Remote, United States
Cielo ProjectsCielo is the leading global Talent Acquisition Partner. With better experience, experts & technology, we illuminate talent wherever it’s found.
Elite is the leading global provider of innovative business management solutions that enable law firms and professional services organizations to streamline operations, maximize efficiency, and increase visibility into all aspects of their businesses. Our Company is focused on enabling firms of all sizes and locations to meet their true potential and provide the best service for their clients.
Reporting directly to the Head of Information Security, the Director, Governance, Risk, and Compliance (GRC) plays an instrumental role in guiding the company's GRC strategies and processes. As the primary GRC authority, this leader ensures the alignment of the company's risk management framework with its business objectives and regulatory requirements. A vital addition to the GRC team, the Director significantly contributes to the company's overall strategy and goals by establishing robust compliance mechanisms and effective risk mitigation measures.
The successful candidate will possess a balanced combination of profound technical expertise and an established background in GRC. This role demands comprehensive and extensive knowledge, particularly in the areas of corporate governance, risk management, regulatory compliance, and the creation of enterprise wide GRC policies. The Director of GRC should be equipped to identify and address potential vulnerabilities, while proactively enhancing the company's overall GRC posture.
WHAT YOU’LL DO
Strategy Development: Define, develop, and oversee the implementation of the GRC strategy aligned with the company's business goals and legal requirements.
Policy & Procedure Management: Develop, maintain, and oversee GRC policies and procedures to ensure they are in accordance with applicable laws, regulations, and industry standards, including but not limited to GDPR, CCPA, HIPAA, and SOX.
Risk Management: Identify, assess, and monitor enterprise risks, including strategic, operational, financial, privacy, and cybersecurity risks. Implement risk mitigation strategies and mechanisms to address identified risks and potential non-compliance.
Data Privacy: Ensure compliance with global data privacy and protection regulations, including GDPR in Europe and CCPA in California, through the creation and maintenance of robust data handling and privacy policies.
Regulatory Compliance: Maintain a current understanding of relevant laws and regulations to ensure the organization achieves and sustains compliance. Proactively monitor and respond to regulatory changes and updates.
GRC Reporting: Create comprehensive GRC reports for the executive leadership and board of directors that provide clear insights into the company's risk profile, compliance status, and governance effectiveness.
Training & Awareness: Oversee the creation and implementation of a GRC awareness and training program to ensure that employees are aware of the role they play in maintaining good governance and compliance.
Third-party Management: Manage and monitor the GRC aspects of third-party relationships to ensure that vendors and partners are adhering to the company's GRC policies and relevant regulations.
Audit Management: Coordinate with internal and external auditors to facilitate audits, with the goal of assuring compliance and address potential issues proactively.
Incident Response: Develop and implement an incident response plan to handle GRC-related incidents effectively, including data breaches or non-compliance events.
Continuous Improvement: Regularly review and refine the company's GRC practices, leveraging technology and industry best practices to drive efficiency and effectiveness.
WHAT YOU’LL NEED
Bachelors of Science Degree in Information Security or related field, or equivalent years of experience
CISSP, CISA, Security+, CED, CIH+ or related certification in security operations and engineering
Ten or more years of experience in Information Security, working with GRC tools and methodology
In-depth Knowledge of Relevant Laws and Regulations: This includes an understanding of data protection laws such as GDPR and CCPA, as well as other regulatory frameworks relevant to the specific industry and location of the business.
Risk Management Skills: Ability to identify, analyze, and effectively mitigate or manage enterprise risks. Familiarity with risk management frameworks and methodologies is essential.
Strategic Thinking and Leadership: Strong ability to lead and manage the GRC function, develop and execute strategic plans, and guide the organization towards its GRC objectives.
Communication and Presentation Skills: Excellent written and verbal communication skills, with the ability to present complex GRC issues and strategies clearly to various stakeholders, including the executive team and board of directors.
Analytical Skills: Strong ability to analyze complex data, interpret compliance requirements, and develop effective solutions.
Project Management Skills: Proficiency in planning, executing, and monitoring multiple projects simultaneously to ensure they are completed on time and within budget.
Negotiation and Influencing Skills: Ability to negotiate with, influence, and secure buy-in from various stakeholders, both internal and external, to achieve GRC objectives.
IT Proficiency: Familiarity with the use of GRC technology solutions, as well as a broad understanding of information security principles and best practices.
Continuous Learning: A commitment to keeping up to date with the latest developments in the GRC field, including evolving laws and regulations, emerging risks, and best practices in GRC management.
As a global business, we rely on diversity of culture and thought to deliver on our goals. To ensure we can do that, we seek talented, qualified employees in all our operations around the world regardless of race, color, sex/gender, including pregnancy, gender identity and expression, national origin, religion, sexual orientation, disability, age, marital status, citizen status, veteran status, or any other protected classification under applicable law. We are proud to be an Equal Employment Opportunity/Affirmative Action Employer providing a drug-free workplace.
We also provide reasonable accommodation for qualified individuals with disabilities and for sincerely held religious beliefs in accordance with applicable law.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
More jobs like this
Mountain View, California, United … Mountain View, California, United States; Austin, Texas, … Full TimeExecutive Executive-levelUSD 162K - 282K USD 162K+
Director, Information Security (Remote)Analytics Application security Artificial Intelligence AWS Cloud Compliance +17
401(k) matching Career development Flex vacation Health care Insurance +2
Remote, Western Region, United … Remote, Western Region, United States Full TimeExecutive Executive-levelUSD 220K - 303K USD 220K+
Palo Alto Networks
Managing Director, Cyber Risk Management (Unit 42)CISM CISSP Compliance Forensics Incident response Pentesting +4
Career development Health care Medical leave Salary bonus Travel
., ., United States ., ., United States Full TimeExecutive Executive-levelUSD 73K - 136K * USD 73K+ *
Senior Director Threat Detection and Security Platform Engineering - 100% US REMOTE ONLYAutomation CISSP Firewalls Forensics GCIA GCIH +22
401(k) matching Career development Competitive pay Equity Flex hours +6
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Analyste CERT / Incident Responder junior (H/F) jobs
- Open SOC Analyst jobs
- Open Senior Cybersecurity Engineer jobs
- Open Analyste CERT / Incident Responder senior (H/F) jobs
- Open Electronic Warfare Advanced Tactical Trainer jobs
- Open IT Security Analyst jobs
- Open Information Security Officer jobs
- Open Senior Information Security Engineer jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cyber Security Specialist jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Security Operations Engineer jobs
- Open Staff Product Security Engineer jobs
- Open Senior SOC Analyst jobs
- Open Product Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Staff Information Security Engineer jobs
- Open o365 Security Architect jobs
- Open Infosec Risk Manager jobs
- Open Cybersecurity Consultant jobs
- Open Chief Information Security Officer jobs
- Open Fortinet Firewall Engineer jobs
- Open Cyber Security Architect jobs
- Open Ingénieur DevSecops H/F jobs
- Open Application security-related jobs
- Open Risk assessment-related jobs
- Open Network security-related jobs
- Open SaaS-related jobs
- Open Governance-related jobs
- Open Pentesting-related jobs
- Open Java-related jobs
- Open Analytics-related jobs
- Open ISO 27001-related jobs
- Open Clearance-related jobs
- Open Vulnerability management-related jobs
- Open CISM-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open APIs-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open Malware-related jobs
- Open Splunk-related jobs
- Open Kubernetes-related jobs
- Open CISA-related jobs
- Open DevSecOps-related jobs
- Open Terraform-related jobs
- Open IDS-related jobs
- Open GDPR-related jobs