Senior Director, Cybersecurity Governance, Risk, and Compliance

About The Position

Requirements

• Bachelor’s degree in cybersecurity, computer science, information systems, or related field.
• 10+ years in cybersecurity with significant GRC leadership experience.
• Deep knowledge of global frameworks and regulations (e.g., ISO 27001, NIST CSF, GDPR, CCPA).
• Proven track record conducting risk assessments, leading audits, and sustaining compliance certifications (e.g., SOC 2, HIPAA, PCI DSS).
• Strong leadership and program/project management skills with the ability to manage multiple priorities in a dynamic, global environment.
• Excellent communication and stakeholder management skills, including presenting to senior leadership and boards.

Nice To Haves

• Advanced degree in a relevant field.
• Security certifications such as CISSP, CISM, and/or CRISC.
• Experience establishing KRIs/metrics and executive dashboards for ongoing risk monitoring.
• Demonstrated success leading third-party risk programs and cross-functional, global initiatives.
• Experience designing and delivering enterprise security awareness and training.

Responsibilities

• Own the cyber GRC framework: Establish and continuously improve the organization’s IT and cybersecurity governance model to drive measurable risk reduction aligned with business objectives.
• Set policy & standards: Develop, implement, and enforce global IT and cybersecurity policies, standards, and procedures that meet international and regional regulations.
• Advise leadership: Lead the cybersecurity committee/working group; provide regular, executive-ready updates to senior leadership and the board on risk posture and program performance.
• Run enterprise risk management for cyber/IT: Build and execute comprehensive risk assessment processes, identify vulnerabilities, prioritize mitigations, and track remediation to closure.
• Manage third-party risk: Partner with IT, operations, and business units to assess and monitor vendor and partner risks across the lifecycle.
• Measure what matters: Define KRIs and metrics to monitor risk levels and drive decisions, reporting trends and insights to stakeholders.
• Lead compliance programs: Ensure and maintain compliance with global regulations (e.g., GDPR, CCPA) and frameworks (e.g., NIST, ISO 27001); lead internal/external audits and close findings.
• Sustain certifications: Maintain and improve certifications and attestations (e.g., SOC 2, HIPAA, PCI DSS), coordinating with legal and privacy teams.
• Build capability & culture: Lead and mentor a high-performing team; develop training and awareness to strengthen a security-first mindset across the organization.

Benefits

• eligibility for annual incentives
• 12% retirement employer contribution
• competitive medical benefits
• Comprehensive health coverage for you and your family
• Generous leave and time off
• Competitive retirement plans
• Flexible work options
• Wellness, education, and support programs