Associate Director, IT Risk & Compliance

About The Position

Requirements

• Bachelor's degree in Computer Science, Information Systems, or a related field.
• 8+ years of experience in information security and risk management roles, with at least 5 years in a leadership position.
• Proven experience in developing and implementing enterprise-wide risk management frameworks.
• Strong understanding of industry best practices, regulatory requirements (e.g., SOX, HIPAA, GDPR), and emerging threats.
• Experience with risk assessment methodologies, including threat modeling, vulnerability scanning, and penetration testing.
• Excellent analytical and problem-solving skills.
• Strong leadership and mentoring skills.

Nice To Haves

• Strong communication and presentation skills, with the ability to effectively communicate complex technical information to both technical and non-technical audiences.
• Ability to work independently and as part of a team.
• Experience with GRC tools and technologies a plus.
• Relevant industry certifications (e.g., CISSP, CISM, CRISC) preferred.

Responsibilities

• Manage and mentor a team of risk analysts and security professionals.
• Develop and maintain a comprehensive Enterprise IS/IT Risk Management framework, including risk assessments, threat modeling, and vulnerability management.
• Conduct regular risk assessments across the organization, including business impact analyses (BIA) and threat and vulnerability assessments (TVAs).
• Oversee the implementation of risk mitigation controls and monitor their effectiveness.
• Develop and maintain key risk indicators and key performance indicators (KPIs) to track and measure risk levels.
• Advise senior management on risk-related decisions and provide recommendations for improving the company's overall security posture.
• Stay abreast of emerging threats and vulnerabilities and advise on appropriate countermeasures.
• Collaborate with internal and external stakeholders, including IT, legal, compliance, and business units.
• Ensure compliance with relevant industry regulations and standards.
• Participate in incident response activities and post-mortem analysis.
• Develop and deliver presentations and reports to senior management and the Board of Directors.
• Ensure compliance with applicable laws, regulations, and industry standards.
• Develop and maintain IT policies, procedures, and standards.
• Conduct internal and external audits to assess compliance.
• Manage relationships with external auditors and regulatory bodies.
• Stay abreast of changes in regulatory requirements and industry best practices.
• Demonstrate a commitment to diversity, equity, and inclusion through continuous development, modeling inclusive behaviors, and proactively managing bias.

Benefits

• Competitive salaries and benefits.
• Diversity, Equity & Inclusion initiatives.
• Reasonable accommodation for employees with disabilities.