Senior Director of Governance Risk and Compliance

We are seeking an experienced and strategic Senior Director of Governance, Risk, and Compliance (GRC) to lead and mature our enterprise GRC function. This role will be responsible for developing and implementing an integrated framework that aligns security, privacy, regulatory, and risk management initiatives across the organization. The ideal candidate is a collaborative leader with deep domain expertise in information security, regulatory compliance, risk governance, and cross-functional stakeholder engagement.

• Develop and maintain a comprehensive GRC strategy and roadmap aligned with business objectives and risk appetite.
• Lead the creation and enforcement of policies, standards, and frameworks for information security, privacy, and compliance.
• Serve as a key advisor to executive leadership on governance best practices, regulatory developments, and risk posture.
• Oversee the IT and Cyber risk management process, including identification, assessment, mitigation, and monitoring of risks.
• Develop and operationalize risk reporting metrics and dashboards to support data-driven decision-making at the executive and board levels.
• Integrate risk management into strategic planning, business operations, and third-party engagements.
• Ensure ongoing compliance with regulatory and industry frameworks (e.g., SOX, HIPAA, GDPR, CCPA, PCI-DSS, ISO 27001, NIST CSF).
• Lead internal and external audit activities, including coordination, evidence gathering, and remediation tracking.
• Maintain compliance readiness through continuous control monitoring and process improvements.
• Build, mentor, and lead a high-performing GRC team across disciplines (e.g., compliance, risk, audit, third-party risk).
• Partner with Legal, IT, Finance, HR, and business units to align GRC efforts and ensure integrated risk management.
• Manage GRC-related tools, vendors, and platforms (e.g., Archer, ServiceNow GRC, OneTrust).

• Bachelor’s degree in Information Security, Risk Management, Business, Law, or a related field; Master’s degree or MBA preferred.
• 10+ years of progressive experience in GRC, information security, enterprise risk, or compliance, including 5+ years in a leadership role.
• Strong knowledge of regulatory frameworks, audit processes, risk methodologies, and control design.
• Proven success in building or transforming a GRC program in a complex, global environment.
• Exceptional leadership, strategic thinking, and communication skills.
• Relevant industry certifications (e.g., CISA, CRISC, CISSP, CISM, CGEIT, CPA) preferred.
• Experience working in regulated industries such as financial services, healthcare, or technology.
• Familiarity with GRC platforms and automation tools.
• Experience presenting to executive leadership, audit committees, or boards of directors.