Director, Governance Risk and Compliance

This is a fully remote position, open to applicants in United States.

📋 Description

• Developing and sustaining the organization's ISMS documentation, which includes policies, standards, and procedures for risk management, compliance, and information security.

• Providing recommendations to the CISO, Product Management, Legal, and Finance leadership teams to ensure alignment of the security program with compliance requirements.

• Overseeing information risk management, collaboratively designing information security controls, and assessing the effective implementation of relevant controls, including identity and access management.

• Keeping abreast of changing regulatory environments, security threats, and compliance best practices, while updating policies and procedures as necessary.

• Responsible for fostering and enhancing information security awareness throughout the organization.

• Converting business and information security needs and integrating them with the ISMS.

• Coordinating external audit engagements with 3PAO, ISO/SOC auditors, PCI DSS QSA firms, and other security assessors, including managing responses and remediation efforts.

• Performing vendor risk assessments and ensuring third-party compliance with security and privacy standards.

• Reviewing and overseeing the activities of the Security Incident Response and Business Continuity Management teams to guarantee that information security controls are effectively utilized throughout the entire lifecycle of business continuity and disaster recovery responses.

• Managing the ongoing evaluation of the effectiveness of ISMS controls in place and communicating findings to senior management.

• Enforcing document control management processes for the Information Security Management System.

• Assisting with forecasting, planning, and risk assessment pertinent to the evolving coverage of security controls in line with the company’s technology strategy.

• Maintaining and applying up-to-date industry knowledge and best practices.

• Researching and proposing the adoption of new technologies.

• Overseeing project management, which includes analyzing business requirements, creating and updating project plans, and ensuring successful project completion.

• Assisting with vendor management, as well as forecasting and managing program budgets.

• Managing personnel, including mentoring and cross-training team members to meet business objectives.

⛳️ Requirements

• US Citizenship

• 10+ years of practical experience in IT audit and/or compliance

• Excellent documentation and communication abilities

• Solid understanding of security standards and frameworks, including ISO27000 series, NIST Special Publication 800 series, SOC audits, and the security requirements of Data Privacy laws

• Prior experience obtaining an ATO or P-ATO for a cloud implementation under the FedRAMP, GovRAMP, or IL-4 programs

• Knowledge of software development lifecycle methodologies, cloud and server infrastructure, and network technologies

🏝️ Benefits

• Competitive salary and performance-based incentives

• Comprehensive health and wellness benefits

• Opportunities for professional development and continuous learning

• Flexible work arrangements and a supportive work environment