Director, Governance, Risk & Compliance

About The Position

Requirements

• 15+ years of experience in governance, risk, and compliance and/or information security and risk management, with direct ownership of controls, audits, and enterprise compliance programs
• Functional knowledge of CISSP security domains and information security industry standards and best practices; CISSP preferred
• Strong understanding of applicable security regulatory requirements such as SOX and GDPR, including IT general controls
• Functional knowledge of ISMS governance models and frameworks such as ISO 27001, NIST CSF, and CAIQ, as well as common security certifications such as SOC 2, ISO 27017/27018, and ISO 42001
• Demonstrated experience defining, developing, implementing, assessing, and scaling controls and risk management programs, with a strong track record of leading automation initiatives and applying AI to accelerate GRC processes
• Proven ability to evaluate manual processes, design more efficient operating models, and implement automation that improves quality, consistency, and team capacity
• Hands-on experience with GRC platforms and workflow tooling such as ServiceNow GRC, AuditBoard, or similar solutions, including configuration and optimization of automated workflows, automatic evidence gathering, gen-AI tooling, and reporting
• IT audit background with strong project management and organizational skills; able to work in a fast-paced, ambiguous environment while meeting objectives and deadlines
• Ability to communicate risk methodologies, compliance priorities, and security concepts clearly to business stakeholders, with strong attention to detail, accuracy, integrity, security, and confidentiality
• Bachelor’s degree in a relevant field such as Computer Science, Information Systems, Engineering, or Business, or equivalent practical experience; familiarity with FedRAMP certifications is a plus

Nice To Haves

• CISSP preferred
• familiarity with FedRAMP certifications is a plus

Responsibilities

• Lead and mature the enterprise GRC program across policy, risk, audit, certifications, SOX ITGC, and customer/vendor assurance, ensuring a scalable and effective control environment
• Own the GRC automation strategy and roadmap, designing workflow automation, AI‑enabled processes, and continuous control monitoring that reduce manual effort and improve control quality and transparency
• Oversee security policy, user education, phishing simulations, and awareness programs, using automation to strengthen engagement and follow-through
• Lead internal and external audits for SOC 2 and ISO certifications, coordinating evidence collection, remediation, and stakeholder alignment
• Drive SOX ITGC compliance with Finance and IT, aligning controls, testing, documentation, and automation to support public-company readiness
• Lead enterprise risk assessments using ISO and NIST frameworks, maintaining risk registers, treatment plans, and scalable reporting processes
• Manage customer trust activities, including security questionnaires, RFX support, trust portal content, and third-party risk for key vendors and providers
• Implement and optimize GRC tooling such as ServiceNow GRC and AuditBoard to support integrated workflows, control mapping, metrics, and executive visibility
• Lead and mentor a distributed GRC team while partnering cross-functionally to embed security, compliance, and scalable control practices across the business
• Drive continuous improvement through strong documentation, metrics, exception management, remediation tracking, and expanded use of AI and automation across GRC operations

Benefits

• Comprehensive health coverage, generous PTO, and flexible work options
• Learning opportunities, career-mobility programs, and leadership workshops
• Sixteen paid volunteer hours each year, global employee resource groups, and a “No Jerks” policy that keeps collaboration healthy
• Modern offices with EV charging, healthy snacks (and the occasional cupcake), plus hackathons, game nights, and culture celebrations
• Charitable Giving Program supported by Company Match
• pay transparency
• reward performance
• corporate bonus potential