Director, Governance, Risk & Compliance

Director, Governance, Risk & Compliance Hybrid in one of the following locations: Chicago, New York, Atlanta, Washington DC Unable to offer sponsorship The Director, GRC is primarily responsible for advancing the maturity of the organization's Information Security Governance and Risk functions. This role involves managing the development, renewal, and ongoing maintenance of policies, standards, processes, and procedures in alignment with the organization's overarching Information Security Policy. Key responsibilities include aligning work streams, fostering relationships, and ensuring clear communication and coordination across various teams, particularly those focused on Privacy, IT, and Legal/Compliance functions. Essential: 10-15 years of work experience in the IT sector At least 8 years of experience in a professional services/highly regulated industry At least 8 years of supervisory experience Expert knowledge of project management best practices Working knowledge of NIST Cybersecurity Framework (CSF) and IT Service Management (ITSM) Key Responsibilities: Oversee the coordination of Information Security Governance and Risk initiatives, ensuring prioritization of key tasks and objectives. Develop and formalize cyber risk controls aligned with ISO standards, NIST frameworks, and organizational cybersecurity policies. Lead efforts to establish and maintain compliance controls, standards, and policies, incorporating continuous monitoring, reporting, and metrics. Facilitate communication and collaboration across governance and risk management processes, specifically related to IT controls and information security activities. Create and maintain a comprehensive library of processes and procedures tailored to risk-specific controls. Establish goals and implement strategies to enhance Information Security Governance and Risk services through effective project management methodologies. Demonstrates proven thought leader abilities, competencies and success solving complex IT-risk management issues; Experience with the identification, development, and oversight of cybersecurity policy, processes, and procedures; Knowledge of tools and technology to provide data analytics and business intelligence on cyber threats, risks and vulnerabilities;