Director Governance Risk and Compliance

About The Position

Requirements

• Bachelor’s degree in information security, Computer Science, or a related field
• Minimum of 12 years of experience in cybersecurity, with a focus on risk management
• Expert in the implementation and operational management of OneTrust, working knowledge of Service Now, and Auditboard.
• Process driven with an extensive knowledge of cyber risk management frameworks, tools, and methodologies
• Master in the ability to “tell a story” through PowerPoint leveraging metrics and creativity for various levels of the enterprise (Board, ERM, Steerco, Business and/or tech leaders)
• Proven experience in senior leadership roles, managing teams, and influencing executive stakeholders, driving outcomes
• Experience in establishing and managing regulatory compliance in NIST, PCI-DSS, SOX, SOC 1/2, CCPA, HIPAA
• Deep understanding in cybersecurity metrics programs that are meaningful and risk/risk posture reporting
• Strategic thinker with a strong understanding of cyber risks, vulnerabilities, and risk mitigation options
• Innovative thinker, adaptable to change, self-driven, aggressive, and detail oriented with the ability to establish true partnerships that drives business enablement while managing risk
• Exceptional communication and executive level presentation skills, capable of translating technical risk into business terms
• Must have the ability to drive enterprise aligned roadmaps focusing on top cyber risks, cyber priorities, industry threats that align to the business
• Excellent analytical, problem-solving, and decision-making skills

Nice To Haves

• Master’s degree preferred

Responsibilities

• Develop a short term and long-term comprehensive Governance and Risk Management Strategy
• Develop, communicate, and implement enterprise-wide security policy, standards, procedures, and guidelines.
• Provide strategic guidance to the CISO for the representation of risks to the Board, Audit committee, and ERM
• Lead a team of cyber specialists, providing direction and supporting their development
• Conduct regular risk assessments, including PCI-DSS and SOX, and develop comprehensive risk management plans for various business units and projects
• Support Internal Audit with engagements requiring technology support.
• Vendor Risk Management (VRM): Oversee the VRM integration, including risk reviews, contract management, and ongoing monitoring to manage risks associated with third-party vendors and suppliers
• Support the identification, evaluation, and prioritization of cyber risks across the organization
• Oversee production, reporting and evolution of cyber risk metrics, including Key Performance Indicators (KPIs), scorecards, and Key Risk Indicators (KRIs)
• Conduct risk analysis, providing insights on issues and direction on risk mitigation strategies
• Drive automation, analytics, and continuous improvement of processes
• Engage with a range of senior stakeholders across Lines of Defense to ensure appropriate oversight and reporting of cybersecurity risks and vulnerabilities
• Collaborate with cross-functional teams on cyber risk remediation activities
• Ensure regulatory compliance with frameworks in NIST, SOC 1&2, PCI, SOX, CCPA
• Maintain the database and reporting platform to ensure compliance to our security policies and standards.