Director of Governance, Risk and Compliance

📋 Description

• Formulate and implement a comprehensive Governance, Risk, and Compliance (GRC) strategy, roadmap, and framework that aligns with the organization's business goals, risk tolerance, and regulatory requirements.

• Supervise the formal Cyber Risk Management initiative, encompassing risk identification, assessment, mitigation, and monitoring across all organizational functions.

• Create and oversee the risk register, monitoring key risks and the effectiveness of controls, while providing reports on the overall risk environment.

• Spearhead the design, implementation, and ongoing enhancement of the Third-Party Risk Management (TPRM) program, aimed at minimizing supply chain risk and ensuring vendor compliance with standards like SOC 2 and ISO 27001.

• Design, execute, and continually improve the corporate compliance program to ensure adherence to relevant laws, regulations (such as GDPR, CCPA, SOC 1, SOC 2, ISO 27001, SOX, export controls, etc.), and internal policies.

• Manage external audits, regulatory assessments, and internal compliance evaluations.

• Create and deliver company-wide training and awareness initiatives on compliance matters, policies, and the Code of Conduct.

• Establish and uphold a robust framework of corporate governance, policies, and standards.

• Collaborate with legal and business stakeholders to draft, review, and distribute GRC-related policies and procedures.

• Oversee the comprehensive metrics and reporting for the GRC program.

• Develop executive-level reports that are clear, concise, and focused on business needs, ensuring that the status of risk and compliance is effectively communicated to senior management.

• Work in partnership with Legal, Internal Audit, Finance, and IT Security teams to ensure the consistent application of GRC principles.

• Offer expert advice on compliance and risk considerations related to new products, technologies, and market expansions.

⛳️ Requirements

• A Bachelor's degree in Business, Finance, Law, Information Security, or a related discipline.

• Over 10 years of progressive experience in Governance, Risk, and Compliance, with a minimum of 5 years in a leadership position managing enterprise-level GRC programs.

• In-depth knowledge of industry compliance frameworks (e.g., SOX, ISO 27001, NIST, SOC 2, HIPAA, PCI DSS, GDPR).

• Relevant industry certifications (e.g., CGRC, CCEP, CRISC, CISA, CISSP).

• Outstanding leadership capabilities, with the ability to manage teams and collaborate across functions to prioritize and address overall organizational risk.

• Excellent communication, interpersonal, and presentation skills, capable of clearly articulating complex GRC issues to both technical and non-technical audiences, including executive leadership.

🏝️ Benefits

• Innovative Technology

• Collaborative Culture

• Global Impact