Director, Cybersecurity Governance, Risk and Compliance

About The Position

Requirements

• Bachelor's degree in Cybersecurity, Information Technology, Business, Engineering, or related field.
• 5 – 7 years required, 10+ years desired progressive cybersecurity experience.
• 5+ years of leadership experience managing cybersecurity programs and teams.
• Deep knowledge of cybersecurity governance, risk management, compliance, and security frameworks.
• Experience with PCI DSS, NIST Cybersecurity Framework, ISO 27001, CIS Controls, and risk management methodologies.
• Experience presenting cybersecurity metrics and risk information to executive leadership.
• Strong written and verbal communication skills.

Nice To Haves

• CISSP, CISM, CRISC, CGEIT, PCI ISA, or equivalent certifications.
• Experience leading enterprise cybersecurity governance programs.
• Experience in telecommunications, media, technology, or highly regulated industries.
• Experience building cybersecurity governance organizations during periods of transformation or separation activities.

Responsibilities

• Lead the enterprise Cybersecurity Governance Program, including developing and maintaining KPIs, KRIs, scorecards, and executive reporting.
• Prepare and facilitate monthly Cybersecurity Governance Reviews and executive presentations, tracking cybersecurity initiatives, remediation activities, and strategic priorities.
• Drive accountability for cybersecurity performance across the organization.
• Lead enterprise cyber risk identification, assessment, reporting, and remediation programs, maintaining risk registers and treatment plans.
• Facilitate risk reviews with business and technology stakeholders and present cybersecurity risk posture to senior leadership.
• Own cybersecurity policies, standards, procedures, and governance frameworks, ensuring alignment with industry standards and regulatory requirements.
• Maintain governance processes supporting cybersecurity decision-making.
• Lead cybersecurity compliance activities supporting PCI DSS, SOX, regulatory, and contractual requirements, coordinating internal and external audits.
• Manage remediation efforts resulting from audit findings and assessments.
• Maintain cybersecurity control documentation and evidence repositories.
• Lead Supplier Information Security Requirement (SISR) governance and oversight, managing third-party cybersecurity risk assessments and monitoring.
• Partner with Procurement, Legal, and Vendor Management organizations to ensure supplier security compliance.
• Lead enterprise cybersecurity awareness, training, and phishing simulation programs, establishing metrics to measure effectiveness and maturity.
• Drive continuous improvement of employee cybersecurity culture.
• Provide governance oversight of Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Application Penetration Testing, Infrastructure Penetration Testing, and Vulnerability Assessment Programs.
• Ensure testing results are tracked, reported, and remediated appropriately.
• Lead and develop cybersecurity governance personnel and contractors.
• Manage vendor and consulting relationships supporting GRC activities.
• Establish goals, objectives, and performance measures for the organization.
• Build a scalable governance function supporting DIRECTV's cybersecurity strategy.

Benefits

• Market-competitive compensation
• Bonus opportunities
• Comprehensive benefits package