Form Energy

Director, Cybersecurity & GRC

Form Energy$130K — $180K *
Information Technology
8 - 10 years of experience
Job Overview by Ladders

Qualifications

  • 10+ years in cybersecurity and/or IT GRC; 5+ years in leadership (CISO-track) role.
  • Deep experience in IT general controls (ITGC) design and operation in compliance-intensive settings.
  • Comprehensive security program expertise: IAM, EDR/MDR, vulnerability management, and incident response.
  • Proven experience liaising with external auditors and authoring policies.
  • Strong leadership abilities with excellent executive-level communication skills, including board reporting.

Responsibilities

  • Lead the cybersecurity program, overseeing endpoint detection, threat detection, and incident response.
  • Direct IT governance, risk, and compliance efforts through a GRC Manager, managing policy and controls lifecycle.
  • Design control frameworks aligned with ISO 27001, SOC 2, and NIST standards based on business needs.
  • Serve as main point of contact for external audits, ensuring readiness and managing remediation processes.
  • Enhance incident response protocols and governance, coordinating across Legal, Finance, and IT departments.
  • Establish data classification and encryption standards, along with a third-party security risk program.
  • Collaborate on IT/OT security initiatives without owning operational technology security.
  • Report on the cybersecurity and compliance posture to leadership in decision-ready formats.

Benefits

  • 100% coverage of medical, dental, and vision premiums for full-time employees; 80% for dependents.
  • At least 12 weeks of paid leave for new parents (up to 20 weeks for birthing parents).
  • Generous vacation policies to support employee well-being.
  • Relocation assistance available.
Full Job Description
Role Description

As Form Energy matures and scales, the Director of Cybersecurity & GRC builds and leads our cybersecurity and IT governance, risk, and compliance programs. This is a CISO-track leadership role: you will set strategy and lead a team - a GRC Manager who owns IT general controls end-to-end, a Staff Security Engineer, and a Senior Security Engineer - while owning the security program, the policy and standards lifecycle, enterprise IT risk, and the external-audit relationship. You will mature an ISO 27001-aligned information security management system and the controls a maturing, compliance-intensive company depends on, backstopped by an external advisor.

This is a hybrid role, which will require working onsite from one of our office locations 3+ days per week.

Relocation assistance is available.

What you'll do:
  • Lead the cybersecurity program: endpoint detection and response / managed detection and response, email and web security, identity and access management, vulnerability management, threat detection, and incident response; manage security vendors and the managed SOC.
  • Own IT governance, risk, and compliance - directing a GRC Manager who owns ITGC design, operation, and evidence end-to-end; the policy and standards lifecycle within an ISO 27001-aligned ISMS; the enterprise IT risk register; control mapping; and exception/issue tracking.
  • Design a control framework synergistic across ITGC, SOC 2, ISO 27001, and NIST 800-171 / CMMC scopes as required by the business and customer contracts.
  • Serve as the primary IT liaison to external auditors and readiness advisors - driving audit readiness, supporting fieldwork, and tracking remediation to closure; direct the external advisor backstop.
  • Mature incident response and disclosure governance: incident response plan and tabletop exercises, and the cyber incident-disclosure and materiality-determination process in partnership with Legal, Finance, and IT, aligned to applicable regulatory and disclosure obligations.
  • Establish data classification, retention, and encryption standards, and a vendor / third-party security risk program.
  • Partner on the IT/OT security boundary and with product security, without owning operational technology or on-product (battery) cybersecurity.
  • Report cybersecurity and compliance posture to leadership and governance bodies in clear, decision-ready terms.
  • Lead, coach, and develop the cybersecurity and GRC team; hire selectively against clear capability gaps.


What you'll bring:
  • 10+ years in cybersecurity and/or IT GRC, including 5+ years in leadership (CISO-track).
  • Deep ITGC experience - control design, operation, and audit - in a compliance-intensive or scaling-company setting, with the judgment to direct a GRC Manager and external advisors.
  • Breadth across the security program: IAM, EDR/MDR, vulnerability management, and incident response, with fluency in recognized frameworks (ISO 27001, SOC 2, NIST CSF / 800-53; NIST 800-171 / CMMC a plus).
  • Experience as an external-audit liaison, plus policy authorship and lifecycle ownership.
  • Strong people leadership and executive-grade communication, including board-quality reporting.
Preferred Qualifications:
  • Experience in manufacturing, energy, or critical-infrastructure sectors.
  • Experience standing up a first-time formal IT controls environment in a scaling company.
  • Certifications such as CISSP, CISA, CISM, or CRISC.
  • Familiarity with privacy regimes (GDPR / CCPA) and AI governance frameworks (Form Energy's AI governance is led separately within the Chief Digital Officer organization; this role collaborates rather than owns it).

#LI-Hybrid

#LI-CB1

Humanity is a cornerstone of Form Energy's culture, and we make sure our compensation and benefits reflect that. Form Energy offers competitive salaries, stock options, and a holistic benefits package to ensure all employees have what they need to thrive while working here.

When it comes to you and your family's health, we cover 100% of medical, dental, and vision premiums for full-time employees - and 80% of healthcare premiums for dependents. This starts from day one. We also offer at least 12 weeks of paid leave for new parents (up to 20 weeks for birthing parents), and generous vacation policies to give employees time to recharge when needed.

To build America's energy future, we need everyone at the table.

About Form Energy

Form Energy is an American energy storage technology and manufacturing company that is developing and commercializing a pioneering iron-air battery capable of storing electricity for 100 hours at system costs competitive with legacy power plants. Form’s multi-day battery will reform the global electricity system to reliably run on 100% low-cost renewable energy, every day of the year. Form Energy was founded by energy storage veterans who came together in 2017 with a unified mission to reshape the global electric system by creating a new class of low-cost multi-day energy storage systems. Driven every day by Form’s interlocking core values of humanity, excellence, and creativity, our team is deeply motivated and inspired to transform the energy landscape and create a better world.
Learn more about Form Energy
Size
50 employees
Industry
Founded
2017

Similar Jobs

More Jobs at Form Energy

More Information Technology Jobs

Find similar Director, Cybersecurity & GRC jobs: