Director, Governance, Risk & Compliance

About The Position

Requirements

• Proven experience (6+ years) in a security leadership role with deep expertise in cybersecurity governance, risk management, and compliance
• Proven experience with regulatory frameworks (PCI DSS, SOC 2, ISO 27001, NIST, SOX)
• Experience in financial services, fintech, or highly regulated industries
• Demonstrated success in audit management and customer-facing security assessments
• Strong analytical and problem-solving capabilities with attention to detail
• Excellent written and verbal communication skills for technical and executive audiences
• Experience with GRC tools (OneTrust, ServiceNow, or similar platforms)
• Strong business acumen and ability to align security initiatives with business objectives
• Track record of cultivating relationships across teams, influencing decision making, and collaborating with stakeholders at all levels of the organization
• Proven ability to develop structure, advance execution, and measure performance within various and complex projects, teams, and environment
• Proactive and strategic mindset, with the ability to anticipate business needs of the cybersecurity organization and stakeholders
• A strong bias toward action and ability to operate proactively and effectively in a dynamic, fast-paced environment
• High ethical standards and a commitment to promoting a strong security culture
• One or more industry certifications: CISM, CRISC, CISSP, ISO 27001 Lead Auditor, or equivalent

Nice To Haves

• Bachelor's or Master's degree in Computer Science, Information Security, or related field
• Experience with cloud security frameworks and third-party risk management
• Knowledge of M&A cybersecurity due diligence processes
• Experience in customer trust and sales enablement functions

Responsibilities

• Governance & Policy Management Develop, implement, and maintain cybersecurity policies, standards, and control frameworks aligned with industry regulations and business objectives
• Establish and operate cybersecurity governance models, steering committees, and approval processes
• Maintain unified control inventory and oversee validation activities with internal and external assessors
• Risk Management Design and execute comprehensive cybersecurity risk assessment frameworks and methodologies
• Manage risk treatment plans, remediation tracking, and escalation processes in alignment with enterprise risk management
• Provide risk advisory services and integrate findings into strategic cybersecurity planning
• Compliance & Audit Support Lead compliance readiness assessments and coordinate audit activities across multiple frameworks (PCI DSS, SOC 2, ISO 27001, etc.)
• Manage audit findings remediation and maintain compliance reporting for internal and external stakeholders
• Support legal and contract negotiations regarding cybersecurity requirements
• Third-Party & Customer Trust Oversee third-party cybersecurity risk assessments and vendor management processes
• Lead customer due diligence, security questionnaire responses, and Trust Center operations
• Support sales enablement through security documentation and customer audit facilitation

Benefits

• Multiple health insurance options
• Flexible time off – take what you need
• Retirement savings program with company contribution and after tax contributions
• Equity in a publicly-traded company and an Employee Stock Purchase Program
• Family-forming benefits, fertility support, and up to 20 weeks of Parental Leave
• Free therapy sessions, financial and professional coaching, and legal advice
• Monthly stipend to support our remote work model
• Annual “development dollars” to support our people growth and development
• Through Flex First, the freedom to live and work wherever you and your family thrive