IT Security Director, GRC Strategy, Platforms & Architecture Lead,

As the IT Security Director and GRC Strategy, Platforms & Architecture Lead, you will serve as a senior leader responsible for the strategic direction, governance, and operational oversight of the organization’s Governance, Risk, and Compliance (GRC) platforms. This role drives the overall GRC strategy, ensuring that all aspects of cyber governance, controls, compliance, and risk operations are seamlessly integrated through people, processes, and technology. You will ensure that security, risk, compliance, and audit functions are effectively supported by scalable technology solutions aligned with organizational policies and evolving regulatory requirements. Partnering closely with security leadership, IT, product development, legal, compliance, and business stakeholders, you will enable a consistent, automated, and efficient control environment across the enterprise. This position offers a flexible hybrid work schedule from our local office. (2 days in office, 3 days remote) Essential Duties and Responsibilities GRC Strategy: Understand and drive strategy across security governance, controls, compliance and risk operations to build scalable, functional, and timely solutions, that enable scalable processes, high quality outcomes, and enhanced risk management across the Company. Executive Communication and Leadership: Accountable for executive level reporting, communications, and influence to ensure that security Governance and IT risk operations platforms, architecture, and processes are enabled, integrated with, leveraged and decisions / outcomes are in line with Cybersecurity & Technology Controls (CTC) principles. Strong influence and communication skills are mandatory, and the leader must be able to manage a small team of contractors and employees spanning engineering and platform roles. Controls, IT Risk Operations, and Policies/Standards Support: Act as a seasoned expert and advisor to other CTC leaders in Controls, Risk Operations, and Policy Management domains through collaboration, risk finding reviews, and policy/standard review and release management to support cross-team outcomes and book of work. Compliance and Controls: Support control testing and compliance initiatives spanning Policy-Regulation analysis/crosswalks and gap identification, as well as potential evidence and control design reviews to enable unified compliance at scale with common controls programs. Platform Strategy & Roadmap: Define and execute the enterprise GRC technology and platform strategy, ensuring alignment with security frameworks (e.g., NIST CSF, NIST 800-53, DORA, etc.). Platform Ownership: Serve as the primary owner of the GRC platform(s), overseeing configuration, integration, upgrades, managing platform changes and roadmap and optimization to meet enterprise needs. Process Enablement: Translate governance, risk, and compliance processes into platform workflows, dashboards, and reporting that support issue management, risk assessments, policy governance, evidence collection, risk register generation and alignment with organizational units. Stakeholder Engagement: Collaborate with information security, IT, compliance, operations, and legal partners in the development, integration, and operation of the platform and intertwined product strategies and roadmaps. Automation & Efficiency: Drive automation of risk and compliance processes to reduce manual effort, improve audit readiness, and increase sustainability of controls. Data & Reporting: Develop dashboards, analytics, and reporting to provide actionable insights to executives, regulators, auditors, and business leadership. Platform Governance: Establish platform governance standards, change control processes, and ongoing lifecycle management and own/drive cross-functional sessions and demand management mechanisms. Vendor Management: Manage relationships with platform vendors and system integrators, including licensing, renewals, escalations, and roadmap discussions. Additional Knowledge & Skills Deep understanding of IT risk, security, compliance, and audit frameworks (e.g., NIST CSF, NIST 800-53, ISO 27001, COBIT, SOX, HIPAA, PCI DSS). Strong background in IT control testing, implementation, regulation mapping and control design / evidence requirements. Strong technical knowledge of GRC platforms (e.g., ServiceNow IRM, Archer, MetricStream, OneTrust, or similar). Proven record of accomplishment of IT change management, system design, and technical product delivery. Experience designing automated workflows, integrations, and reporting dashboards. Excellent stakeholder management, communication, and executive reporting skills. Strong analytical and problem-solving abilities; able to balance risk, efficiency, and business needs. Familiarity with regulatory requirements in multiple jurisdictions (e.g., EU, US, APAC). Knowledge of IT processes such as change management, incident management, and CI/CD integration preferred. Ability to translate complex regulatory and risk requirements into system design. Job Qualifications Education Bachelor’s degree in computer science, information technology, or risk and governance Preferred: Master’s degree in computer science, information technology, or risk and governance Certifications: ServiceNow Integrated Risk Management (IRM) Implementer, CRISC, CISA, CISM, CISSP, CDPSE, or similar Required Experience: 12-15+ years of demonstrated progressive experience in IT, Cybersecurity, IT Governance and Risk, and Platform / Tool / Product architecture and management 12-15+ years’ experience in IT Security Governance, Compliance, Controls and strategy. 10 years hands on experience delivering and leading wide-scale GRC platform initiatives and products 8+ years of hands on experience managing GRC platforms and solutions spanning multiple data sources, systems, and systems of record culminating and a centralized GRC ecosystem 5+ years management, enterprise-wide transition, and/or transformation programs Strong experience with various GRC and IT Security systems and platforms such as ServiceNow, and leading IT controls, compliance, scanning, vulnerability, and IT security tools and products Entrepreneurial mindset and proactive way to manage work. Able to deliver with limited oversight and take accountability of actions. Excellent presentation skills, both creating slides and delivering presentations to a variety of audiences. Preferred Experience: Robust system architecture experience and ability to connect functional and operational requirements stemming from risk management and governance into practical cross-system integrations and platforms.