Director, Governance, Risk, & Compliance
About The Position
This position is responsible for leading the execution of Information Security governance, risk, and compliance programs; developing and maintaining the compliance framework; supporting compliance and attestation activities; oversight of security policy management, exceptions, subsidiary risk, and third-party risk management; facilitating the identification, reporting, management, and remediation of security risks; maintaining effective risk tracking and reporting processes; and identifying and recommending improvements to the organization’s security risk management controls. Support budget planning and resource allocation for GRC initiatives. Contribute to business cases supporting GRC investments. Provide input to investment and prioritization decisions.
Requirements
- Bachelors Degree and 10 years in Information Technology / Information Security or 14 years of experience Information Technology, Information Security, Risk, or Compliance disciplines
- 4-5 years in Management or Leadership experience
- Knowledge of project management
- Information Technology and security risk management
- Knowledge of regulatory and compliance standards and practices
- Understanding of information security principles and control frameworks
- Understanding of business priorities and technology capabilities
- Strong oral and written communication skills
- Strong analytical and problem-solving skills
- Experience with security standards, regulatory compliance tools, and platforms
- Knowledge of emerging technologies and associated risk implications
- System and technology integration concepts
- IT standards, procedures, and policies
- Applied governance and risk program execution
- Ability to influence stakeholders and execute within complex organizations
- Leadership—effectively leads teams and collaborates across functions
- Adaptability and ability to manage change
- Relationship management and conflict resolution skills
Nice To Haves
- Bachelor’s Degree in Computer Science, MIS, or related field
- Experience supporting subsidiary governance and/or third-party risk programs preferred
Responsibilities
- Leading the execution of Information Security governance, risk, and compliance programs
- Developing and maintaining the compliance framework
- Supporting compliance and attestation activities
- Oversight of security policy management, exceptions, subsidiary risk, and third-party risk management
- Facilitating the identification, reporting, management, and remediation of security risks
- Maintaining effective risk tracking and reporting processes
- Identifying and recommending improvements to the organization’s security risk management controls
- Support budget planning and resource allocation for GRC initiatives
- Contribute to business cases supporting GRC investments
- Provide input to investment and prioritization decisions
Benefits
- health and wellness benefits
- 401(k) savings plan
- pension plan
- paid time off
- paid parental leave
- disability insurance
- supplemental life insurance
- employee assistance program
- paid holidays
- tuition reimbursement
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Director
