Director of Governance Risk & Compliance

Who YOU are and what You can become:  

You have a deep understanding of IT Governance, Risk and Compliance and tenured experience managing large programs focused on staying ahead of IT risks and threats.  You enjoy a multifaceted leadership role beyond GRC but also interested in Program Management, Budget Management, and steering the overall road map for change management, budgeting, and communications for the IT organization. 

This position is hybrid remote from Pensacola, FL

This position in ineligible for VISA Sponsorship

Who WE are and where WE are going:  

At ST Engineering, we apply our technology and innovation to solve real-world problems and improve lives. Our dedication to excellence and our strong track record have earned us a distinctive reputation for quality and trust as a global technology, defense and engineering group. Our diverse portfolio of businesses spans the aerospace, smart city, defense and public security segments. We are continuing to grow as our expertise and facilities around the world keep aircraft flying safely and transform and future-proof cities to make them more mobile, more secure and more livable.  

What YOU will do: 

IT Planning, Governance, Risk & Compliance (ITGRC) is responsible for establishing and maintaining a ST Engineering North America, Inc. wide (STENA) IT Program Portfolio, IT Governance, Risk and Compliance. The Director of ITGRC will oversee areas across STENA – Program Management, IT Risk Framework, IT Audits, IT Compliance Management, and internal IT controls audits. This role reports to the STENA Head of IT and is a fundamental member of Senior IT Team.  The Director of ITGRC will remain up to date on GRC processes, solutions, be customer focused and provide an ever-improving program to manage risk. Other responsibilities but not limited to: 

• Provide management oversight and serve as the leadership point of contact for IT Governance, Budget Management, IT Communications, Vendor Management, IT and Cyber Policy Compliance, Change Management, Risk Management, Internal Audits, Program Management and M&A.  
• Lead the development and maintenance of policies, procedures, measures, and mechanisms to deliver above scope.  
• Provide Portfolio and Program Management leadership to the IT Portfolio and own STENA IT Steering Committee.
• Provide leadership and engage with lines of business to perform security assessments and oversee remediation, corrective action plans, and ongoing monitoring to address findings resulting from audits, assessments, compliance reviews, and self-identified issues 

• Work with management to prioritize risks based on appropriate risk management methodology and develop enterprise education and communication plan. 
• Improve alignment between business, IT, and security organizations by developing coordinated GRC program components and performance measurements that directly support overall business objectives 
• Maintain deep knowledge of legal requirements and market standards of information risk management.  Conduct assessments and working closely with the Compliance team(s), IT, HR, and internal teams to address risks. 
• Devise and implement a risk-based process for vendor risk management, including the assessment and treatment for risks that may result from partners, consultants, and other service providers. 

What YOU need to be successful: 

• A Bachelor’s degree in Information Security, Computer Science, Information Management Systems, or related field or a combination of education/experience may be considered.  An advanced degree is a plus. 
• At least 7 years of experience in a combination of risk management, information security and technology jobs, including a minimum of five years in a leadership role. 

• At least 5 years of experience in managing large programs including PMP certification preferred. 
• Professional certifications of Certified Information Privacy Professional (CIPP) and/or Certified Information Systems Security Professional (CISSP) and/or Certified Information Security Manager (CISM) required or active pursuit of certification(s) may be considered. 
• Experience with auditing, and risk management, as well as contract and vendor negotiation. 
• Must have a solid understanding of information technology and information security. 
• Strong IT Governance, Risk and Compliance experience a must. 

• Familiarity with current Cybersecurity management frameworks. 
• Content: Deep understanding of information security regulations, including Federal Information Security Management Act (FISMA), Federal Risk and Authorization Management Program (FedRAMP), Service Organization Control 2 (SOC2), Federal Information Processing Standard (FIPS), National Institute of Standards and Technology (NIST), , Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry (PCI), IS0 27001 and 27018, Sarbanes-Oxley (SOX), Cloud Security Alliance (CSA) and various other laws and regulations including Executive Orders. 

What WE offer: 

• 401K with rich company match and immediate vesting 
• Medical/Dental/Vision Insurance 

• Disability 
• PTO  
• Tuition Assistance 
• Life and Accidental Death Insurance  
• Development and Career Growth Opportunities 

• Hybrid work schedule
• Global growth opportunities

It takes diverse talent to solve real-world problems.  ST Engineering is deeply committed to building a workplace community where inclusion is valued, and everyone feels welcomed.  We’re proud to consider all qualified applicants for employment without regard to race, color, religion, sex, pregnancy, family status, marital status, sexual orientation, national origin, disability, age, or veteran status, or any other legally protected grounds. So, bring us your personal experience, your perspectives, and your background. It’s through our differences that innovative changes are made.

ST Engineering is committed to providing reasonable accommodations to qualified individuals with disabilities in the employment application process. To request an accommodation, please contact our Talent Strategies team at 1-571-771-0168, or by email at stena.careers@stengg.us. 

IND123