Director of IT Governance, Risk and Compliance

About The Position

Requirements

• Bachelor’s degree in Information Technology, Cybersecurity, Risk Management, or a related field.
• Strong understanding of SOX, data privacy regulations, and technology compliance requirements.
• Ten or more (10+) years of progressive experience in IT risk management, IT audit, information security, or governance within financial services or a highly regulated industry.
• Deep expertise in IT risk frameworks, such as NIST, COBIT, ISO 27001, and regulatory environments.
• Proven experience managing regulatory exams and audit engagements.
• Ability to communicate effectively with technical and non-technical stakeholders, including senior leadership.
• Demonstrated ability to lead complex risk programs and influence senior stakeholders, including executive leadership.
• Very strong analytical & problem-solving skills
• Successful candidates must pass pre-employment credit checks, background checks, and drug screens.

Nice To Haves

• Advanced degree preferred.
• Relevant certifications preferred (e.g., CISM, CRISC, CISSP, CISA)

Responsibilities

• Define And maintain the IT risk management framework, ensuring alignment with enterprise risk appetite and business strategy.
• Develop and execute a multi year IT risk maturity road map, including governance, controls, and reporting enhancements.
• Provide executive level and board reporting on IT risk posture, trends, and emerging threats.
• Establish and oversee IT governance structures, policies, standards, and procedures.
• Lead enterprise IT risk assessments, including infrastructure, applications, and security architecture reviews.
• Identify vulnerabilities, evaluate risk exposure, and ensure timely mitigation of identified issues.
• Oversee risk acceptance processes and provide escalation authority for material IT and security risks.
• Review and challenge risk decisions, ensuring consistency with organizational risk tolerance.
• Serve as primary point of contact for IT regulatory examinations and audits.
• Manage IT exam life cycle, including preparation, coordination, and response.
• Oversee tracking, reporting, and remediation of IT findings from regulators and internal/ external audits.
• Maintain comprehensive documentation of audits, findings, and corrective actions.
• Interpret and operationalize regulatory requirements related to IT systems, data protection, and information security to include SOX, data privacy laws, and financial regulations.
• Develop and implement strategies to ensure ongoing compliance with applicable laws and standards.
• Partner with legal and compliance teams to monitor regulatory changes and assess impact on IT controls.
• Provide oversight of IT risk associated with third party vendors, including material risk vendor reviews and escalations.
• Collaborate with vendor management teams to ensure adequate controls and risk mitigation strategies.
• Assess risks associated with new technologies, products, and services, ensuring appropriate governance and control implementation.
• Partner closely with information security to align on security controls, risk assessments, and remediation priorities.
• Work with business and technology stakeholders to embed risk management practices into day-to-day operations.
• Promote a strong risk-aware culture across the organization.