture, and current affairs. Built as a peer-to-peer marketplace with no centralized “house,” Polymarket aggregates diverse opinions into transparent, market-based probabilities that reflect collective expectations about the future.
We’re growing fast — both in terms of volume ($21B traded in 2025) and adoption as an alternative news source. Our ambition is to become a ubiquitous beacon of truth in global media and we need your help adding fuel to the fire.
About the Role
Polymarket is hiring a Director of GRC & Privacy to build and lead the governance, risk, and compliance function within our security organization. As a high-growth fintech operating across multiple jurisdictions with several subsidiary entities, we carry compliance obligations spanning PCI-DSS, SOC 2 Type II, data privacy regulations, and financial services requirements — and this role will establish the GRC program from scratch.
This is a senior, high-visibility role reporting directly to the CISO. You’ll hire and develop a team of three and serve as the primary interface between security, legal, finance, and external auditors and regulators. It requires equal fluency in regulatory requirements, risk management frameworks, and executive communication.
What You’ll Do
-
Build and own the enterprise security risk management program — risk register, risk appetite framework, risk scoring methodology, and regular reporting to the CISO and executive leadership
-
Establish and maintain the security control framework, mapping controls to applicable standards (SOC 2 TSCs, PCI-DSS, CIS Controls) across all entities and subsidiaries
-
Drive security policy development and lifecycle management — authoring, reviewing, approving, and enforcing policies across the organization
-
Lead the company’s security committee and governance forums, ensuring risk decisions are documented, escalated appropriately, and tracked to resolution
-
Own the end-to-end compliance program for SOC 2 Type II and PCI-DSS — scoping, control design, evidence collection, auditor management, and remediation tracking
-
Build continuous audit readiness rather than a point-in-time posture; automate compliance evidence collection where possible
-
Manage relationships with external auditors, certification bodies, and regulators; serve as the primary point of contact for audit engagements across all entities
-
Own the third-party risk management program — vendor security assessments, contractual security requirements, ongoing monitoring, and escalation of high-risk findings
-
Oversee the data privacy program in partnership with Legal, ensuring compliance with GDPR, CCPA, and applicable regulations across all jurisdictions where the company operates
-
Ensure privacy-by-design is embedded in the product development process and that data processing activities are documented, lawful, and consistent with stated privacy notices
-
Manage data subject rights obligations and privacy incident response, including breach notification requirements under applicable law
What We’re Looking For
-
8+ years of experience in GRC, information security compliance, or a related field, with 3+ years in a management or program leadership role
-
Deep, hands-on experience with SOC 2 Type II — you have managed or led multiple audit cycles and understand the TSCs, evidence requirements, and auditor dynamics from the inside
-
Strong working knowledge of PCI-DSS v4.0 and experience implementing or managing PCI compliance programs
-
Demonstrated experience managing compliance across multiple legal entities or subsidiaries with overlapping and distinct regulatory obligations
-
Experience building or significantly maturing a GRC program — not just maintaining one someone else built
-
Working knowledge of GDPR and CCPA and the operational requirements they impose on a data-handling business
-
Ability to communicate risk and compliance requirements clearly to technical teams, business stakeholders, and executive leadership
-
Experience managing external auditor relationships and serving as the primary organizational point of contact during audit engagements
-
(Plus) Experience in fintech, payments, cryptocurrency, or financial services — familiarity with money transmitter licensing or FinCEN obligations is a meaningful plus
-
(Plus) Professional certifications: CISM, CRISC, CISSP, CIPP/E, CIPP/US, or equivalent
-
(Plus) Exposure to ISO 27001, CIS, or NIST CSF as additional compliance frameworks
-
(Plus) Experience with GRC platforms (Vanta, Drata, Tugboat Logic, ServiceNow GRC, or equivalent)
-
(Plus) Familiarity with AWS cloud environments and how cloud-native architectures affect control design and evidence collection
-
(Plus) Prior experience standing up a GRC function in a high-growth, previously unstructured environment
Benefits
-
Competitive salary & equity
-
Unlimited PTO
-
Full Health, Vision, & Dental coverage
-
401k match
-
Hardware setup: new MacBook Pro, big display, & accessories
To apply for this job please visit jobs.ashbyhq.com.
Explore Polymarket online
What people say about Polymarket
- Ask HN: Who wants to be hired? (July 2026)
- DOJ Closing Abbott Labs Case Spurs Wider Corporate Crime Retreat
- How Polymarket plans to try to win back trust after 4 years in exile
- We're extending access to Fable 5 on all paid plans through July 12
Recent news
- Polymarket Seeks License to Offer Margin Trading Legally in US - Bloomberg.com
- After a four-year U.S. ban, Polymarket mounts a major comeback campaign - CoinDesk
- Polymarket Launches U.S. Marketing Campaign - Yahoo Finance
- Johor votes on Saturday. Polymarket has already called it - South China Morning Post
- Polymarket Seeks to Offer Margin Trading to US Users - Yahoo Finance
Aggregated from public discussions and news; opinions are the authors’ own.
Working in New York, NY
Weather right now in New York, NY: checking… · Local time: · Air quality: · Daylight: · UV index: · Wind:
New York, often called New York City (NYC), is the most populous city in the United States. It is located at the southern tip of New York State on New York Harbor, one of the world's largest natural harbors. The city comprises five boroughs—Manhattan, Brooklyn, Queens, the Bronx, and Staten Island; each is coextensive with its respective county. It is the geographical and demographic center of both the Northeast megalopolis and the New York metropolitan area, the largest metropolitan area in the United States by both population and urban area. New York is a global center of finance and commerc
🇺🇸 Relocation safety for US: Exercise Normal Caution — via Warnely, CC BY 4.0
National unemployment rate in US: 4.2% — via World Bank
- Elevation 25m (82 ft)
Watch & learn
Video via YouTube.
Job details above are provided by the employer/source. The sections on this page are compiled from public data sources with AI assistance.
Accommodations: if you need a workplace accommodation to apply for or perform this job, see ADA.gov or EEOC.gov for guidance on your rights and how to request one.
Keep exploring on Get A Job.ai
Not quite the right fit? Your next opportunity is a click away.
- Browse all jobs
- More jobs by category
- Remote jobs you can do from anywhere
- Research typical pay for this role
- Set a job alert so new matches reach you first
- Upload your resume to apply faster
Hiring instead? Post a job and reach candidates searching right now.
