Director of Security Governance, Risk, and Compliance - Remote

Overview

The candidate should have a strong information security background, understand GRC principles, and translate regulatory requirements into policies, controls, and procedures. They will enhance the organization's security posture, ensure regulatory compliance, and promote security risk awareness. Reporting to the Sr. Director SEARCH, this role is vital in reducing enterprise risk.

In Short

• Develop and implement an Information Security GRC strategy that aligns with business objectives and risk tolerance, including a 5-year road-map based on company policies, security frameworks, and regulatory requirements.
• Lead the creation and upkeep of security policies, standards, and procedures to comply with regulations and industry standards (e.g., SOX, GDPR, HIPAA, PCI 4.0, ISO 27001, NYDFS, NACHA).
• Implement continuous monitoring processes for security controls and metrics to improve the security program.
• Oversee regular risk assessments and security audits to identify vulnerabilities and enhance the organization's security posture.
• Enhance user awareness and behavior management by implementing robust training programs and policies.
• Lead and guide a team of Security GRC professionals, fostering a culture of continuous improvement and innovation.
• Oversee the implementation and management of Security GRC tools and platforms to streamline processes and enhance visibility into the organization's risk and compliance status.
• Prepare and present quarterly reports to the executive team and board of directors on the organization's GRC posture and initiatives.
• Stay informed about emerging regulations, industry standards, and best practices in security GRC.
• Manage third-party risk by overseeing vendor assessments and ensuring compliance with security requirements.

Requirements

• Bachelor's in Information Security, Computer Science, Business Administration, or related field; Master's preferred or 5-10 years of focused information security experience with at least 5 years in GRC leadership.
• In-depth knowledge of security frameworks (NIST, ISO 27001, NYDFS, PCI, SOC2 Type 2).
• Strong understanding of risk management and compliance processes.
• Excellent communication and presentation skills for technical and non-technical audiences.
• Proven success in implementing and managing GRC programs.
• Relevant certifications (CISM, CRISC, CGEIT, CISSP) highly desirable.

Benefits

• 18 days PTO
• 11 Holidays (8 company recognized & 3 floating holidays)
• 16 hours per year of paid Volunteer Time Off (VTO)
• Competitive Healthcare
• 401k Match up to 4%
• Parental Leave: 8 weeks 100% paid by AvidXchange
• Tuition Reimbursement up to the federal maximum of $5,250
• Hybrid Workplace Flexibility
• Onsite gym fitness center, yoga studio, and basketball court