Senior Director, Global Head of GRC

About Us:

Proofpoint is a global leader in human- and agent-centric cybersecurity. We protect how people data and AI agents connect across email cloud and collaboration tools. Over 80 of the Fortunelarge enterprises and millions of smaller organizations trust Proofpoint to stop threats prevent data loss and build resilience across their people and AI workflows. Our mission is simple: safeguard the digital world and empower people to work securely and confidently. Join us in our pursuit to defend data and protect people.

How We Work:

At Proofpoint youll be part of a global team that breaks barriers to redefine cybersecurity guided by our BRAVE core values:

Bold in how we dream and innovate

Responsive to feedback challenges and opportunities

Accountable for results and best in class outcomes

Visionary in future focused problem-solving

Exceptional in execution and impact

Senior Director Global Head of GRC

Location: Sunnyvale CA
Department: Information Security
Reports To: Chief Information Security Officer (CISO)

Company Overview

Proofpoint is a global leader in human- and agent-centric cybersecurity securing how people data and AI agents connect across email cloud and collaboration tools. Proofpoint is a trusted partner to over 80 of the Fortune 100 over 10000 large enterprises and millions of smaller organizations in stopping threats preventing data loss and building resilience across people and AI workflows. Proofpoints collaboration and data security platform helps organizations of all sizes protect and empower their people while embracing AI securely and confidently.

Role Overview

The Senior Director Global Head of GRC owns Proofpoints global trust strategydefining how the company manages risk achieves regulatory compliance and enables secure growth across commercial public sector and defense markets.

Reporting to the CISO this role is accountable for building and scaling a modern business-aligned GRC function that transforms compliance into a strategic advantageaccelerating market access strengthening customer trust and supporting Proofpoints expansion into highly regulated environments.

As the global leader for GRC you will drive enterprise-wide visibility into risk and compliance posture aligning security engineering legal and go-to-market teams around a unified framework that supports innovation in cloud data security and AI-driven products.

Key Responsibilities

Strategic Leadership & Trust Ownership

• Define and execute Proofpoints global GRC and trust strategy aligned with business growth product innovation and market expansion.
• Serve as the global functional head of GRC with end-to-end accountability for governance risk management compliance and security assurance.
• Position compliance as a business enabler directly supporting revenue growth customer acquisition and entry into regulated markets.
• Establish a unified control framework that scales across products cloud platforms and geographies while reducing audit friction and duplication.

Market Access & Regulatory Strategy

• Lead compliance strategy supporting expansion into U.S. public sector and defense markets including FedRAMP (Moderate/High) and CMMC Level 2.
• Enable international growth through alignment with regional frameworks (e.g. IRAP ISMAP ENS BSI C5 TISAX ACN).
• Partner with go-to-market teams to leverage certifications and regulatory posture as a competitive differentiator in customer engagements.
• Act as a strategic advisor on regulatory requirements impacting product strategy cloud deployments and data residency.

Global Compliance & Certification Programs

• Own end-to-end delivery of global audits certifications and regulatory engagements.
• Ensure successful execution and continuous maturity across key frameworks:
  • ISO 27001 / ISO 42001
  • SOC 2 Type II
  • FedRAMP (Moderate/High)
  • CMMC Level 2
  • PCI DSS
  • Regional frameworks (IRAP ISMAP ENS BSI C5 TISAX ACN etc.)
• Drive continuous compliance through automation control optimization and integration into engineering and operational workflows.
• Embed compliance requirements into product and cloud architecture in partnership with Engineering and Product teams.

Risk Management & Governance

• Own and mature enterprise risk management (ERM) including risk identification quantification prioritization and executive reporting.
• Establish governance structures that provide clear accountability and real-time visibility into enterprise risk posture.
• Align risk appetite with business objectives in partnership with executive leadership.
• Oversee third-party risk management and supply chain security programs.

Operational Excellence & Assurance

• Define KPIs and metrics to measure GRC program effectiveness control maturity and business impact.
• Drive audit readiness control effectiveness and enterprise-wide remediation programs.
• Enhance GRC tooling automation and data visibility to support scalable efficient compliance operations.
• Deliver clear actionable reporting to executive leadership and the Board on risk and compliance posture.

Innovation & Emerging Risk

• Lead Proofpoints approach to AI governance (ISO 42001) and emerging regulatory requirements for AI and agentic systems.
• Stay ahead of global regulatory trends translating complexity into actionable strategies and competitive advantage.
• Advance modern GRC practices including continuous controls monitoring and integrated risk platforms.

Leadership & Executive Presence

• Build lead and mentor a high-performing global GRC organization.
• Serve as an executive-facing leader engaging with senior leadership customers auditors and regulators.
• Represent Proofpoints trust risk and compliance posture in strategic customer and partner engagements.
• Champion a culture of accountability transparency and business-aligned risk management across the company.

Qualifications

• Education: Bachelors or Masters degree in Cybersecurity Risk Management Business or related field.
• Experience: 12 years in security risk or compliance with 57 years in senior leadership roles.
• Proven experience leading global GRC functions in SaaS cloud or highly regulated environments.
• Deep expertise across major frameworks (ISO SOC FedRAMP PCI) and U.S. public sector / defense compliance (CMMC).
• Demonstrated success using compliance programs to enable business growth and market expansion.
• Strong background in enterprise risk management control frameworks and audit execution.
• Relevant certifications (e.g. CISSP CISM CRISC CISA) preferred.

Preferred Attributes

• Experience in cybersecurity or SaaS industry.
• Executive presence with the ability to translate regulatory complexity into business strategy.
• Strategic risk-based mindset focused on enablementnot just control enforcement.
• Proven ability to operate in complex fast-scaling and highly matrixed environments.
• Track record of building and leading high-performing global teams.
• Passion for strengthening customer trust while enabling innovation and growth.

Why Proofpoint

At Proofpoint we believe that an exceptional career experience includes a comprehensive compensation and benefits package. Here are just a few reasons youll love working with us:

• Competitive compensation

• Comprehensive benefits

• Career success on your terms

• Flexible work environment

• Annual wellness and community outreach days

• Always on recognition for your contributions

• Global collaboration and networking opportunities

Our Culture:

Our culture is rooted in values that inspire belonging empower purpose and drive success-every day for everyone.

We encourage applications from individuals of all backgrounds experiences and perspectives. If you need accommodation during the application or interview process please reach out to .

How to Apply

Interested Submit your application along with any supporting information- we cant wait to hear from you!

Consistent with Proofpoint values and applicable law we provide the following information to promote pay transparency and equity. Our compensation reflects the cost of labor across several U.S. geographic markets and we pay differently based on those defined markets as set out below. Pay within these ranges varies and depends on job-related knowledge skills and experience. The actual offer will be based on the individual candidate. The range provided may represent a candidate range and may not reflect the full range for an individual tenured employee. This role may be eligible for variable compensation and/or equity. We offer a competitive benefits package including flexible time off a comprehensive well-being program with two paid Wellbeing Days and two paid Volunteer Days per year plus a three-week Work from Anywhere option.

Base Pay Ranges:

SF Bay Area New York City Metro Area:

California (excludes SF Bay Area) Colorado Connecticut Illinois Washington DC Metro Maryland Massachusetts New Jersey Texas Washington Virginia and Alaska:

All other cities and states excluding those listed above: