Director, Information Security Governance

About The Position

Requirements

• Bachelor’s degree in Cybersecurity, Risk Management, Business, Accounting, Legal Studies, or related field (or equivalent experience)
• Experience building or operating a control library/control governance program in a regulated environment (financial services preferred), including rationalization, ownership models, traceability, and documentation standards
• Strong knowledge of information security governance and control frameworks (e.g., NIST 800-53, ISO 27001) and how to translate requirements into clear control expectations and evidence standards
• Program discipline: build repeatable processes, manage to SLAs, maintain clean trackers, and drive closure across multiple concurrent priorities
• Strong partnership skills with Legal, Compliance, Risk, Internal Audit, and technology teams, including navigating sensitive topics, driving approvals, and aligning to enterprise positions
• Excellent writing and editing skills; able to produce clear, durable governance artifacts (policies, standards, narratives, mappings, and test scripts) usable by practitioners and defensible under review
• Strong judgment and attention to detail; comfortable operating with ambiguity, deadlines, and high scrutiny while maintaining sound governance
• Ability to influence without authority, driving timely decisions and action from distributed owners

Nice To Haves

• Experience with financial services regulatory frameworks and expectations (e.g., NYDFS 23 NYCRR 500, FFIEC, SOC 1/2, ISO 27001), and translating requirements into evidence and narratives
• Experience improving control and policy governance through process standardization and GRC tooling (e.g., control libraries, mapping taxonomies, workflow/approvals, reporting) and driving measurable reductions in duplication and rework
• Relevant industry certifications: CISA, CISM, CISSP, etc.

Responsibilities

• Own the operating model for the Information Security control library (taxonomy, metadata, ownership, workflow, and quality gates) in partnership with Risk and key stakeholders.
• Map Information Security policies, standards, and procedures to the control library and maintain end-to-end traceability.
• Manage the full lifecycle for Information Security policies, standards, and procedures (intake, review, approvals, publication, exceptions/waivers alignment, periodic refresh, and retirement).
• Maintain the control inventory and generic control records in the GRC platform, including new control creation, narrative upkeep, and rationalization of duplicates.
• Develop and maintain control narratives that describe intent, design, operation, and evidence expectations for prioritized controls.
• Partner with Risk and assurance teams to define reusable test procedures and scripts, including standard evidence specs and opportunities for automation.
• Implement quality checks and periodic attestations (completeness, accuracy, mapping integrity, currency, and ownership) and drive remediation with control owners.
• Improve how requirements and controls are consumed: publish plain-language guidance, FAQs, and audience-specific views for engineers, operators, and leaders.
• Support framework alignment by validating mappings to industry frameworks (e.g., NIST SP 800-53) and recommending updates as needs and best practices evolve.
• Advise on control testing and RCSA maturation, including recommended KPIs/metrics, reporting, and combined assurance opportunities.
• Continuously improve governance processes, templates, and tooling to increase consistency, adoption, and auditability.

Benefits

• Market competitive base salaries, with a yearly bonus potential at every level.
• Medical, dental, vision, life insurance, disability insurance, Paid Time Off (PTO), and leave of absences, such as parental and military leave.
• 401(k) plan with company match (up to 4%).
• Company-funded pension plan.
• Wellness Programs including up to $1,600 a year for reimbursement of items purchased to support personal wellbeing needs.
• Work/Life Resources to help support topics such as parenting, housing, senior care, finances, pets, legal matters, education, emotional and mental health, and career development.
• Education Benefit to help finance traditional college enrollment toward obtaining an approved degree and many accredited certificate programs.
• Employee Stock Purchase Plan: Shares can be purchased at 85% of the lower of two prices (Beginning or End of the purchase period), after one year of service.