Sr Director, IT Governance, Risk & Compliance, North America

About The Position

Requirements

• Bachelor’s Degree (Required): Typically in Computer Science, Information Technology, Cybersecurity, or a related STEM field.
• Experience: 12+ years of progressive experience in Cyber Security, Information Security, or IT Risk Management.
• Compliance Expertise: Proven track record of managing PCI-DSS (Level 1 or 2 environments) and SOX ITGC frameworks in a complex corporate setting.
• Leadership: Minimum of 5 years in a senior leadership role managing multi-disciplinary security teams.
• Technical Depth: Deep understanding of network security, cloud security (AWS/Azure/GCP), and encryption standards.

Nice To Haves

• Certifications: (Preferred) CISSP, CISM, CISA, or PCIP.
• Soft Skills: Exceptional ability to communicate technical risks to non-technical stakeholders (Legal, Finance, Executive Board).

Responsibilities

• Master Risk Accountability: Own and manage the central North American repository for all IT Audit, Risk, and Compliance actions. Drive the end-to-end accountability loop to ensure findings are not just identified, but remediated on schedule.
• Best-in-Class ITGC Program: Lead the development, execution, and continuous maturation of a "best-in-class" IT General Controls (ITGC) program, ensuring proactive mitigation of financial, operational, and cyber risks.
• Global Standard Influence: Actively shape best practices and standards by ensuring North America’s unique regulatory and operational perspectives are integral to the Group strategic direction.
• Audit Interface Leadership: Serve as the primary, authoritative interface for all third-party auditors, Group Internal Audit, and regulatory bodies (PCI, SOX). Ensure a globally consistent audit approach and maintain absolute transparency in reporting.
• Enterprise Risk Integration: Direct the identification, assessment, and prioritization of IT and Cyber risks, ensuring they are quantified and seamlessly integrated into the broader North American Enterprise Risk Management (ERM) framework.
• PCI-DSS & SOX Custodian: Own end-to-end regional compliance for PCI-DSS (Payment Card Industry) and SOX (Sarbanes-Oxley). Ensure all financial and payment systems meet strict audit requirements without exception.
• Policy Enforcement: Localize and execute the global cyber security roadmap. Establish regional policies that bridge the gap between global requirements and local North American legal/mandated requirements.
• Security Service Transition: Own the security "gatekeeping" process for new technology. Ensure that any new business tool or system undergoes rigorous security testing and risk assessment before entering the production environment.
• Incident Leadership: Serve as the lead coordinator for security incident response (IR). Own the communication bridge between technical containment teams and executive leadership (Legal, Finance, HR).
• Executive Resilience Testing: Plan and execute regular tabletop activities and simulations for Executive Leadership Team (ELT) members to test and mature incident response capabilities.
• Cross-Functional Posture Improvement: Coordinate proactively with technology and business teams to improve the overall security posture and drive measurable risk reduction across the North American region.
• Field Education & Awareness: Drive a targeted field education strategy to build awareness and understanding of current risks and vulnerabilities among all relevant operational teams.
• Threat & Vulnerability Oversight: Manage the regional vulnerability management program. Use the "Master Risk Register" to force-rank and drive the patching of critical infrastructure.
• Security Culture & Awareness: Design and lead regional security training programs to foster a "security-first" culture, moving beyond compliance check-boxes to behavioral change.
• Third-Party Risk Management: Oversee the security evaluation of all regional third-party vendors and partners to mitigate supply chain risks.

Benefits

• Benefits Start Day 1 for Full-Time Colleagues - No Waiting Period!
• Professional and Personal Growth
• Multiple avenues to grow your career
• Training and development programs available
• Tuition Reimbursement benefits (for FT Colleagues)
• Health and Wellness
• Full-time colleagues are eligible to begin enrollment immediately upon hire with benefits starting on day 1
• Health benefits including Medical, Dental, Vision, Disability, and Life Insurance plus much more
• Savings and Retirement
• 401(k) retirement plan with company-matching contributions
• Work-Life Balance
• Vacation days & sick days
• Company-paid holidays & floating holidays
• A company mindset that prioritizes health, safety, and flexibility