Form Energy

Director, Cybersecurity & GRC

Form Energy$130K — $180K *
Information Technology
8 - 10 years of experience
Job Overview by Ladders

Qualifications

  • 10+ years of experience in cybersecurity and/or IT GRC, with 5+ years in leadership roles.
  • Extensive knowledge of IT general controls (ITGC), particularly in compliance-intensive environments.
  • Proficiency in managing security programs including identity and access management, endpoint detection, and incident response.
  • Experience interfacing with external auditors and authoring core policies and standards.
  • Strong leadership and communication skills with a focus on executive-level reporting.

Responsibilities

  • Lead and manage the overall cybersecurity program, including incident response and managed security operations.
  • Direct IT governance, risk management, and compliance efforts through collaboration with a GRC Manager.
  • Design a unified control framework that meets various compliance requirements and customer contracts.
  • Act as the main point of contact for external audits, ensuring readiness and tracking remediation efforts.
  • Develop and oversee incident response governance and related regulatory disclosures in collaboration with legal and finance teams.
  • Establish critical data management standards, including classification and encryption processes.
  • Collaborate on IT/OT security initiatives without directly overseeing operational technology.

Benefits

  • 100% coverage of medical, dental, and vision premiums for full-time employees; 80% for dependents.
  • At least 12 weeks of paid leave for new parents, with up to 20 weeks for birthing parents.
  • Generous vacation policies to promote work-life balance and employee well-being.
  • Competitive compensation and stock options to support financial health.
  • Relocation assistance offered.
Full Job Description
Role Description

As Form Energy matures and scales, the Director of Cybersecurity & GRC builds and leads our cybersecurity and IT governance, risk, and compliance programs. This is a CISO-track leadership role: you will set strategy and lead a team - a GRC Manager who owns IT general controls end-to-end, a Staff Security Engineer, and a Senior Security Engineer - while owning the security program, the policy and standards lifecycle, enterprise IT risk, and the external-audit relationship. You will mature an ISO 27001-aligned information security management system and the controls a maturing, compliance-intensive company depends on, backstopped by an external advisor.

This is a hybrid role, which will require working onsite from one of our office locations 3+ days per week.

Relocation assistance is available.

What you'll do:
  • Lead the cybersecurity program: endpoint detection and response / managed detection and response, email and web security, identity and access management, vulnerability management, threat detection, and incident response; manage security vendors and the managed SOC.
  • Own IT governance, risk, and compliance - directing a GRC Manager who owns ITGC design, operation, and evidence end-to-end; the policy and standards lifecycle within an ISO 27001-aligned ISMS; the enterprise IT risk register; control mapping; and exception/issue tracking.
  • Design a control framework synergistic across ITGC, SOC 2, ISO 27001, and NIST 800-171 / CMMC scopes as required by the business and customer contracts.
  • Serve as the primary IT liaison to external auditors and readiness advisors - driving audit readiness, supporting fieldwork, and tracking remediation to closure; direct the external advisor backstop.
  • Mature incident response and disclosure governance: incident response plan and tabletop exercises, and the cyber incident-disclosure and materiality-determination process in partnership with Legal, Finance, and IT, aligned to applicable regulatory and disclosure obligations.
  • Establish data classification, retention, and encryption standards, and a vendor / third-party security risk program.
  • Partner on the IT/OT security boundary and with product security, without owning operational technology or on-product (battery) cybersecurity.
  • Report cybersecurity and compliance posture to leadership and governance bodies in clear, decision-ready terms.
  • Lead, coach, and develop the cybersecurity and GRC team; hire selectively against clear capability gaps.


What you'll bring:
  • 10+ years in cybersecurity and/or IT GRC, including 5+ years in leadership (CISO-track).
  • Deep ITGC experience - control design, operation, and audit - in a compliance-intensive or scaling-company setting, with the judgment to direct a GRC Manager and external advisors.
  • Breadth across the security program: IAM, EDR/MDR, vulnerability management, and incident response, with fluency in recognized frameworks (ISO 27001, SOC 2, NIST CSF / 800-53; NIST 800-171 / CMMC a plus).
  • Experience as an external-audit liaison, plus policy authorship and lifecycle ownership.
  • Strong people leadership and executive-grade communication, including board-quality reporting.
Preferred Qualifications:
  • Experience in manufacturing, energy, or critical-infrastructure sectors.
  • Experience standing up a first-time formal IT controls environment in a scaling company.
  • Certifications such as CISSP, CISA, CISM, or CRISC.
  • Familiarity with privacy regimes (GDPR / CCPA) and AI governance frameworks (Form Energy's AI governance is led separately within the Chief Digital Officer organization; this role collaborates rather than owns it).

#LI-Hybrid

#LI-CB1

Humanity is a cornerstone of Form Energy's culture, and we make sure our compensation and benefits reflect that. Form Energy offers competitive salaries, stock options, and a holistic benefits package to ensure all employees have what they need to thrive while working here.

When it comes to you and your family's health, we cover 100% of medical, dental, and vision premiums for full-time employees - and 80% of healthcare premiums for dependents. This starts from day one. We also offer at least 12 weeks of paid leave for new parents (up to 20 weeks for birthing parents), and generous vacation policies to give employees time to recharge when needed.

To build America's energy future, we need everyone at the table.

About Form Energy

Form Energy is an American energy storage technology and manufacturing company that is developing and commercializing a pioneering iron-air battery capable of storing electricity for 100 hours at system costs competitive with legacy power plants. Form’s multi-day battery will reform the global electricity system to reliably run on 100% low-cost renewable energy, every day of the year. Form Energy was founded by energy storage veterans who came together in 2017 with a unified mission to reshape the global electric system by creating a new class of low-cost multi-day energy storage systems. Driven every day by Form’s interlocking core values of humanity, excellence, and creativity, our team is deeply motivated and inspired to transform the energy landscape and create a better world.
Learn more about Form Energy
Size
50 employees
Industry
Founded
2017

Similar Jobs

More Jobs at Form Energy

More Information Technology Jobs

Find similar Director, Cybersecurity & GRC jobs: