IT Security Associate Director - Governance and IT Compliance Platforms

About The Position

Requirements

• Deep understanding of IT risk, security, compliance, and audit frameworks (e.g., NIST CSF, NIST 800-53, ISO 27001, COBIT, SOX, HIPAA, PCI DSS).
• Strong technical knowledge of GRC platforms (e.g., ServiceNow IRM, Archer, MetricStream, OneTrust, or similar).
• Proven record of accomplishment of IT change management, system design, and technical product delivery.
• Experience designing automated workflows, integrations, and reporting dashboards.
• Excellent stakeholder management, communication, and executive reporting skills.
• Strong analytical and problem-solving abilities; able to balance risk, efficiency, and business needs.
• Familiarity with regulatory requirements in multiple jurisdictions (e.g., EU, US, APAC).
• Knowledge of IT processes such as change management, incident management, and CI/CD integration preferred.
• Ability to translate complex regulatory and risk requirements into system design.
• 12-15+ years of demonstrated progressive experience in IT, Cybersecurity, IT Governance and Risk, and Platform / Tool / Product architecture and management
• 10 years hands on experience delivering and leading wide-scale GRC platform initiatives and products
• 8+ years of hands on experience managing GRC platforms and solutions spanning multiple data sources, systems, and systems of record culminating and a centralized GRC ecosystem
• 5+ years management, enterprise-wide transition, and/or transformation programs
• Strong experience with various GRC and IT Security systems and platforms such as ServiceNow, and leading IT controls, compliance, scanning, vulnerability, and IT security tools and products
• Entrepreneurial mindset and proactive way to manage work.
• Able to deliver with limited oversight and take accountability of actions.
• Excellent presentation skills, both creating slides and delivering presentations to a variety of audiences.

Nice To Haves

• Robust system architecture experience and ability to connect functional and operational requirements stemming from risk management and governance into practical cross-system integrations and platforms.
• Experience building or transforming GRC solutions from one to another, from scratch, and/or through expansion of existing capabilities

Responsibilities

• Platform Strategy & Roadmap: Define and execute the enterprise GRC technology and platform strategy, ensuring alignment with security frameworks (e.g., NIST CSF, NIST 800-53, DORA, etc.).
• Platform Ownership: Serve as the primary owner of the GRC platform(s), overseeing configuration, integration, upgrades, managing platform changes and roadmap and optimization to meet enterprise needs.
• Process Enablement: Translate governance, risk, and compliance processes into platform workflows, dashboards, and reporting that support issue management, risk assessments, policy governance, evidence collection, risk register generation and alignment with organizational units.
• Stakeholder Engagement: Collaborate with information security, IT, compliance, operations, and legal partners in the development, integration, and operation of the platform and intertwined product strategies and roadmaps.
• Automation & Efficiency: Drive automation of risk and compliance processes to reduce manual effort, improve audit readiness, and increase sustainability of controls.
• Data & Reporting: Develop dashboards, analytics, and reporting to provide actionable insights to executives, regulators, auditors, and business leadership.
• Platform Governance: Establish platform governance standards, change control processes, and ongoing lifecycle management and own/drive cross-functional sessions and demand management mechanisms.
• Vendor Management: Manage relationships with platform vendors and system integrators, including licensing, renewals, escalations, and roadmap discussions.
• Leadership: Lead and mentor a small team of GRC platform administrators, analysts, or consultants as needed.

Benefits

• A comprehensive benefits package that begins your first day of employment.
• Medical, Dental, & Vision Plans
• 401(k)
• FSA/HSA
• Commuter Benefits
• Tuition Assistance Plan
• Vacation and Sick Time
• Paid Parental Leave