Director, Governance, Risk, & Compliance (GRC)

About The Position

Requirements

• 10+ years of experience in cybersecurity governance, risk management, compliance, or assurance.
• 5+ years leading enterprise-scale GRC programs or teams.
• Demonstrated experience supporting executive and board-level risk discussions.

Nice To Haves

• Strong executive communication and stakeholder management skills.
• Professional certifications such as CISSP, CISM, CRISC, or CISA.
• Experience with modern GRC platforms, automation, analytics, and AI-augmented GRC workflows.
• Experience applying AI responsibly in areas such as risk assessment, control testing, evidence management, or continuous monitoring.
• Experience with connected products, cloud platforms, or regulated technology environments.
• Experience operating in global or multi-jurisdiction organizations.
• Builder mindset with the ability to modernize and scale GRC capabilities.
• Business-oriented, risk-based decision-maker with strong judgment and integrity.
• Comfortable operating with board-level visibility and accountability.
• Able to influence executives, engineers, and partners with equal credibility.
• Pragmatic, structured, and execution-focused leadership style.

Responsibilities

• Define and maintain the enterprise cybersecurity governance framework, including decision rights, escalation paths, and exception handling.
• Own the cybersecurity policy, standards, and exception lifecycle across enterprise and product environments.
• Ensure clear ownership and accountability for security controls, compliance obligations, and accepted risks.
• Serve as a senior advisor to the CISO and executive leadership on governance decisions and material risk trade-offs.
• Own the cybersecurity risk management framework, including risk taxonomy, scoring methodology, appetite, and acceptance thresholds.
• Maintain the enterprise risk register and an integrated portfolio view of cyber risk across enterprise, product, and third-party domains.
• Provide leadership with an aggregate, decision-ready risk posture to support prioritization, investment planning, and risk acceptance.
• Lead risk assessments for enterprise IT, cloud platforms, connected products, and critical suppliers.
• Ensure risk acceptance decisions are well-documented, time-bound, reviewed, and auditable.
• Lead preparation of cybersecurity risk materials for executive leadership, board committees, and full board briefings.
• Translate technical and operational cyber risk into business impact, financial exposure, and strategic implications.
• Support the CISO in board-level discussions related to cyber risk posture, trends, and material risk decisions.
• Lead enterprise and product cybersecurity compliance programs aligned to regulatory, statutory, and customer requirements.
• Translate regulatory obligations into pragmatic, enforceable control expectations embedded into business and engineering workflows.
• Partner with Product Security and Engineering to integrate security-by-design and compliance into product development lifecycles.
• Monitor emerging regulations and contractual obligations and define readiness roadmaps that minimize disruption to delivery.
• Own security audit, customer assurance, and certification readiness across enterprise and product environments.
• Establish an always-audit-ready operating model with defined control ownership, evidence standards, and testing cadence.
• Oversee remediation of audit findings and control gaps using durable, sustainable solutions.
• Provide executive visibility into audit status, findings, trends, and remediation progress.
• Support third-party and supply-chain cybersecurity risk governance, including vendor onboarding, assessments, and ongoing oversight.
• Define risk-based tiering, minimum security requirements, and escalation thresholds for suppliers.
• Partner with Finance, Legal, and Risk Management to support cyber insurance underwriting, renewals, and claims.
• Provide risk data, metrics, and control evidence required to support cyber insurance placement and renewal activities.
• Define and maintain key risk indicators (KRIs), compliance metrics, and portfolio-level reporting.
• Use automation, analytics, and AI-enabled capabilities to improve risk signal quality and reduce manual effort.
• Continuously optimize GRC processes to improve efficiency, decision speed, and risk transparency.
• Partner with HR and Security Leadership to reinforce governance and risk expectations through role-based training.
• Drive consistent adoption of governance practices across IT, engineering, and product organizations.

Benefits

• Join a team that truly values work life integration and balance where your well being comes first.
• Grow your career while diving into cutting edge technologies and continuous learning opportunities.
• Help shape innovative IoT and control solutions that influence the everyday lives of millions.
• Channel your curiosity and passion for discovery while exploring new possibilities and bringing forward bold use cases that help us pioneer the future.