GRC Director (Governance, Risk, and Compliance)

About the position Responsibilities • Lead proactive, end-to-end compliance initiatives across the organization, driving adoption, operational excellence, and informed executive decision-making. • Build strong cross-functional collaboration with Research Ops, HR, Engineering, AI, Finance, and the Executive Team to embed privacy, security, and compliance into core operations. • Continuously monitor, assess, and report on compliance risks while providing strategic guidance and implementing effective controls to maintain program effectiveness. • Execute the necessary controls to procure and maintain agreed upon frameworks: Current Frameworks: GDPR, SOC 2 Type II, HIPAA, COPPA Future Frameworks: ISO 27001, Other Global Privacy & Security Requirements • Serve as advisor to the executive team on determining which frameworks, security, privacy, and compliance needs to go after to drive business strategy forward and ultimately achieve company revenue goals • Effectively contribute to the reduction in sales cycle time by efficiently reviewing and completing infosec vendor onboarding requirements • Leverage and collaborate with Knit outside counsel when applicable to support vendor onboarding such as DPAs or other infosec requirements • Serve as the compliance owner for Knit’s dedicated, in-person office space in NYC, ensuring workplace operations meet applicable safety, security, privacy, and facilities-related regulatory requirements, and coordinating necessary policies, training, and audits with HR and Business Operations • Providing guidance to employees on compliance matters for both internal operations questions as well as customer-related questions • Writing and sending asynchronous annual compliance education to the organization • Conducting annual compliance requirements Requirements • Proven Track Record of 5+ years of Security, Compliance & Privacy Leadership for US-based, B2B SaaS companies, including experience in international privacy in EMEA and APAC • Hands-on experience designing and maintaining compliance programs (e.g., ISO 27001, SOC 2, HIPAA) and acting as Data Protection Officer (DPO) or equivalent under GDPR/CCPA • Strong understanding of compliance, privacy, data security, and regulatory obligations for B2B SaaS companies serving Global Enterprise Customers • Track record of partnering with leadership and teams across product, security, finance, and operations to align compliance with business objectives. • Excellent communicator who can translate complex legal and regulatory requirements into practical, scalable processes. • Proficient in Drata • Highly independent and overcommunicative leader, who can distill complex challenges into clear communications to inform executive decision-making or drive their own decision-making • High level of integrity and ethical standards • Adaptability to rapidly changing business needs with the ability to overcommunicate and overdocument along the way • Extreme attention to detail and ability to manage multiple projects and stakeholders simultaneously Nice-to-haves • Professional certifications like Certified Compliance and Ethics Professional (CCEP) or Certified Regulatory Compliance Manager (CRCM) is a plus • Specialized knowledge in market research technology is a plus Benefits • competitive salary • Equity Options • Healthcare (medical, dental, and vision), and Additional Coverage • a company laptop and one-time, onboarding Technology Stipend • a 401(k) with company match • flexible time-off • hybrid working Apply tot his job Apply tot his job