Director of Security, GRC

As Director of Security, GRC, you’ll be a strategic and operational leader guiding enterprise-wide security risk management, policy governance, regulatory compliance, and business continuity planning. You'll collaborate with senior leadership, cross-functional partners, and regulatory bodies to maintain a robust and compliant security posture across Robinhood. This role is based in our Menlo Park, CA or New York, NY office, with in-person attendance expected at least 4 days per week. At Robinhood, we believe in the power of in-person work to accelerate progress, spark innovation, and strengthen community. Our office experience is intentional, energizing, and designed to fully support high-performing teams. What you’ll do Lead the development, automation, and execution of our enterprise security risk management framework, driving mitigation strategies and board-level risk reporting Direct policy development and exception management processes, ensuring effective governance of security standards and exceptions Oversee enterprise business continuity and disaster recovery programs, including execution of simulation exercises and continuous refinement Manage strategic compliance initiatives, coordinating with legal, compliance, and operational teams to meet regulatory requirements and prepare for audits Serve as the primary liaison for security-related board reporting, quantitative risk management, and regulatory engagements, shaping the external and internal narrative on risk What you bring Proven senior security leader with over 10 years of experience, specializing in scaling through technology, the management of risk, compliance, and business continuity programs. 5+ years of experience working with or within US and international financial regulatory environments Proven track record building and scaling GRC programs in highly regulated, fast-paced industries, focused on automation first tooling Strong verbal and written communication and executive presence, with experience preparing and presenting board-level security updates Professional certifications such as CISSP, CISM, CRISC, or equivalent Familiarity with GRC and program management tools (e.g., Jira, Archer, or ServiceNow) Experience with NIST CSF, 800-53 R5, federal and international security assessments.