Director of Cybersecurity Governance, Risk & Compliance

🌍 Remote, USA 🎯 Full-time 🕐 Posted Recently

Job Description

Job Description: • Lead the Security GRC team responsible for Third Party Risk Management, control governance and testing, Business Continuity Management, and access governance. • Set the vision, roadmap, and priorities for the Security Program in partnership with the CISO, other Security & IT functions, and Enterprise Risk Management. • Mentor and develop team members. • Define clear goals, performance expectations, and development plans. • Act as a key advisor to security and business leadership on cyber and technology risk posture, tradeoffs, and remediation priorities.

• Own the Security Program and ensure that regulatory, contractual, and internal security requirements are satisfied across the enterprise and BaaS/fintech ecosystem. • Define and maintain the enterprise control baseline mapped to the NIST CSF, CRI Profile, and FFIEC IT Examination Handbooks, aligning with GLBA, SOX, and PCI-DSS where applicable. • Author and approve control narratives, RACI, evidence requirements, testing procedures, and control objectives. • Author and maintain cybersecurity governance documents, such as policies and standards.

• Work with technical control owners to implement processes and automations aligned to written controls, policies, and standards. • Champion “policy as code” and guardrails (e.g., identity, configuration, network segmentation, logging/monitoring) in partnership with Security Engineering and IT. • Oversee targeted cyber/IT risk assessments for technology changes, third parties, products, and fintech programs and ensure clear articulation of inherent and residual risk. • Maintain a centralized log of issues, control gaps, and remediation plans; ensure sustainable fixes and prevent recurrences by updating baselines, standards, and automation.

• Partner with Enterprise Risk Management on risk acceptance, watch lists, and aggregation of security risks into enterprise risk reporting. • Own the design and execution of access certification campaigns across key systems and applications (e.g., core banking, identity platforms, cloud, fintech partner integrations). Requirements: • Demonstrated ability to operationalize the FFIEC IT Examination Handbooks, NIST CSF, and the CRI Profile into practical, auditable controls and testing procedures. • Proven experience owning or leading Third Party Risk Management, control frameworks, and/or Business Continuity Management programs in a regulated environment.

• Hands-on skill implementing proactive controls and automating control testing/evidence collection using APIs, various languages (Python, TypeScript, Bash, and/or PowerShell), and data pipelines/dashboards. • Familiarity with Azure/bolthires 365/Entra, Okta, Windows/Linux, networks, bolthires/CD, vulnerability management, EDR, logging/SIEM, and data protection. • Experience with GRC platforms and workflow/ticketing systems. • Strong understanding of FFIEC IT Examination Handbooks, NIST CSF, NIST SP 800-53, GLBA, SOX, and PCI DSS and ability to map and rationalize overlapping requirements.

• Excellent written/oral communication with proven ability to influence cross-functional teams and present to management, auditors, regulators, and fintech partners. • Bias for automation and measurable outcomes. • Comfortable in fast-moving, high-accountability settings. Benefits: • Medical Coverage : Choose from three competitive medical plans to find the coverage that best fits your needs and lifestyle. • Health Savings Account (HSA) : Available with eligible medical plans, offering tax advantages and employer contributions.

• Flexible Spending Accounts (FSA) : Options for healthcare and dependent care expenses to help you save on out-of-pocket costs. • Dental and Vision Insurance : Plans to keep you and your family smiling and seeing clearly. • Life Insurance : Company-paid basic life insurance with options to purchase additional coverage for yourself and your dependents. • Long-Term /Short-Term Disability (LTD) : Income protection in the event of a long-term illness or injury. • Supplemental Benefits : Including Hospital Indemnity, Accident Insurance, and Critical Illness coverage to provide extra financial support when you need it most.

• 401(k) Retirement Plan : A competitive retirement savings plan with company matching to help you plan for the future. • Paid Time Off : Generous vacation and sick leave policies to support your time away from work. • Holidays : Enjoy 11 paid holidays throughout the year. Apply tot his job

Ready to Apply?

Don't miss out on this amazing opportunity!

Similar Jobs

Recent Jobs

Cybersecurity Consultant – Independent Contractor Opportunity

SOC Staff Auditor | Panama | Hybrid Panama; Remote

Cyber Enterprise Architect – Associate Director

Consulting Field Solutions Architect, Cybersecurity - Global/Strategics

Sr Application Security Architect

GenAI Security Platform Architect

Lead Application Security Architect (Hybrid) - Full-time

Associate Director, Cyber Solution Architecture (Remote)

Solution Architect – Federal Proposals (Health IT & Cybersecurity) Proposal Solution Architect

Senior Cybersecurity Architect

You May Also Like

Experienced Data Entry Specialist – E-commerce Product Information Management and Database Administration at arenaflex

Experienced Online Remote Data Entry Specialist – Accurate Data Management for arenaflex

Experienced Enterprise Account Executive – Cloud Solutions and Business Development at arenaflex

Experienced Part-Time Remote Data Entry Specialist – Supporting arenaflex's Operations

[Remote] Onboarding Specialist

Senior Software Engineer, Data Platform

Experienced Remote Data Entry Specialist – Accurate and Efficient Data Management Professional for arenaflex

Client Account Manager (Remote)

Remote Video Editor - Reels/bolthires Shorts (Entry-Level)

Senior Institutional Effectiveness Consultant (Hybrid Opportunity)