As a member of the Roblox Security Governance, Risk, and Compliance (GRC) team, you will play a key role in supporting the Security team's mission. The GRC team is at the heart of Roblox's security organization - empowering every builder to make risk-informed decisions by establishing a portfolio of governing policies and standards, a repeatable and scalable method of assessing and quantifying risk, and a formal oversight process for GRC capabilities across Roblox.
Our program takes a balanced, "right-sized" approach to security governance - combining qualitative and quantitative risk management methodologies, including Factor Analysis of Information Risk (FAIR), to assess and prioritize the security risks that matter most to Roblox. GRC partners closely with Engineering, Legal, Finance, and leadership - including providing regular reporting to the Board of Directors and the Audit & Compliance Committee - to ensure that security risk is visible, well-understood, and actioned appropriately.
The team is in an exciting phase of growth and innovation. We are using engineering to drive automation across risk management, policy lifecycle management, supply chain risk, AI risk, and controls programs. You will have the opportunity to shape how GRC operates at scale and contribute to a collaborative, high-performing team culture that supports Roblox and the broader security organization.
This position is part of the Information Security team. This role will report to the GRC Manager.
You will:- Be a key contributor to the Governance, Risk, and Compliance team within the larger Information Security Organization.
- Partner with your GRC, Infosec and Engineering colleagues and support the design and implementation of a "risk first" governance function that is "right-sized" for Roblox.
- Identify opportunities to improve efficiency and effectiveness, designing tools and automations along the way to drive security and compliance by design.
- Write, revise, and manage our information security policies, standards, and procedures.
- Identify and assess information security risks. You will work with Information Security and Engineering colleagues to implement appropriate controls to mitigate identified risks. You will validate control design and effectiveness. You will support ongoing risk monitoring and reporting.
- Be a subject matter expert in the GRC space, providing education and guidance to others across the Roblox organization.
- Be a part of the Roblox community, living our values and securing the metaverse.
You have:- 4+ years of relevant professional experience in Security Governance, Risk and Compliance.
- Experience interfacing with software engineers to identify risks, map commitments to controls and develop relevant policies.
- Experience assessing adherence to policies and developing mitigation and remediation plans when gaps exist.
- Deep understanding of risk assessment, compliance frameworks, creation of policy, and how to educate organizations on these concepts.
- Understanding of security concepts and a broad range of security risks and controls.
- Experience in tech; however the need to actively code is not required for the role, just the ability to interface with Engineers and quickly establish credibility.
For roles that are based at our headquarters in San Mateo, CA: The starting base pay for this position is as shown below. The actual base pay is dependent upon a variety of job-related factors such as professional background, training, work experience, location, business needs and market demand. Therefore, in some circumstances, the actual salary could fall outside of this expected range. This pay range is subject to change and may be modified in the future. All full-time employees are also eligible for equity compensation and for benefits as described on
this page.
Annual Salary Range
$224,310-$271,710 USD
Roles that are based in an office are onsite Tuesday, Wednesday, and Thursday, with optional presence on Monday and Friday (unless otherwise noted).