Governance, Risk & Compliance Lead at Whatnot (W20)
$240K - $320K  •  
Whatnot is the largest livestream shopping platform in the U.S.
Los Angeles, CA, US / San Francisco, CA, US / New York, NY, US / Phoenix, AZ, US / Denver, CO, US / Seattle, WA, US / Remote (US)
11+ years
About Whatnot

Whatnot is a community marketplace where you can safely buy, sell, go live and build a community with other like-minded people.

We got our start offering a buying and selling experience to collectors of Funko Pops and Pokemon cards. We became the leading marketplace for those communities and have found success launching into categories like sports cards, NFTs, and vintage fashion.

In July of 2022, we raised $260 million in a Series D funding round bringing our valuation to $3.7 billion, a 2.5x increase since our $1.5 billion valuation in September of 2021.

Our mission is to enable anyone to turn their passion into a business and bring people together through commerce. We enable anyone to connect, transact and build a business in one place -- Whatnot is bringing the in-person retail experience online.

About the role

🚀 Whatnot

Whatnot is a livestream shopping platform and marketplace backed by Andreessen Horowitz, Y Combinator, and CapitalG. We’re building the future of ecommerce, bringing together community, shopping and entertainment. We are committed to our values, and as a remote-first team, we operate out of hubs within the US, Canada, UK, and Germany today.

We’re innovating in the fast-paced world of live auctions in categories including sports, fashion, video games, and streetwear. The platform couples rigorous seller vetting with a focus on community to create a welcoming space for buyers and sellers to share their passions with others.

And, we’re growing. Whatnot has been the fastest growing marketplace in the US over the past two years and we’re hiring forward-thinking problem solvers across all functional areas.

💻 Role

The successful candidate will be responsible for developing and managing a comprehensive security governance, risk, and compliance program. Evaluate existing security policies and procedures and recommend improvements. Ensure compliance with security standards, such as ISO 27001, NIST 800-53, PCI and GDPR/ CCPA. Create and maintain security awareness and training programs. Conduct security risk assessments and develop risk mitigation plans. Own security program reporting, metrics and dashboards for presentations to senior level leadership in the areas of security governance, risk management, security awareness, and third-party risk management.

👋 You

Curious about who thrives at Whatnot? We’ve found that low ego, a growth mindset, and leaning into action and high impact goes a long way here.

As our GRC Lead you should have a minimum of 8+ years of relevant experience in security governance, risk, and compliance, preferably in a large enterprise environment, plus:

A Bachelor’s degree in Computer Science, Information Security, or a related field. Deep knowledge of security best practices and industry standards, such as ISO 27001, SOC-2, NIST 800-53, PCI and GDPR/ CCPA. Experience in supporting complex third party audit projects in a cloud centric environment, with a strong aptitude to understand emerging technologies to assure regulatory and compliance requirements are met. Excellent written communication skills with the ability to document, communicate, and report security assessments as well as the status of the implementation and effectiveness of cybersecurity controls with product and business leaders.


For US-based applicants: $240,000/year to $320,000/year + benefits + stock options

The salary range may be inclusive of several levels that would be applicable to the position. Final salary will be based on a number of factors including, level, relevant prior experience, skills and expertise. This range is only inclusive of base salary, not benefits (more details below) or equity in the form of stock options.

🎁 Benefits

Flexible Time off Policy and Company-wide Holidays (including a spring and winter break) Health Insurance options including Medical, Dental, Vision Work From Home Support $1,000 home office setup allowance $150 monthly allowance for cell phone and internet Care benefits $450 monthly allowance on food $500 monthly allowance for wellness $5,000 annual allowance towards Childcare $20,000 lifetime benefit for family planning, such as adoption or fertility expenses Retirement; 401k offering for Traditional and Roth accounts in the US (employer match up to 4% of base salary) and Pension plans internationally Parental Leave 16 weeks of paid parental leave + one month gradual return to work *company leave allowances run concurrently with country leave requirements which take precedence.


Whatnot is proud to be an Equal Opportunity Employer. We value diversity, and we do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, parental status, disability status, or any other status protected by local law. We believe that our work is better and our company culture is improved when we encourage, support, and respect the different skills and experiences represented within our workforce.


Infrastructure: AWS, Kubernetes, Serverless

Databases: Postgres, DynamoDB, ElasticSearch, Redis

Backend: Python (Flask), Node, Elixir

Front-End React, GraphQL, Swift, Kotlin

Other jobs at Whatnot

fulltimePhoenix, AZ, US / Austin, TX, US6+ years

fulltimeRemote - North America / Remote (US; CA)Machine Learning3+ years

fulltimeRemote - North America / Remote (US)Backend$178K - $235K6+ years

fulltimeRemote - North America / Remote (US; CA)1+ years

fulltimeRemote - North America / Remote (US; CA)Machine Learning6+ years

fulltimeRemote (San Francisco, CA, US; Seattle, WA, US; Los Angeles, CA, US; Denver, CO, US; Phoenix, AZ, US; New York, NY, US; Toronto, ON, CA)Android$178K - $235K6+ years

fulltimeRemote (San Francisco, CA, US; Seattle, WA, US; Los Angeles, CA, US; Toronto, ON, CA; New York, NY, US; Phoenix, AZ, US; Denver, CO, US)Backend$178K - $235K6+ years

fulltimeRemote - North America / Remote (US)Backend$153K - $235K3+ years

fulltimeSan Francisco, CA, US / Los Angeles, CA, US / New York, NY, US / Phoenix, AZ, US / Seattle, WA, US / Denver, CO, US / Remote (US)Full Stack$178K - $235K6+ years

fulltimeLos Angeles, CA, US / San Francisco, CA, US / New York, NY, US / Phoenix, AZ, US / Denver, CO, US / Seattle, WA, US / Remote (US)Devops$240K - $320K11+ years

Hundreds of YC startups are hiring on Work at a Startup.

Sign up to see more ›