Director, Governance Risk & Compliance (GRC)

About The Position

Requirements

• Bachelor’s or Master’s degree in Information Security, Cybersecurity, Computer Science, Management Information Systems, or a related field, or related experience.
• 5+ years of experience in Information Security.
• 1+ year of direct people management experience, including managing performance, coaching and developing personnel.
• 3+ years working with security and risk frameworks such as PCI DSS NIST, ISO, CIS, etc.
• 3+ years of hands-on experience in control testing methodologies, risk assessments, and/or security audits and assessments.
• Strong knowledge of security frameworks (PCI DSS, NIST CSF, ISO 27001, etc.).
• A professional certification such as CISSP, CISM, CRISC, or CISA is a plus.
• Strategic thinker with a proactive and solutions-oriented approach.
• Proven ability to influence senior stakeholders and partner with engineering and technology teams.
• Effective communication and leadership skills.

Nice To Haves

• Financial services or highly regulated industry experience is a plus.

Responsibilities

• Provide direction, coaching and development for the Compliance team to ensure effective execution of security governance, risk and compliance activities.
• Draft, maintain and evolve policies, standards, and procedures to align with industry best practices, regulatory requirements, and business needs.
• Serve as a primary contact for PCI DSS, SOC 2, NIST and security and compliance related customer and prospect audits and assessments.
• Coordinate security program testing, control validations, and independent assessments to validate program effectiveness and compliance with frameworks such as NIST CSF and PCI DSS, overseeing timely tracking, remediation and reporting of control gaps.
• Oversee annual enterprise risk assessments, security reviews, business impact analyses, business continuity/incident response tabletops, and critical service provider assessments, ensuring identification, tracking and remediation of risks.
• Drive continuous improvement of GRC processes, tools and methodologies to enhance program maturity.
• Partner with business units to strengthen a multifaceted security, privacy and compliance awareness program, fostering a culture of shared responsibility for information security, privacy and compliance.
• Develop, track, and report meaningful metrics and key risk indicators (KRIs) for Executive Leadership.
• Collaborate with Human Resources, Engineering, IT and other internal teams to ensure alignment of security practices across the enterprise.
• Work with internal teams to track and verify remediation of issues identified during testing, ensuring timely and effective resolution and reporting.
• Provide guidance to the company on emerging risks, industry trends, and regulatory expectations to influence security strategy and business decisions.
• Perform other functions as assigned.

Benefits

• Innovative work environment.
• Transparent company culture.
• Customer-centric approach.
• Fun team activities.