GRC Director (Governance, Risk, and Compliance)

About the positionResponsibilities• Lead proactive, end-to-end compliance initiatives across the organization, driving adoption, operational excellence, and informed executive decision-making. • Build strong cross-functional collaboration with Research Ops, HR, Engineering, AI, Finance, and the Executive Team to embed privacy, security, and compliance into core operations. • Continuously monitor, assess, and report on compliance risks while providing strategic guidance and implementing effective controls to maintain program effectiveness.• Execute the necessary controls to procure and maintain agreed upon frameworks:Current Frameworks: GDPR, SOC 2 Type II, HIPAA, COPPAFuture Frameworks: ISO 27001, Other Global Privacy & Security Requirements• Serve as advisor to the executive team on determining which frameworks, security, privacy, and compliance needs to go after to drive business strategy forward and ultimately achieve company revenue goals• Effectively contribute to the reduction in sales cycle time by efficiently reviewing and completing infosec vendor onboarding requirements• Leverage and collaborate with Knit outside counsel when applicable to support vendor onboarding such as DPAs or other infosec requirements• Serve as the compliance owner for Knit’s dedicated, in-person office space in NYC, ensuring workplace operations meet applicable safety, security, privacy, and facilities-related regulatory requirements, and coordinating necessary policies, training, and audits with HR and Business Operations• Providing guidance to employees on compliance matters for both internal operations questions as well as customer-related questions• Writing and sending asynchronous annual compliance education to the organization• Conducting annual compliance requirementsRequirements• Proven Track Record of 5+ years of Security, Compliance & Privacy Leadership for US-based, B2B SaaS companies, including experience in international privacy in EMEA and APAC• Hands-on experience designing and maintaining compliance programs (e.g., ISO 27001, SOC 2, HIPAA) and acting as Data Protection Officer (DPO) or equivalent under GDPR/CCPA• Strong understanding of compliance, privacy, data security, and regulatory obligations for B2B SaaS companies serving Global Enterprise Customers• Track record of partnering with leadership and teams across product, security, finance, and operations to align compliance with business objectives.• Excellent communicator who can translate complex legal and regulatory requirements into practical, scalable processes. • Proficient in Drata• Highly independent and overcommunicative leader, who can distill complex challenges into clear communications to inform executive decision-making or drive their own decision-making• High level of integrity and ethical standards• Adaptability to rapidly changing business needs with the ability to overcommunicate and overdocument along the way• Extreme attention to detail and ability to manage multiple projects and stakeholders simultaneouslyNice-to-haves• Professional certifications like Certified Compliance and EthicsProfessional (CCEP) or Certified Regulatory Compliance Manager (CRCM) is a plus• Specialized knowledge in market research technology is a plusBenefits• competitive salary• Equity Options• Healthcare (medical, dental, and vision), and Additional Coverage• a company laptop and one-time, onboarding Technology Stipend• a 401(k) with company match• flexible time-off• hybrid working Apply tot his job