Director, Governance, Risk, And Compliance

Summary

Join Jamf as the Director of Governance, Risk & Compliance (GRC) and lead the team in establishing and executing the cyber governance, risk management, and compliance strategy. This critical leadership role requires a strategic thinker with strong leadership and communication skills, a deep understanding of relevant laws and regulations, and proven cross-functional collaboration abilities. You will plan, build, and manage an enterprise-wide GRC program, encompassing policy development, audit processes, risk management, and security awareness training. The role involves close collaboration with various departments and providing guidance to senior leadership. Jamf offers a remote, in-office, or hybrid work arrangement, prioritizing work-life balance while maintaining a strong company culture.

Requirements

• Minimum of 10 years of overall experience required in security, compliance or risk management
• Minimum of 5 years of experience with governance, risk management and compliance
• Strong leadership and communication skills are essential criteria for this position, because the GRC program leader's success depends heavily on cooperation and commitment from every level of Jamf's business, and from personnel in many distinct roles
• Bachelor's Degree in Computer Science, Business Administration, or related field

Responsibilities

• Plan, build, run, and manage an enterprise-wide governance, risk and compliance program for Jamf, including awareness and training, sales support, and policy development
• Develop and oversee security audit processes to monitor compliance with policies, procedures and security controls
• Facilitate efficiencies by consolidating audits
• Support external audits and collaborate with internal teams supporting auditors to address security findings and implement corrective actions
• Support the sales process with customer assurance questionnaires
• Collaborate with various departments to ensure that security compliance considerations are integrated into business processes
• Work closely with IT, engineering, security, and other teams to address security compliance requirements specific to their functions
• Design and build common criteria for controls across the organization
• Maintain a current understanding of the threat landscape that could potentially impact Jamf operations and translate that knowledge into potential risks and actionable plans to protect the business
• Develop risk a register to monitor and track risk mitigation activities
• Develop policy framework and update organizational policies and procedures to ensure compliance with relevant laws, regulations, and industry standardsImplement security policies across the organization and provide guidance to engineering teams on policy compliance matters
• Development of third-party risk management process
• Lead the development of security awareness training to increase awareness of compliance issues and ensure understanding of relevant security best practices and procedures
• Develop a security-minded culture

Preferred Qualifications

• Past experience directly building or leading a global GRC program
• Understanding of and experience in applying FedRAMP, StateRAMP, ISO 27001, COBIT, NIST or other compliance standards
• Ability to lead and influence cross-functional teams

Benefits

Remote, in-office, and hybrid roles