Senior Director, Global Head of GRC

About Us:

 

Proofpoint is a global leader in human- and agent-centric cybersecurity. We protect how people, data, and AI agents connect across email, cloud, and collaboration tools. Over 80 of the Fortune 100, 10,000 large enterprises, and millions of smaller organizations trust Proofpoint to stop threats, prevent data loss, and build resilience across their people and AI workflows. Our mission is simple: safeguard the digital world and empower people to work securely and confidently. Join us in our pursuit to defend data and protect people.

How We Work:

At Proofpoint you’ll be part of a global team that breaks barriers to redefine cybersecurity guided by our BRAVE core values: 

Bold in how we dream and innovate

Responsive to feedback, challenges and opportunities

Accountable for results and best in class outcomes

Visionary in future focused problem-solving

Exceptional in execution and impact

Senior Director, Global Head of GRC

Location: Sunnyvale, CA
Department: Information Security
Reports To: Chief Information Security Officer (CISO)

Company Overview

Proofpoint is a global leader in human- and agent-centric cybersecurity, securing how people, data and AI agents connect across email, cloud and collaboration tools. Proofpoint is a trusted partner to over 80 of the Fortune 100, over 10,000 large enterprises, and millions of smaller organizations in stopping threats, preventing data loss, and building resilience across people and AI workflows. Proofpoint’s collaboration and data security platform helps organizations of all sizes protect and empower their people while embracing AI securely and confidently.

Role Overview

The Senior Director, Global Head of GRC owns Proofpoint’s global trust strategy—defining how the company manages risk, achieves regulatory compliance, and enables secure growth across commercial, public sector, and defense markets.

Reporting to the CISO, this role is accountable for building and scaling a modern, business-aligned GRC function that transforms compliance into a strategic advantage—accelerating market access, strengthening customer trust, and supporting Proofpoint’s expansion into highly regulated environments.

As the global leader for GRC, you will drive enterprise-wide visibility into risk and compliance posture, aligning security, engineering, legal, and go-to-market teams around a unified framework that supports innovation in cloud, data security, and AI-driven products.

Key Responsibilities

Strategic Leadership & Trust Ownership

• Define and execute Proofpoint’s global GRC and trust strategy, aligned with business growth, product innovation, and market expansion.
• Serve as the global functional head of GRC, with end-to-end accountability for governance, risk management, compliance, and security assurance.
• Position compliance as a business enabler, directly supporting revenue growth, customer acquisition, and entry into regulated markets.
• Establish a unified control framework that scales across products, cloud platforms, and geographies while reducing audit friction and duplication.

Market Access & Regulatory Strategy

• Lead compliance strategy supporting expansion into U.S. public sector and defense markets, including FedRAMP (Moderate/High) and CMMC Level 2.
• Enable international growth through alignment with regional frameworks (e.g., IRAP, ISMAP, ENS, BSI C5, TISAX, ACN).
• Partner with go-to-market teams to leverage certifications and regulatory posture as a competitive differentiator in customer engagements.
• Act as a strategic advisor on regulatory requirements impacting product strategy, cloud deployments, and data residency.

Global Compliance & Certification Programs

• Own end-to-end delivery of global audits, certifications, and regulatory engagements.
• Ensure successful execution and continuous maturity across key frameworks:
  • ISO 27001 / ISO 42001
  • SOC 2 Type II
  • FedRAMP (Moderate/High)
  • CMMC Level 2
  • PCI DSS
  • Regional frameworks (IRAP, ISMAP, ENS, BSI C5, TISAX, ACN, etc.)
• Drive continuous compliance through automation, control optimization, and integration into engineering and operational workflows.
• Embed compliance requirements into product and cloud architecture in partnership with Engineering and Product teams.

Risk Management & Governance

• Own and mature enterprise risk management (ERM), including risk identification, quantification, prioritization, and executive reporting.
• Establish governance structures that provide clear accountability and real-time visibility into enterprise risk posture.
• Align risk appetite with business objectives in partnership with executive leadership.
• Oversee third-party risk management and supply chain security programs.

Operational Excellence & Assurance

• Define KPIs and metrics to measure GRC program effectiveness, control maturity, and business impact.
• Drive audit readiness, control effectiveness, and enterprise-wide remediation programs.
• Enhance GRC tooling, automation, and data visibility to support scalable, efficient compliance operations.
• Deliver clear, actionable reporting to executive leadership and the Board on risk and compliance posture.

Innovation & Emerging Risk

• Lead Proofpoint’s approach to AI governance (ISO 42001) and emerging regulatory requirements for AI and agentic systems.
• Stay ahead of global regulatory trends, translating complexity into actionable strategies and competitive advantage.
• Advance modern GRC practices, including continuous controls monitoring and integrated risk platforms.

Leadership & Executive Presence

• Build, lead, and mentor a high-performing global GRC organization.
• Serve as an executive-facing leader, engaging with senior leadership, customers, auditors, and regulators.
• Represent Proofpoint’s trust, risk, and compliance posture in strategic customer and partner engagements.
• Champion a culture of accountability, transparency, and business-aligned risk management across the company.

Qualifications

• Education: Bachelor’s or Master’s degree in Cybersecurity, Risk Management, Business, or related field.
• Experience: 12+ years in security, risk, or compliance, with 5–7+ years in senior leadership roles.
• Proven experience leading global GRC functions in SaaS, cloud, or highly regulated environments.
• Deep expertise across major frameworks (ISO, SOC, FedRAMP, PCI) and U.S. public sector / defense compliance (CMMC).
• Demonstrated success using compliance programs to enable business growth and market expansion.
• Strong background in enterprise risk management, control frameworks, and audit execution.
• Relevant certifications (e.g., CISSP, CISM, CRISC, CISA) preferred.

Preferred Attributes

• Experience in cybersecurity or SaaS industry.
• Executive presence with the ability to translate regulatory complexity into business strategy.
• Strategic, risk-based mindset focused on enablement—not just control enforcement.
• Proven ability to operate in complex, fast-scaling, and highly matrixed environments.
• Track record of building and leading high-performing global teams.
• Passion for strengthening customer trust while enabling innovation and growth.

Why Proofpoint?

At Proofpoint, we believe that an exceptional career experience includes a comprehensive compensation and benefits package. Here are just a few reasons you’ll love working with us:

• Competitive compensation

• Comprehensive benefits

• Career success on your terms

• Flexible work environment

• Annual wellness and community outreach days

• Always on recognition for your contributions

• Global collaboration and networking opportunities

 

Our Culture:

Our culture is rooted in values that inspire belonging, empower purpose and drive success-every day, for everyone.

We encourage applications from individuals of all backgrounds, experiences, and perspectives. If you need accommodation during the application or interview process, please reach out to accessibility@proofpoint.com.

 

How to Apply

Interested? Submit your application along with any supporting information- we can’t wait to hear from you!

Consistent with Proofpoint values and applicable law, we provide the following information to promote pay transparency and equity. Our compensation reflects the cost of labor across several U.S. geographic markets, and we pay differently based on those defined markets as set out below. Pay within these ranges varies and depends on job-related knowledge, skills, and experience. The actual offer will be based on the individual candidate. The range provided may represent a candidate range and may not reflect the full range for an individual tenured employee. This role may be eligible for variable compensation and/or equity. We offer a competitive benefits package, including flexible time off, a comprehensive well-being program with two paid Wellbeing Days and two paid Volunteer Days per year, plus a three-week Work from Anywhere option.

Base Pay Ranges:

SF Bay Area, New York City Metro Area:

Base Pay Range: 245,400.00 - 337,370.00 USD

California (excludes SF Bay Area), Colorado, Connecticut, Illinois, Washington DC Metro, Maryland, Massachusetts, New Jersey, Texas, Washington, Virginia, and Alaska:

Base Pay Range: 197,100.00 - 271,040.00 USD

All other cities and states excluding those listed above:

Base Pay Range: 177,500.00 - 244,090.00 USD