Director of Digital Technology - GRC

Summary

Join ServiceNow as the Director of Digital Technology GRC and develop, implement, and execute a comprehensive GRC program for the organization's IT environment. You will lead the development and implementation of ServiceNow’s Internal AI Governance program. Collaborate with Legal, Privacy, and Data Security & Governance teams. Act as a technical advisor to stakeholders, communicating complex IT, Security, Data, AI, TPRM, and Resiliency issues. Govern and enforce compliance through ongoing control testing and continuous controls monitoring. This role requires 12+ years of related experience, including 5+ years of leadership in Technology Governance Risk and Compliance.

Requirements

• Experience in leveraging or critically thinking about how to integrate AI into work processes, decision-making, or problem-solving. This may include using AI-powered tools, automating workflows, analyzing AI-driven insights, or exploring AI’s potential impact on the function or industry
• 12+ years of related experience, with at least 5+ years of hands-on leadership experience in the Technology Governance Risk and Compliance field
• Deep understanding of certification and attestation programs including SOX-404, EU AI Act, NIST AI RMF, NIST-CSF, Global Statutory Audit requirements, ISO standards, and other relevant regulations and standards
• Demonstrated ability to build out scalable compliance systems and processes for complex environments and regulations
• Demonstrated ability to build and lead product development and implementation of ServiceNow’s IRM (Integrated Risk Management) platform and tooling
• Deep understanding of GRC principles, methodologies, and industry best practices
• Self-motivated, self-directed, and able to thrive in a fast-paced environment with a passion to make an impact
• Ability to work across the organization to evangelize and influence company IT compliance and governance efforts
• Demonstrated ability to interface successfully with customers and engineering teams in critical and challenging audits and conversations
• Strong leadership skills, strategy, analytical, problem solving, decision-making; and ability to work under minimum direction
• Prior experience at a SaaS, PaaS or IAAS Cloud company
• Master’s degree or related experience; certifications highly regarded
• Willing to travel up to 20%+ is required

Responsibilities

• Develop & and execute a strategic roadmap for advanced Technology & Security architecture, controls, and solutions across applications, networks, and cloud environments
• Drive key Technology, Security, and Data compliance programs in support of the Digital Technology (corporate IT) organization
• In addition to IT and Security, architect and deploy technical controls across new GRC emerging risk priorities such as, Third Party Risk and Resiliency (BC/DR) programs including cross functional support, coordination and oversight of the programs
• Partner closely with Legal, Privacy, and Data Security & Governance teams to develop corresponding GRC programs within the DT organization, ensuring adherence to requirements through ongoing monitoring and validation of DT controls and supporting processes
• Lead the design, implementation and ongoing execution of ServiceNow’s Internal AI Governance program aimed at driving compliant and risk-based controls across the development, testing, deployment, and monitoring of AI systems across the ServiceNow corporate environment
• Integrate GRC requirements into all elements of the DT risk management framework and supporting control and issue management programs
• Act as a technical advisor to stakeholders, communicating complex IT, Security, Data, AI, TPRM, and Resiliency issues, risk impacts, and recommendations for incident response and risk mitigation
• Govern and enforce ongoing adherence and compliance against requirements through ongoing control testing, continuous controls monitoring and automation using the ServiceNow IRM platform

Preferred Qualifications

• Experience with Government and Regulated Markets mandates including regulator management and interaction is a plus
• Understanding of Federal compliance certifications and requirements such as NIST 800-53 and FedRAMP is a plus