Director, Governance, Risk & Compliance

About The Position

Requirements

• 7–10+ years of experience in cybersecurity, spanning security analysis, compliance and regulatory affairs, risk management, or audit.
• Demonstrated experience leading and managing GRC programs, including risk registers, remediation planning, and executive-level reporting.
• Proven track record managing security audits and assessments for SOC 2, ISO 27001, GDPR, CCPA, and other standards; familiarity with PCI, HITRUST, and GLBA is a plus.
• Hands-on experience with vendor and third-party risk management programs, including evaluation of cybersecurity and data protection controls.
• Experience with incident response tracking, documentation, and reporting.
• Proven ability to lead and influence across business units, translating complex risk concepts for both technical and non-technical audiences.
• Strong understanding of IT general controls, cloud controls, and how they intersect with business operations.
• Balances risk management with business efficiency — security controls should enable, not obstruct, business objectives.
• Strong project management skills with the ability to manage multiple audits, assessments, and programs simultaneously.
• High integrity and professionalism, with the confidence to represent the organization at the executive level.
• Outstanding written and verbal communication skills, producing thorough documentation and presenting clearly to varied audiences.
• Organized, efficient self-starter capable of operating with minimal supervision.
• Bachelor’s degree, trade school certification, or equivalent professional experience required; Master’s degree desirable.

Nice To Haves

• 2+ years of experience with AWS and/or Microsoft Azure cloud security configuration and management preferred.
• Preferred certifications (not required): CISSP, CISM, CISA, CRISC, or GSLC.

Responsibilities

• Lead organization-wide risk analysis, maintaining a risk register with documented remediation and mitigation plans.
• Serve as the primary advisor on information security risks to security management and business unit leads.
• Establish and own the strategy for managing security audits, compliance checks, and external assessments — including GDPR, SOC 2, ISO 27001, CCPA, and other applicable standards.
• Liaise with internal and external auditors to implement and sustain required controls.
• Build and manage a comprehensive vendor risk program, evaluating the cybersecurity and data protection controls of third parties, vendors, and business partners.
• Drive ongoing security program improvement by amplifying areas of strength and developing actionable plans to address gaps.
• Develop and report key metrics to security and business leadership.
• Lead data governance and data protection programs, ensuring alignment with enterprise risk management principles and up-to-date documentation of systems and processes.
• Facilitate IT compliance across identified controls, including IT general controls (ITGCs), application, cloud, and cybersecurity controls.
• Document, communicate, and enforce security policies that balance risk with business operations.
• Champion cybersecurity best practices across all business units to reduce the organization’s attack surface.
• Oversee GRC-related incident response activities, tracking occurrences and resolutions with strict documentation and reporting protocols.
• Manage the access review process to ensure appropriate access is consistently granted, maintained, and revoked.
• Duties, responsibilities and activities may change at any time according to business needs.
• The performance of additional responsibilities if you are designated as a Data Protection Champion (DPC), Senior Information Risk Owner (SIRO) or Information Assurance Accounting Officer (IAAO).

Benefits

• Accommodations Plus International is an Equal Opportunity Employer that does not discriminate on the basis of actual or perceived race, creed, color, religion, alienage or national origin, ancestry, citizenship status, age, disability or handicap, sex, marital status, veteran status, sexual orientation, genetic information, arrest record, or any other characteristic protected by applicable federal, state or local laws. Our management team is dedicated to this policy with respect to recruitment, hiring, placement, promotion, transfer, training, compensation, benefits, employee activities and general treatment during employment.