Associate Director, Governance Risk and Compliance

About the Role:

Grade Level (for internal use):

12

The Team:

Join our innovative organization as a GRC Leader with 12+ years of progressive experience governance, risk, and compliance. You will architect and lead a proactive, automation-centric GRC program within a high-velocity AI-native environment. This role is not about compliance checkboxes driven by external audits; instead, you will own the internal risk lifecycle end-to-end—from anticipatory cyber security risk identification to automated remediation—embedding security as a core business accelerator. You will build and lead a lean, high-impact GRC team that operates with engineering rigor, data-driven precision, and cultural influence.

The Impact:

As the GRC Leader, you will lead proactive risk identification, quantification, treatment, and continuous monitoring across cloud environments (AWS/GCP/Azure), applications, AI/ML models, and data platforms. Your expertise will enhance our security posture by implementing real-time risk scoring engines, automating evidence collection, and managing Management Action Plans (MAPs). You will also cultivate a security culture and ensure alignment with internal standards while leading assurance reviews and third-party risk assessments.

What’s in it for you: 

This role offers exceptional learning opportunities and engagement with senior management across the company. You will collaborate with key stakeholders on meaningful projects, fostering daily professional growth. Your primary responsibilities will include leading the GRC team, developing audit coverage for new and emerging technologies, and leveraging cutting-edge digital capabilities, including AI and data analytics, to enhance GRC activities.

---

Primary Duties and Responsibilities:

• Lead the GRC team, providing comprehensive risk-based coverage for cloud infrastructure, applications, AI/ML models, and data platforms.
• Work with engineering team to design and implement real-time risk scoring engines using behavioral analytics and anomaly detection.
• Own Management Action Plans (MAPs) from creation to closure, driving accountability through automated workflows.
• Transition from periodic reporting to continuous assurance with live dashboards and predictive risk signals.
• Work with Engineering team to Architect and operationalise automated evidence collection for 150+ controls using tools like ServiceNow GRC, Drata, or OneTrust.
• Build self-healing remediation playbooks to enhance operational efficiency.
• Recruit, mentor, and lead a GRC team blending policy, automation, and data skills.
• Launch a self-service policy portal to enhance user experience and engagement.
• Lead internal security assurance reviews and manage the third-party risk lifecycle.
• Maintain living mappings of internal standards to SOC 2, ISO 27001, and NIST AI RMF.

Requirements:

• Bachelor’s degree in information technology, Computer Science, or a related field; Master’s degree or relevant certifications (CISA, CRISC, CISSP, or equivalent) preferred.
• Minimum of 12 years of experience in GRC, risk management, or security assurance, with at least 5 years in a leadership role.
• Strong knowledge of cloud security (AWS/GCP/Azure) and AI/ML risk frameworks.
• Proven ability to lead audits and manage multiple projects simultaneously in a fast-paced environment.
• Experience with automation tools for GRC workflows (ServiceNow, Drata, OneTrust, or equivalent).
• Outstanding verbal and written communication skills, capable of presenting findings and recommendations to senior management and stakeholders.
• Strong leadership and team management skills, with experience in mentoring and developing audit team members.
• Strong Data Security Governance experience

What’s In It For You?

Our Purpose:

Progress is not a self-starter. It requires a catalyst to be set in motion. Information, imagination, people, technology–the right combination can unlock possibility and change the world.

Our world is in transition and getting more complex by the day. We push past expected observations and seek out new levels of understanding so that we can help companies, governments and individuals make an impact on tomorrow. At S&P Global we transform data into Essential Intelligence®, pinpointing risks and opening possibilities. We Accelerate Progress.

Our People:

We're more than 35,000 strong worldwide—so we're able to understand nuances while having a broad perspective. Our team is driven by curiosity and a shared belief that Essential Intelligence can help build a more prosperous future for us all.

From finding new ways to measure sustainability to analyzing energy transition across the supply chain to building workflow solutions that make it easy to tap into insight and apply it. We are changing the way people see things and empowering them to make an impact on the world we live in. We’re committed to a more equitable future and to helping our customers find new, sustainable ways of doing business. We’re constantly seeking new solutions that have progress in mind. Join us and help create the critical insights that truly make a difference.

Our Values:
 

Integrity, Discovery, Partnership

At S&P Global, we focus on Powering Global Markets. Throughout our history, the world's leading organizations have relied on us for the Essential Intelligence they need to make confident decisions about the road ahead. We start with a foundation of integrity in all we do, bring a spirit of discovery to our work, and collaborate in close partnership with each other and our customers to achieve shared goals.

Benefits:

We take care of you, so you can take care of business. We care about our people. That’s why we provide everything you—and your career—need to thrive at S&P Global.

Our benefits include: 

• Health & Wellness: Health care coverage designed for the mind and body.

• Flexible Downtime: Generous time off helps keep you energized for your time on.

• Continuous Learning: Access a wealth of resources to grow your career and learn valuable new skills.

• Invest in Your Future: Secure your financial future through competitive pay, retirement planning, a continuing education program with a company-matched student loan contribution, and financial wellness programs.

• Family Friendly Perks: It’s not just about you. S&P Global has perks for your partners and little ones, too, with some best-in class benefits for families.

• Beyond the Basics: From retail discounts to referral incentive awards—small perks can make a big difference.

For more information on benefits by country visit: https://spgbenefits.com/benefit-summaries

Global Hiring and Opportunity at S&P Global:

At S&P Global, we are committed to fostering a connected and engaged workplace where all individuals have access to opportunities based on their skills, experience, and contributions. Our hiring practices emphasize fairness, transparency, and merit, ensuring that we attract and retain top talent. By valuing different perspectives and promoting a culture of respect and collaboration, we drive innovation and power global markets.

Recruitment Fraud Alert:

If you receive an email from a spglobalind.com domain or any other regionally based domains, it is a scam and should be reported to reportfraud@spglobal.com. S&P Global never requires any candidate to pay money for job applications, interviews, offer letters, “pre-employment training” or for equipment/delivery of equipment. Stay informed and protect yourself from recruitment fraud by reviewing our guidelines, fraudulent domains, and how to report suspicious activity here.

103 - Middle Management (EEO Job Group) (inactive), 10 - Officials or Managers (EEO-2 Job Categories-United States of America), IFTECH103.2 - Middle Management Tier II (EEO Job Group)