Director, Governance, Risk & Assurance

Title: Director, Governance, Risk, & Assurance (GRA)

Department: Legal (Compliance) 

Reports To: VP of InfoSec & GRA (Governance, Risk & Assurance) 

FLSA Status: Exempt

Location: US Remote

Job Summary

The Director of Governance, Risk, and Assurance (GRA) is a senior leadership role responsible for helping lead and mature our GRA function. This role will be instrumental in developing, implementing, and overseeing our GRA strategy, ensuring compliance with global regulations, industry standards, and customer requirements. This role will work on complex issues, translate business strategy into functional plans, and interact frequently with senior management and executives to drive business results and ensure operational effectiveness across the organization

Key Responsibilities:

• Help define and execute the long-term GRA strategy and roadmap, aligning it with business objectives, growth, and evolving regulatory landscape. Participates with senior management to establish strategic plans and objectives. Makes final decisions on implementation and ensures operational effectiveness.
• Lead, mentor, and grow a high-performing GRA team, fostering a culture of security, compliance, and continuous improvement across the organization. Directs the activities of a functional area or multiple integrated departments through lower management. Leads team(s) to develop new methods and solve complex matters.
• Serve as the primary GRA point of contact for executive leadership, board members, auditors, and key customers. Interacts with senior management, executives, and/or major customers which frequently involves negotiating matters of significance to the organization.
• Oversee all internal and external audits, efforts. Works on complex issues where problems are not clearly defined and where fundamental principles do not fully apply.
• Manage our enterprise-wide risk management framework, including risk identification, assessment, mitigation, and reporting. Accountable for actions that impact function or multiple department budgets.
• Oversee Knowledge Management, including our Standard Information Gathering (SIG) and Policy Management. Effectively cascades functional strategy and contributes to development of organizational policies.

Qualifications and Experience:

• 10+ years of experience in Governance, Risk, Compliance, Trust, Cyber or Information Security, or Informational Technology
• Deep understanding of SOC 2, PCI DSS, HIPAA, GDPR, ISO 27001
• Proven, hands-on experience integrating GRC tooling with underlying security systems to automate controls and reduce manual efforts.
• Collaborative and pragmatic approach to governance, compliance, and risk management, fostering relationships and encouraging shared ownership of enterprise security goals
• Exceptional communication skills, with the ability to translate complex risk and compliance concepts into clear business terms
• Promote, maintain and enhance our cultural values of humility, passion, inclusion, and leadership.
• Strong passion for learning about our products and markets through in-house and external training.

 

This position description should not be considered the final description of the position. The position description is not intended to be an all-inclusive list of duties and standards of the positions. It should be assumed that we would, to some extent, structure responsibilities in accordance with the successful candidate’s capabilities and changing business conditions. Incumbents will follow any other instructions, and perform any other related duties, as assigned by their supervisor.

The anticipated salary range for this role is $165,000 - $175,000 plus variable commission / company bonus. Offered salary will be determined by the applicant’s education, experience, knowledge, skills, geo-location and abilities, as well as internal equity and alignment with market data.