Senior Director of Governance, Risk, and Compliance

Summary

Join Business Wire, a Berkshire Hathaway company, as the Senior Director of Governance, Risk, and Compliance (GRC). You will lead the GRC organization, enhancing security strategy and aligning it with business objectives. Responsibilities include implementing a security governance framework, managing a comprehensive GRC program, conducting risk assessments, and ensuring vendor compliance. You will also manage a team, report to senior leadership, and use metrics to track effectiveness. This role requires a Bachelor's or Master's degree, 10+ years of relevant experience (5+ years supervisory), and expertise in GRC frameworks and risk management. Business Wire offers a competitive salary, remote work, excellent health benefits, a fitness allotment, tuition reimbursement, a 401(k) plan, PTO, and more.

Requirements

• Bachelor's or Master's degree in Computer Science, Information Security, or a related field
• 10+ years of relevant industry experience in information security, with 5+ years supervisory experience
• Expertise in building and implementing GRC frameworks and risk management processes
• Familiarity with regulatory compliance requirements, including PCI DSS, SOC 2, and ISO 27001
• Strong leadership, and team-building skills
• Excellent written & verbal communications skills with external and internal stakeholders, executives. Ability to deliver constructive & encouraging feedback
• Proactive, organized, analytical, detail-oriented, and persistent

Responsibilities

• Lead a GRC organization to enhance overall security strategy and align with business objectives
• Improve and implement a security governance framework, including controls, standards, policies, and guidelines, ensuring consistent application across all technology projects, products, systems, and services
• Manage a comprehensive Governance, Risk, and Compliance program in support of corporate audits, client assessments, and regulatory standards such as PCI DSS, SOC 2, and ISO 27001
• Conduct regular risk assessments and periodic penetration testing and vulnerability assessments to identify and mitigate potential threats to the organization's infrastructure, applications, and data
• Ensure vendors and third-party providers adhere to the same high-security standards as Business Wire
• Manage the timely creation and dissemination of security-related communications including security awareness & training announcements, security compliance policies and processes, security alerts, and event messaging
• Ensure clear reporting on GRC activities to senior leadership
• Use metrics to evaluate and track the effectiveness of governance and compliance measures
• Proven ability to build, lead, and mentor high-performing teams, fostering a culture of excellence
• Strong collaboration and stakeholder management skills to align GRC objectives across various departments
• Strategic decision-making and problem-solving capabilities to navigate complex regulatory landscapes
• Exceptional communication skills to translate technical requirements into actionable business solutions

Preferred Qualifications

Certified Information Systems Security Professional (CISSP) or equivalent certification

Benefits

• Ability to work remotely
• Excellent health benefits that begin on your first day of employment
• $100 monthly fitness allotment, a tuition reimbursement program, and enhanced mental health resources
• 401(k) plan with generous company match, and annual profit sharing contribution (subject to company performance)
• PTO, Floating Holidays, Wellness Day Off, Birthday Day Off, and more!