Knit

Compensation

Full Description

Who we’re looking for… Title: GRC Director (Governance, Risk, and Compliance) Team: Compliance Reports To: CEO Supervisory Responsibility: This role does not currently have FTE direct reports. This role is expected to be the owner of any required compliance relationships, specifically with any external partners if/when applicable. Location: New York City or easy commute to in-office NYC multiple days per week. Knit is a New York, US-based company with a hybrid working policy with team members in the US and India. Our standard business operating hours are Monday - Friday 9am - 5pm EST. Travel: This role will not be expected to travel, with the exception of Knit’s All Team US Summit 1x/year. A little about us… Knit is the AI-native consumer research platform helping brands automate and accelerate primary research. With our Researcher-Driven AI, we’ve condensed the entire quant + qual research process from weeks into days (sometimes hours!) for 50+ enterprise brands — including Amazon, T-Mobile, Mars, NASCAR, and more. We’re on a mission to scale and democratize world-class research. From survey generation to stakeholder-ready reports, our platform is redefining how insights teams operate — and we need your help to push the limits of what’s possible. Overview Knit’s GRC Director (Governance, Risk, and Compliance) accelerates revenue by securing the privacy, security, and compliance foundations needed for Enterprise trust and faster deal cycles. It reduces organizational risk through strong certification management, audit readiness, and streamlined contract and security review processes. Ultimately, this leader enables Knit to scale responsibly and competitively while maintaining customer confidence and operational excellence. Responsibilities | What you will own… Success is measured by timely achievement of security certifications, efficient risk mitigation and contract execution, and strong privacy compliance that earns customer trust, reduces business friction, and contributes to revenue growth. Key performance indicators for this team & role: Compliance & Risk measured by: % completion of readiness tasks, % of controls implemented, and/or achieving/renewing agreed upon certification(s) by target date(s) Risk Register Management – % of identified risks with mitigation plans and owners; time to close high-severity risks Audit & Assessment Outcomes – Number of findings during internal/external audits and % resolved within agreed upon timelines Enterprise Onboarding Velocity measured by: Security Questionnaire Turnaround Time – Time from request to full execution, ultimately contributing to reduction in overall sales cycle time % of security/compliance questionnaires completed within SLA and without blocking deals Automation Velocity → % of forms completed automatically through AI tooling vs manual input Privacy & Data Protection measured by: Data Subject Request (DSR) SLA Compliance – % of data subject rights requests responded to within required timeframe Privacy Incident Response Time – Average time from detection to containment and notification (if required) Employee Privacy Training Completion – 100% of workforce trained annually on privacy and security practices Key responsibilities… Risk Mitigation & Compliance Leadership Lead proactive, end-to-end compliance initiatives across the organization, driving adoption, operational excellence, and informed executive decision-making. Build strong cross-functional collaboration with Research Ops, HR, Engineering, AI, Finance, and the Executive Team to embed privacy, security, and compliance into core operations. Continuously monitor, assess, and report on compliance risks while providing strategic guidance and implementing effective controls to maintain program effectiveness. Strategic Business Enablement by driving achievement in Net New Compliance Frameworks & Maintaining Existing Ones: Execute the necessary controls to procure and maintain agreed upon frameworks: Current Frameworks: GDPR, SOC 2 Type II, HIPAA, COPPA Future Frameworks: ISO 27001, Other Global Privacy & Security Requirements Serve as advisor to the executive team on determining which frameworks, security, privacy, and compliance needs to go after to drive business strategy forward and ultimately achieve company revenue goals Enterprise Customer & Vendor Onboarding Effectively contribute to the reduction in sales cycle time by efficiently reviewing and completing infosec vendor onboarding requirements Leverage and collaborate with Knit outside counsel when applicable to support vendor onboarding such as DPAs or other infosec requirements Office Compliance Lead: Serve as the compliance owner for Knit’s dedicated, in-person office space in NYC, ensuring workplace operations meet applicable safety, security, privacy, and facilities-related regulatory requirements, and coordinating necessary policies, training, and audits with HR and Business Operations Driving Internal Knit Team Education: Providing guidance to employees on compliance matters for both internal operations questions as well as customer-related questions Writing and sending asynchronous annual compliance education to the organization Conducting annual compliance requirements Required Skills & Experiences Proven Track Record of 5+ years of Security, Compliance & Privacy Leadership for US-based, B2B SaaS companies, including experience in international privacy in EMEA and APAC Hands-on experience designing and maintaining compliance programs (e.g., ISO 27001, SOC 2, HIPAA) and acting as Data Protection Officer (DPO) or equivalent under GDPR/CCPA Strong understanding of compliance, privacy, data security, and regulatory obligations for B2B SaaS companies serving Global Enterprise Customers Professional certifications like Certified Compliance and Ethics Professional (CCEP) or Certified Regulatory Compliance Manager (CRCM) is a plus Specialized knowledge in market research technology is a plus Proven Track Record of Strategic & Cross-Functional Collaboration Track record of partnering with leadership and teams across product, security, finance, and operations to align compliance with business objectives. Excellent communicator who can translate complex legal and regulatory requirements into practical, scalable processes. Proficient in Drata Highly independent and overcommunicative leader, who can distill complex challenges into clear communications to inform executive decision-making or drive their own decision-making High level of integrity and ethical standards Adaptability to rapidly changing business needs with the ability to overcommunicate and overdocument along the way Extreme attention to detail and ability to manage multiple projects and stakeholders simultaneously Benefits Upon joining the Knit team, you will receive a competitive salary, Equity Options, Healthcare (medical, dental, and vision), and Additional Coverage, a company laptop and one-time, onboarding Technology Stipend, a 401(k) with company match, flexible time-off, hybrid working, and more! Our Company Values We are the Championship Team. This means we: Are 1% better every day: We approach situations with a growth mindset and ask, “How can we make the business better?” and “What would it take?” Play to win: We set audacious goals and push ourselves to achieve them with a bias towards action (When we see a need, we take initiative, and hold ourselves accountable to seeing it through). Keep the main thing the main thing: Identify what has the biggest impact and prioritize to focus on it.