Director, IT Governance, Risk & Compliance (GRC)

About The Position

Requirements

• Bachelor's degree in Information Technology, Cybersecurity, Information Systems, Risk Management, Business Administration, or related field.
• 10+ years of progressive IT, cybersecurity, audit, risk, or compliance experience.
• 5+ years in a leadership or management role.
• Experience leading enterprise GRC programs.
• Demonstrated experience with regulatory compliance and security frameworks.
• Experience working with executive leadership and audit committees.
• Enterprise Risk Management (ERM)
• IT Governance Frameworks
• Cybersecurity Risk Assessment Methodologies
• Audit and Control Testing
• Third-Party Risk Management
• Policy Development and Management
• Security and Compliance Monitoring Tools
• Governance, Risk & Compliance Platforms (Archer, ServiceNow GRC, OneTrust, AuditBoard, LogicGate, etc.)
• Metrics, Reporting, and Executive Dashboard Development
• Strategic Thinking
• Executive Communication
• Cross-Functional Collaboration
• Program Management
• Change Management
• Decision-Making Under Risk
• Team Development and Coaching
• Stakeholder Relationship Management

Nice To Haves

• Master's degree preferred.
• CISSP (Certified Information Systems Security Professional)
• CISM (Certified Information Security Manager)
• CRISC (Certified in Risk and Information Systems Control)
• CGEIT (Certified in Governance of Enterprise IT)
• CISA (Certified Information Systems Auditor)
• ISO 27001 Lead Auditor or Lead Implementer

Responsibilities

• Develop and maintain the enterprise IT GRC strategy, framework, and roadmap.
• Establish governance structures, policies, standards, and procedures for IT and cybersecurity.
• Present risk, compliance, and governance updates to executive leadership and governance committees.
• Align IT risk management initiatives with business objectives and organizational priorities.
• Drive continuous improvement of governance and control processes.
• Lead enterprise IT risk assessments and risk treatment programs.
• Identify, assess, monitor, and report technology and cybersecurity risks.
• Maintain IT risk registers and oversee remediation efforts.
• Facilitate third-party/vendor risk management programs.
• Develop key risk indicators (KRIs) and risk reporting metrics.
• Ensure compliance with applicable regulations and frameworks such as NIST Cybersecurity Framework (CSF), NIST 800-53, ISO 27001, SOC 1 / SOC 2, PCI-DSS, HIPAA, GDPR, SOX IT General Controls (ITGC), CIS Controls.
• Manage compliance assessments, audits, and certification activities.
• Track regulatory changes and evaluate organizational impact.
• Coordinate remediation plans for compliance findings.
• Serve as the primary liaison for internal and external auditors.
• Develop and maintain IT control frameworks and documentation.
• Oversee testing of IT General Controls (ITGCs) and security controls.
• Monitor corrective actions resulting from audits and assessments.
• Ensure evidence collection and audit readiness across IT functions.
• Collaborate with cybersecurity leadership on security governance initiatives.
• Support security awareness and policy compliance programs.
• Measure control effectiveness through metrics and reporting.
• Participate in incident response reviews and post-incident risk assessments.
• Promote a culture of security and accountability throughout the organization.
• Build, mentor, and lead IT GRC professionals.
• Establish departmental goals, KPIs, and performance metrics.
• Manage GRC budgets, vendors, and consulting engagements.
• Foster collaboration among IT, Security, Legal, Privacy, Internal Audit, and business units.