Director of Governance, Risk and Compliance

About The Position

Requirements

• Bachelor’s degree in management information systems, IT audit, cybersecurity or related degree program is required
• Minimum of 7+ years of experience in information security, IT risk management, compliance, or related GRC disciplines.
• Certification is required in a relevant area (e.g., CISA, CRISC, CISM).
• Demonstrated leadership experience building or scaling enterprise GRC programs.
• Experience with industry regulations (e.g., HIPAA, GDPR, CCPA), GovRAMP/FedRAMP, NIST standards (NIST 800-53), ISO 27001 certifications, SOC 2 reporting and security assessments, and leading frameworks such as AICPA Trust Services Criteria.
• Strong understanding of privacy regulations and experience with operational privacy work (data mapping and flow diagramming, DPIAs, data governance).
• Strong technical skills in cybersecurity, controls and AWS security audits; Big Four experience a plus.
• Excellent communication, presentation and negotiation skills, with the ability to influence internal and external stakeholders and write policies and controls documentation.
• Exceptional organizational and program management skills with a keen attention to detail.
• Ability to thrive in a fast-paced environment with competing priorities and deadlines.
• Ability to manage complex, cross-functional projects with internal and external stakeholders.

Responsibilities

• Develop and lead the enterprise Governance, Risk and Compliance (GRC) program to ensure effective alignment between business objectives, risk management and regulatory compliance requirements.
• Provide hands-on leadership for AI and security governance, cybersecurity controls (SOC 2, ISO 27001, GovRAMP/FedRAMP, CMMC, NIST 800-53, CJIS, PCI), data privacy and regulatory compliance (EU AI Act, GDPR, CCPA, PIPEDA, HIPAA).
• Partner with technology and business leaders to assess AI, technology and security risks, and ensure appropriate controls are designed, implemented, tested and operating effectively.
• Collaborate with ITS, Development and other departments to lead IT, security and business resiliency policy creation, maintenance, communication, training and enforcement across the enterprise.
• Safeguard Laserfiche information in accordance with Laserfiche Information Security Policies.
• Own and lead compliance and certification programs (SOC 2, ISO 27001, ISO 42001, ISO 9001, GovRAMP/FedRAMP, CCMC) that are aligned to industry standards and regulatory frameworks.
• Manage and conduct internal audits, risk assessments, third-party and vendor risk management assessments.
• Coordinate control self-assessments, remediation and risk treatment plans.
• Manage and update control matrices and risk registers; ensure controls are mapped to relevant frameworks and operating effectively.
• Manage continuous controls monitoring and risk reporting provided to external and internal stakeholders.
• Partner with Legal, ITS, Development, People and other organizations to operationalize privacy requirements.
• Oversee and perform data mapping and data inventory activities, ensuring accurate organizational understanding of data flows, risks and controls.
• Collaborate with Legal and other departments on performing DPIA/PIAs and other compliance initiatives.
• Lead the business continuity management program, including performing an annual business impact analysis (BIA), developing, testing and updating BCPs, and providing organizational training in collaboration with L&D.
• Coordinate with ITS on DR planning and testing, and working with executive stakeholders on updating and testing crisis management plans (CMP).
• Collaborate with Sales, ITS, Development and Legal on sales enablement initiatives including responding to RFPs and customer questionnaires on security controls, data privacy, AI, BCM, DR and CMP.
• Serve as a subject matter expert on internal controls and security, and collaborate with Product Strategy, Development and ITS on product enhancements, features and security capabilities.
• Monitor Laserfiche security controls and compliance with customer contractual requirements.

Benefits

• Generous time off:
• 15 Days of Vacation
• 3 Floating Holidays
• 2 Paid Volunteer Days
• 9 Paid Holidays
• Hybrid Work Environment
• Free Parking: covered and EV charging stations
• Various 401 (k) Investment Options and Generous Company Match
• HMO and PPO Medical Care Options