Cybersecurity GRC Product Owner (Associate Director)

About The Position

Requirements

• 10 plus years of experience as a product owner or in a similar role within Cybersecurity GRC and Privacy.
• Experience leading enterprise AI Security & Governance program, defining key cybersecurity controls for AI/ML systems and partnering with Security Engineering, Privacy, and Legal to ensure responsible, secure AI adoption.
• Experience directing and developing high‑performing Cyber GRC function, driving scalable governance processes and enabling secure AI innovation across the organization.
• (People Management is required)
• Knowledge of security and privacy frameworks and regulations, including ISO, NIST, CIS, SOC 2, HIPAA, CCPA, PCI DSS, and GDPR.
• Advanced understanding of information security concepts, including cloud security, compliance, access controls, and disaster recovery.
• Proven ability to coordinate cross-functional teams and stakeholders globally to achieve operational goals and deliver technology initiatives.
• Track record of mentoring and managing teams of experienced technologists, setting clear priorities to achieve organizational goals.
• Hands-on experience in software development with a focus on cybersecurity outcomes and leadership in information security and risk management.
• Strategic planning and roadmap development skills to implement strategic plans and manage product roadmaps.
• Strong communication and leadership abilities to guide and inspire teams, along with expertise in risk management, privacy, data security, and incident response.

Nice To Haves

• Relevant industry certifications such as CISSP, CISA, CISM, or CRISC are preferred.
• Experience with IT GRC tools (e.g., ServiceNow IRM, OneTrust) and developing successful risk management programs.

Responsibilities

• Develop and maintain the security governance framework, policies, and procedures aligned with industry standards and best practices.
• Ensure that the organization adheres to established governance guidelines.
• Ensure AI capabilities are governed, secure, explainable, compliant, and human ‑ accountable, while delivering measurable risk and efficiency outcomes without increasing regulatory or data exposure.
• Collaborate with the business, IT Infrastructure and Applications leaders to implement and enforce standards and control objectives throughout the organization.
• Identify, assess, and prioritize security risks related to assets, systems, and data.
• Define security improvements to resolve or mitigate security findings or otherwise enhance security posture to achieve compliance with all security initiatives.
• Implement risk mitigation strategies and controls to minimize exposure to threats and vulnerabilities.
• Conduct regular security risk assessments and provide recommendations for remediation actions.
• Evaluate and manage security risks associated with third-party vendors and service providers.
• Overseeing audits, penetration tests, and forensic investigations, ensuring that findings are comprehensively understood and effectively remediated.
• Establish and maintain an effective compliance framework aligned with applicable laws, regulations, and global industry standards.
• Ensure compliance with regulatory mandates and reporting requirements.
• Oversee internal and external audits, addressing findings and implementing corrective actions.
• Enforce standards of multiple security frameworks, including SOX, PCI, and Global Privacy regulations (e.g., CCPA, GDPR)
• Ensure AI capabilities meet regulatory and compliance expectations by understanding applicable AI, privacy, and sector ‑ specific regulations (e.g., EU AI Act) and mapping AI use cases to established control frameworks (SOX, ISO 27001, SOC 2, NIST, and privacy requirements)
• Drive strategy for the Human Risk Management Program
• Lead educational initiatives to promote a culture of risk awareness and compliance among employees and third parties.
• Address the unique threats and risks specific to the organization’s business and technological environment.
• Collaborate with executive leadership and internal stakeholders to align security initiatives with business objectives.
• Serve as the main liaison for business units and functions, ensuring cybersecurity risks are effectively identified, assessed, and managed.
• Engage with external stakeholders, including regulators, partners, and vendors, on GRC matters.
• Build and nurture a high-performing team, fostering professional growth and ensuring the team is equipped to meet organizational goals.
• Develop and maintain a comprehensive cybersecurity architecture and roadmap in alignment with GRC/Privacy organizational standards.
• Keep abreast of the latest cybersecurity trends, threat landscapes, and technologies, recommending and implementing appropriate strategies and solutions.
• Foster a culture of continuous improvement and innovation within the product team, constantly seeking opportunities for enhancement and optimization.
• Define the overall product roadmap and collaborate with teams to develop and execute a backlog that aligns with group priorities.