Director, Governance, Risk & Compliance

About The Position

Requirements

• 15+ years working in governance, risk and compliance and/or information security and risk management with direct ownership of controls and audits
• Functional knowledge of CISSP security domains and information security industry standards and best practices
• Strong understanding of applicable security regulatory requirements such as SOX and GDPR, including IT general controls
• Functional knowledge of ISMS governance models and frameworks (e.g., ISO 27001, NIST CSF, CAIQ) and common security certifications (e.g., SOC 2, ISO 27017-18, ISO-42001)
• Demonstrated experience with controls definition, development, implementation, assessment, and risk management
• IT audit background with solid project management and organizational skills, able to work in a fast-paced, ambiguous environment while meeting objectives and deadlines
• Ability to communicate risk methodologies and security concepts clearly to business stakeholders with strong attention to detail, accuracy, integrity, security, and confidentiality
• GRC tooling experience (ServiceNow GRC, etc.)
• Bachelor’s degree in a relevant field (e.g., Computer Science, Information Systems, Engineering, Business) or equivalent practical experience

Nice To Haves

• familiarity with FedRAMP certifications is a plus

Responsibilities

• Lead and mature the enterprise GRC program across policy, education, risk, audit, certifications, SOX ITGC, and customer/vendor assurance, ensuring a consistent and effective control environment
• Own and continuously improve security policies and user education, including global phishing simulations, training content, and follow-up awareness campaigns
• Plan and run external and internal audits for SOC 2 and ISO certifications, coordinating engagements, evidence collection and remediation
• Drive SOX ITGC compliance together with Finance and IT, aligning controls, testing, and documenting to support public-company readiness
• Lead risk assessments using ISO and NIST frameworks, maintain risk registers and treatment plans, and report risk posture to leadership and the board
• Oversee customer security questionnaires, RFX support, and trust portal content so customers have timely, clear answers and self-service options
• Manage third-party and vendor risk for key SaaS and infrastructure providers, reviewing their SOC reports, findings, and remediation
• Implement and optimize GRC tooling (e.g., ServiceNow GRC) and automation, including AI, to streamline workflows, monitoring, and reporting
• Lead and mentor a distributed GRC team, building a collaborative, high-performing culture
• Partner with Security Operations, Architecture, Product, Engineering, Finance, and Legal to embed security and compliance into everyday processes and projects
• Define, track, and report metrics, dashboards, and audit/control status to leadership for transparency and decision-making
• Maintain thorough documentation of controls, tests, issues, and remediation to support internal and external auditors
• Drive continuous improvement of the control environment, including exception management, remediation tracking, and control monitoring

Benefits

• Comprehensive health coverage, generous PTO, and flexible work options
• Learning opportunities, career-mobility programs, and leadership workshops
• Sixteen paid volunteer hours each year, global employee resource groups, and a “No Jerks” policy that keeps collaboration healthy
• Modern offices with EV charging, healthy snacks (and the occasional cupcake), plus hackathons, game nights, and culture celebrations
• Charitable Giving Program supported by Company Match
• We practice pay transparency and reward performance. Offers reflect role location, internal equity, experience, skills, education, and certifications. Base salary for this position: $159,000 - $244,860 plus corporate bonus potential