Job Specifications
About Faire
Faire is an online wholesale marketplace built on the belief that the future is local — independent retailers around the globe are doing more revenue than Walmart and Amazon combined, but individually, they are small compared to these massive entities. At Faire, we're using the power of tech, data, and machine learning to connect this thriving community of entrepreneurs across the globe. Picture your favorite boutique in town — we help them discover the best products from around the world to sell in their stores. With the right tools and insights, we believe that we can level the playing field so that small businesses everywhere can compete with these big box and e-commerce giants.
By supporting the growth of independent businesses, Faire is driving positive economic impact in local communities, globally. We’re looking for smart, resourceful and passionate people to join us as we power the shop local movement. If you believe in community, come join ours.
About The Role
As Faire’s inaugural GRC Lead, you will be responsible for designing, implementing, and scaling our governance, risk, and compliance program from the ground up. This role blends strategic planning with hands-on execution to establish the frameworks, processes, and controls that strengthen our security, privacy, and compliance posture.
You will work closely with teams across engineering, IT, legal, and finance to integrate risk management into everyday operations, ensure alignment with regulatory and industry standards, and support Faire’s evolving business and product needs.
In addition to building the core GRC program, you will lead our preparation for SOX ITGC readiness by collaborating with internal partners and external auditors to define scope, document controls, and enhance our audit processes. This role is ideal for someone who enjoys building programs from the ground up, can navigate both technical and compliance challenges, and is eager to shape how Faire manages risk at scale.
What You’ll Do
Formulate and drive GRC roadmap, policies, vendor security reviews, and employee awareness training.
An opportunity to expand into the SOX ITGC program
Develop and maintain a robust governance framework to support Faire’s strategic objectives and ensure alignment with industry best practices.
Ensure adherence to applicable laws, regulations, and standards (e.g. CCPA / GDPR).
Develop and deliver GRC training programs for employees to promote a culture of accountability and awareness.
Partner with external auditors to achieve security compliance certifications and reports.
Regularly report on status, operational metrics and KPI’s, providing transparency to company leadership and internal stakeholder teams.
Drive compliance certifications including ISO 27001, CCPA, GDPR, and SOC2 Type II.
What It Takes
8+ years in the Security & IT Governance, Risk, and Compliance space
Big 4 experience with security risk and compliance audits, or equivalent experience leading security compliance teams in financial services, technology firms, or other regulated industries.
Hungry to expand outside typical GRC scope, assisting with SOX ITGCs.
Experience in building policies and processes, and completing audits within following frameworks: ISO 27001, SOC2 Type II
Proficiency with GRC tools and technologies used to manage risk and compliance programs
Ability to collaborate cross-functionally, including engineering, sales, legal, finance, and other teams.
Strong oral and written communication skills.
Strong analytical and result-driven mindset.
Salary Range
California: the pay range for this role is $178,000 to $245,000 per year.
This role will also be eligible for equity and benefits. Actual base pay will be determined based on permissible factors such as transferable skills, work experience, market demands, and primary work location. The base pay range provided is subject to change and may be modified in the future.
Hybrid Faire employees currently go into the office 2 days per week on Tuesdays and Thursdays. Effective starting in January 2026, employees will be expected to go into the office on a third flex day of their choosing (Monday, Wednesday, or Friday). Additionally, hybrid in-office roles will have the flexibility to work remotely up to 4 weeks per year. Specific Workplace and Information Technology positions may require onsite attendance 5 days per week as will be indicated in the job posting.
Applications for this position will be accepted for a minimum of 30 days from the posting date.
Why you’ll love working at Faire
We are entrepreneurs: Faire is being built for entrepreneurs, by entrepreneurs. We believe entrepreneurship is a calling and our mission is to empower entrepreneurs to chase their dreams. Every member of our team is taking part in the founding process.
We are using technology and data to level the playing field: We are leveraging the power of product innovation and machine learning to connect brands and boutiques