Director, Cybersecurity GRC

About The Position

Requirements

• Bachelor’s degree in Cybersecurity, Information Security, Computer Science, Risk Management, or a related field.
• 8–12 years of progressive experience in cybersecurity risk management, compliance, audit, or GRC functions.
• Minimum of 5 years in a senior leadership role with responsibility for enterprise-level programs and people leadership.
• Deep expertise in cybersecurity governance frameworks, regulatory requirements, and control environments.
• Demonstrated experience building or transforming cybersecurity GRC programs within complex, multi-site or regulated environments.
• Proven ability to engage effectively with executive leadership, auditors, and regulators.
• Strong analytical, communication, and influencing skills, with the ability to translate technical risk into business impact.
• Hands-on experience with enterprise GRC platforms such as ServiceNow GRC, LogicGate, Drata, or similar solutions.
• Must be eligible to work in the U.S. with no restrictions.

Nice To Haves

• Advanced degree and/or professional certifications strongly preferred, including CISA, CISM, CISSP, CRISC, GRCP, or equivalent.

Responsibilities

• Define and execute the enterprise cybersecurity GRC strategy, roadmap, and maturity model aligned to business objectives and regulatory expectations.
• Establish governance structures, policies, and standards that support consistent cybersecurity risk management and compliance across the organization.
• Serve as the executive subject matter expert for cybersecurity risk, compliance, and control frameworks (e.g., NIST CSF, ISO 27001, PCI DSS, privacy regulations).
• Lead enterprise cybersecurity risk assessments, risk prioritization, and remediation oversight, including emerging threat and regulatory risk analysis.
• Own the design, implementation, and continuous improvement of cybersecurity policies, standards, procedures, and control frameworks.
• Oversee compliance efforts related to regulatory, contractual, and industry obligations, including audit readiness, evidence management, and remediation tracking.
• Act as the primary liaison for cybersecurity GRC matters during internal audits, external audits, regulatory reviews, and third-party assessments.
• Provide regular reporting to executive leadership and governance committees on cybersecurity risk posture, compliance status, key risk indicators (KRIs), and program performance.
• Partner with the CISO and Technology leadership to define cybersecurity risk appetite and integrate risk considerations into strategic initiatives.
• Collaborate with the CISO to build and run a Cyber Risk Steering Committee that integrates cybersecurity risk governance into the enterprise risk management framework.
• Lead, mentor, and develop a high-performing GRC team, fostering accountability, continuous improvement, and a culture of risk awareness.
• Influence and coordinate cybersecurity risk management activities across Technology, Security, Legal, Privacy, Internal Audit, and business units.
• Own the evaluation, selection, implementation, and optimization of enterprise GRC tools to drive automation, consistency, and executive-level reporting.
• Support due diligence activities related to mergers, acquisitions, and strategic partnerships from a cybersecurity risk and compliance perspective.
• Provide strategic leadership and direction for the cybersecurity GRC function, balancing risk reduction with business enablement.
• Establish measurable program goals, KPIs, and KRIs to demonstrate risk reduction and compliance effectiveness over time.
• Ensure clear accountability for risk ownership and remediation across Technology and business stakeholders.
• Coach and develop team members, building a scalable and resilient cybersecurity GRC capability.

Benefits

• This role offers an opportunity to lead and mature a critical cybersecurity function with high executive visibility and impact.