Director - Governance, Risk and Compliance

About The Position

Requirements

• Bachelor’s degree in information technology, Computer Science, or a related field.
• 15+ years of experience in information security focusing on governance, risk and compliance domains.
• Strong knowledge of IT risk assessment, IT General Controls, NIST framework, and other compliance frameworks.
• Hands-on experience with third-party risk management programs, encompassing vendor assessments, contract clauses, remediation tracking, and customer trust initiatives.
• In-depth understanding of application, endpoint, network, cloud and infrastructure security controls to validate control design and drive mitigation of identified gaps.
• Expertise in deploying and managing GRC and automation platforms, and effectively translating risk data into executive dashboards and meaningful KRIs/KPIs.
• Familiarity with AI tools and trends such as generative and agentic AI, with a willingness to creatively apply emerging technologies to address identified risks.
• Strong leadership and interpersonal skills, with the ability to coach and grow the GRC team, set clear objectives, and foster collaboration across functions and levels.
• Proven ability to partner with Legal, Procurement, Technology, Compliance, Product, and Engineering teams to integrate security policies and standards into business processes.
• US applicants must be legally authorized to work in the United States without the need for employer sponsorship, now or at any time in the future.

Nice To Haves

• Master’s degree is preferred.
• Professional certifications like Certified Information Systems Auditor (CISA) or Certified Information Systems Security Professional (CISSP) are strongly preferred.

Responsibilities

• Develop and implement an Information Security GRC strategy, aligning with business objectives, risk tolerance, security frameworks, and regulatory requirements, providing both short-term and long-term roadmaps.
• Manage the lifecycle of security policies, standards, and procedures to comply with regulations and industry standards, including SOX, SOC2, ISO 27001, and DORA.
• Oversee the implementation and management of the Security GRC platform to enhance visibility into organizational risk and compliance, while providing actionable intelligence on vendor and customer-facing security posture.
• Lead and mature the third-party risk management and customer trust processes, including onboarding, risk assessments, audits, security documentation, and remediation efforts.
• Define and monitor key risk and compliance indicators (KRIs/KPIs), implementing continuous monitoring to ensure vendor performance, customer assurance, and policy adherence are in line with program effectiveness and accountability.
• Coordinate and support comprehensive technology audits and collaborate with external auditors to meet audit requirements and timelines, managing assessments of IT general controls and maintaining the enterprise cyber risk register.
• Foster a cyber-aware culture by implementing training programs, managing a Security Culture Framework, and building a high-performing GRC team through leadership, mentoring, and development.
• Partner with IT, security, and compliance teams to provide insights and guidance on risk mitigation strategies, control enhancements, and findings remediation, while communicating audit findings and recommendations to senior management.
• Prepare and present regular reports to the executive team on GRC posture and initiatives, leveraging automated audit tools and data analytics for improved audit efficiency and insights.

Benefits

• Mentorship and growth opportunities from senior employees.
• Career progression planning and a focus on career development, complete with dedicated time each month for conference attendance, online learning seminars, and networking.
• A robust social community dedicated to volunteerism, intramural sports, and team-building events.
• Business resource groups that align with our company value of "Always Inclusive," designed to foster a welcoming and supportive environment for all.