Cybersecurity Governance, Risk & Compliance Lead

About The Position

Requirements

• 6 plus years of using risk assessment methods and procedures
• 6 plus years of tracking, monitoring, and reporting risk
• 6 plus years of governance risk & compliance experience
• Cybersecurity risk management function including third party cyber risk
• Cybersecurity controls management
• Controls testing and automation
• Governance risk and compliance management
• Experience with Cybersecurity Risk Frameworks (NIST CSF/RMF, ISO 27001/27002, SOC (1,2,3), and Global Privacy regulations (e.g., CCRP, GDPR etc)
• Experience with AI/ML risk management frameworks (e.g., NIST AI RMF, ISO/IEC 42001).
• Understanding of AI‑specific threat vectors (model poisoning, prompt injection, data leakage via LLMs).
• Familiarity with evaluating AI vendors for responsible AI, privacy, and security posture.
• Experience in drafting security policies and standards
• Experience in using/supporting ServiceNow Integrated Risk Management module (or related GRC platform

Nice To Haves

• Cyber risk certifications (CISA, CISM, CRISC, CISSP) are a plus

Responsibilities

• Assess cyber risks related to vendors, systems and services associated with technology and operational projects.
• Evaluate AI‑enabled services offered by critical vendors for model security, training data governance, and exposure to model manipulation attacks.
• Ensure cloud AI services align with NIST, ISO, SOC2, and privacy frameworks already referenced in the role (NIST, ISO, SOC, GDPR, CCPA).
• Support day-to-day operations by identifying potential areas of cybersecurity compliance risks and ensuring appropriate escalation and coordination of effective corrective actions.
• Collaborate with various technical and non-technical teams to evaluate the effectiveness of security controls, identify and categorize risks, provide improvement recommendations, and communicate outcomes of those activities.
• Assist in process improvement initiatives and the development/implementation of team metrics
• Educate teams across the organization on cyber risk and governance methodologies for maintaining a secure enterprise and meeting regulatory compliance requirements.
• Facilitate the development of security policies and standards.
• Collaborate with internal subject matter experts to ensure policies,
• Lead the interactions with Internal Audit, manage relevant regulatory requirements, assist in the development of management responses, track, and monitor remediation progress till closure.
• Challenge the first line of defense, validate the required assessments and attestations (PCI, SOX, GDPR, CCPA) report on compliance internally, and provide guidance on compliance as necessary.
• Provide oversight of identifying, classifying, remediating, and mitigating vulnerabilities and the policy exception request process.
• Communicate emerging issues, potential risks, and audit results to key stakeholders, assist in the review, and formulate responses to issues and findings from all sources.
• Develop metrics and reports that provide management visibility into the current cyber risk and compliance posture and trends.
• Work closely with business, technology, and compliance counterparts to understand business objectives, initiatives, and ensure alignment with security policies and best practices.
• Build relationships with business units to deliver security-by-design controls incorporated into projects, architecture, infrastructure, and applications.
• Build relationships with senior leaders to accelerate the adoption of compliance and security initiatives.

Benefits

• comprehensive, competitive benefits that prioritize all aspects of wellbeing and provide flexibility for our teammates’ unique needs. This includes robust health plans, a market-leading 401(k) program with a company match, flexible time off benefits (including half-day summer Fridays depending on location), inclusive fertility/adoption benefits, and more.