Sr. Director, Governance, Risk, and Compliance (GRC)

About The Position

Requirements

• 10+ years of progressive experience in governance, risk, compliance, information security, or enterprise risk management, including 5+ years in senior leadership roles
• Proven success building, scaling, or transforming enterprise GRC programs in complex, regulated environments
• Strong executive presence with the ability to influence senior leaders and translate risk into business‑relevant outcomes
• Deep expertise across cybersecurity risk, IT risk, enterprise risk, third‑party risk, and regulatory compliance frameworks
• Demonstrated experience partnering closely with a CISO and security leadership to align risk, compliance, and security strategy
• A track record of advancing compliance from point‑in‑time audits to continuous readiness and control optimization
• Experience developing executive‑level dashboards, metrics, and reporting for senior leadership, audit committees, or Boards
• Strong cross‑functional leadership skills, with the ability to align Legal, Technology, Finance, HR, and business teams around shared risk ownership
• Familiarity with leading GRC platforms and automation tools (e.g., ServiceNow GRC, Archer, OneTrust)
• Excellent written and verbal communication skills, with the judgment to operate effectively in high‑impact, ambiguous situations

Responsibilities

• Partner closely with the Chief Information Security Officer (CISO) to shape and execute a modern, enterprise‑wide GRC strategy aligned to business priorities and risk appetite
• Lead governance, risk, and compliance programs that enable secure growth while maintaining regulatory rigor across a complex, customer‑facing organization
• Translate cybersecurity, regulatory, and enterprise risk into clear, actionable insights for executive leadership and senior stakeholders
• Review and guide enterprise risk assessments across cyber, IT, third‑party, and operational domains, ensuring risks are understood, prioritized, and actively managed
• Oversee internal and external audit activities, ensuring strong coordination, timely remediation, and continuous readiness rather than point‑in‑time compliance
• Drive executive‑ and Board‑level risk reporting through dashboards, metrics, and storytelling that inform decision‑making
• Partner daily with Legal, Technology, Finance, HR, and business leaders to embed risk management into strategy, transformation initiatives, and vendor relationships
• Lead and develop a high‑performing GRC organization, setting clear priorities, accountability, and operating rhythms
• Evaluate and optimize GRC tools and platforms, advancing automation and scalable risk and compliance management
• Stay ahead of emerging regulatory requirements, industry trends, and best practices, advising the CISO on implications and recommended actions

Benefits

• Medical/Vision
• Dental
• Retirement and Paid Time Away
• Life Insurance and Disability
• Merchandise Discount and EAP Resources