Director, Cybersecurity Governance Risk and Compliance

About The Position

Requirements

• At least 10+ years’ experience in cybersecurity in one or more roles, including security analyst, compliance and regulations, risk management or audit.
• 5 or more years’ experience managing distributed team personnel.
• Demonstrated leadership experience and thorough understanding of various regulatory requirements and laws such as, but not limited to PCI, SOX, HIPAA, HITRUST, and GDPR.
• Proven project leadership with both legacy and emerging technologies to assess and manage business risk and enforce security controls.
• Proven understanding of business focus and processes, and ability to inject cybersecurity into the business through teamwork and influence.
• Track record of delivering GRC projects under tight deadlines.
• Demonstrated experience conducting tabletop exercises for business continuity.
• Ability to motivate teammates to achieve excellence and willingly share knowledge.
• Bachelor's degree in computer science, information assurance, MIS or related field, or equivalent.
• CISSP, CISM, CISA, CRISC, GSLC preferable, but not required.

Nice To Haves

• Advanced degree not required, but an MBA or master’s degree in information assurance/technology is preferred.
• Organized, efficient self-starter requiring minimal supervision.
• Understanding of service design, delivery concepts and control frameworks.
• Forward thinking with strong business acumen and flexibility.
• Highly focused on building and implementing a strong, cohesive team and security culture.
• Effective at stress management in a constantly changing environment.
• Outstanding written and verbal, business and cybersecurity communication skills.

Responsibilities

• In tandem with risk management and security, direct and conduct ongoing risk analysis organization-wide to uphold the GRC program.
• Lead a team dedicated to an ongoing security maturation program, where areas of strength are amplified and areas needing improvement are documented.
• Emphasize privacy, security, business resiliency and compliance frameworks.
• Direct the GRC team to document, communicate and enforce areas of security improvement that balance risk with business operations, as well as ensure controls are not weakening efficiencies or business innovation.
• Establish and maintain a strategy for managing security-related audits, compliance checks and external assessment processes for auditors, including but not limited to, Sarbanes-Oxley (SOX), Service Organization Controls (SOC) 2, California Consumer Privacy Act (CCPA), Payment Card Industry Data Security Standard (PCI DSS), and other applicable industry standards.
• Facilitate IT compliance of identified controls – for example, IT general controls (ITGCs), application, cloud and cybersecurity.
• Oversee and ensure adequate protection of key information is maintained through data classification, data loss prevention (DLP) and enforcement of records retention requirements.
• Play a key role in the vendor risk assessment process and ensure all divisions follow and uphold process rigor.
• Maintain a high degree of knowledge with current and proposed security changes impacting regulatory, privacy and security industry best practice guidance.
• Effectively communicate knowledge of GRC controls across business units with a focus on, but not limited to, company practices, procedures, third-party integrations, product development and financials.
• Focus on principles aligning with enterprise risk management fundamentals within security and technology teams to maintain up-to-date configuration documentation for systems and processes.
• Lead a team to provide rigorous oversight of security systems and security configuration administration that reduces risk to enterprise systems and accounts.
• Liaison with auditors, both internal and external, to maintain and implement controls for compliance and privacy laws.
• Drive and govern disaster recovery and business continuity as they relate to security frameworks, compliance and privacy laws.
• Openly support management team and executive leadership, even during tumultuous times.
• Perform other duties as assigned.

Benefits

• Base pay range: $172,100 - $266,800
• Annual performance bonus
• Long term incentive (equity/stock)
• 401(k) with employer match
• Medical, dental, and vision insurance
• PTO, company holidays, and parental leave
• Paid Time Off/Paid Sick Leave: Applicants can expect to accrue 15 days of paid time off during their first year (4.62 hours for every 80 hours worked) and increased accruals after five years of service.
• Paid training and certifications
• Legal assistance and identity protection
• Pet insurance
• Employee assistance program (EAP)