Director of Governance Risk & Compliance
Alexandria, VA, US, 22314
ST Engineering
At ST Engineering, we harness technology and innovation to enable a more secure and sustainable world. Discover our innovations for smart cities, defence and security.Who YOU are and what You can become:
You have a deep understanding of IT Governance, Risk and Compliance and tenured experience managing large programs focused on staying ahead of IT risks and threats. You enjoy a multifaceted leadership role beyond GRC but also interested in Program Management, Budget Management, and steering the overall road map for change management, budgeting, and communications for the IT organization.
This position is hybrid remote from Pensacola, FL
This position in ineligible for VISA Sponsorship
Who WE are and where WE are going:
At ST Engineering, we apply our technology and innovation to solve real-world problems and improve lives. Our dedication to excellence and our strong track record have earned us a distinctive reputation for quality and trust as a global technology, defense and engineering group. Our diverse portfolio of businesses spans the aerospace, smart city, defense and public security segments. We are continuing to grow as our expertise and facilities around the world keep aircraft flying safely and transform and future-proof cities to make them more mobile, more secure and more livable.
What YOU will do:
IT Planning, Governance, Risk & Compliance (ITGRC) is responsible for establishing and maintaining a ST Engineering North America, Inc. wide (STENA) IT Program Portfolio, IT Governance, Risk and Compliance. The Director of ITGRC will oversee areas across STENA – Program Management, IT Risk Framework, IT Audits, IT Compliance Management, and internal IT controls audits. This role reports to the STENA Head of IT and is a fundamental member of Senior IT Team. The Director of ITGRC will remain up to date on GRC processes, solutions, be customer focused and provide an ever-improving program to manage risk. Other responsibilities but not limited to:
- Provide management oversight and serve as the leadership point of contact for IT Governance, Budget Management, IT Communications, Vendor Management, IT and Cyber Policy Compliance, Change Management, Risk Management, Internal Audits, Program Management and M&A.
- Lead the development and maintenance of policies, procedures, measures, and mechanisms to deliver above scope.
- Provide Portfolio and Program Management leadership to the IT Portfolio and own STENA IT Steering Committee.
- Provide leadership and engage with lines of business to perform security assessments and oversee remediation, corrective action plans, and ongoing monitoring to address findings resulting from audits, assessments, compliance reviews, and self-identified issues
- Work with management to prioritize risks based on appropriate risk management methodology and develop enterprise education and communication plan.
- Improve alignment between business, IT, and security organizations by developing coordinated GRC program components and performance measurements that directly support overall business objectives
- Maintain deep knowledge of legal requirements and market standards of information risk management. Conduct assessments and working closely with the Compliance team(s), IT, HR, and internal teams to address risks.
- Devise and implement a risk-based process for vendor risk management, including the assessment and treatment for risks that may result from partners, consultants, and other service providers.
What YOU need to be successful:
- A Bachelor’s degree in Information Security, Computer Science, Information Management Systems, or related field or a combination of education/experience may be considered. An advanced degree is a plus.
- At least 7 years of experience in a combination of risk management, information security and technology jobs, including a minimum of five years in a leadership role.
- At least 5 years of experience in managing large programs including PMP certification preferred.
- Professional certifications of Certified Information Privacy Professional (CIPP) and/or Certified Information Systems Security Professional (CISSP) and/or Certified Information Security Manager (CISM) required or active pursuit of certification(s) may be considered.
- Experience with auditing, and risk management, as well as contract and vendor negotiation.
- Must have a solid understanding of information technology and information security.
- Strong IT Governance, Risk and Compliance experience a must.
- Familiarity with current Cybersecurity management frameworks.
- Content: Deep understanding of information security regulations, including Federal Information Security Management Act (FISMA), Federal Risk and Authorization Management Program (FedRAMP), Service Organization Control 2 (SOC2), Federal Information Processing Standard (FIPS), National Institute of Standards and Technology (NIST), , Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry (PCI), IS0 27001 and 27018, Sarbanes-Oxley (SOX), Cloud Security Alliance (CSA) and various other laws and regulations including Executive Orders.
What WE offer:
- 401K with rich company match and immediate vesting
- Medical/Dental/Vision Insurance
- Disability
- PTO
- Tuition Assistance
- Life and Accidental Death Insurance
- Development and Career Growth Opportunities
- Hybrid work schedule
- Global growth opportunities
It takes diverse talent to solve real-world problems. ST Engineering is deeply committed to building a workplace community where inclusion is valued, and everyone feels welcomed. We’re proud to consider all qualified applicants for employment without regard to race, color, religion, sex, pregnancy, family status, marital status, sexual orientation, national origin, disability, age, or veteran status, or any other legally protected grounds. So, bring us your personal experience, your perspectives, and your background. It’s through our differences that innovative changes are made.
ST Engineering is committed to providing reasonable accommodations to qualified individuals with disabilities in the employment application process. To request an accommodation, please contact our Talent Strategies team at 1-571-771-0168, or by email at stena.careers@stengg.us.
IND123
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Audits CIPP CISM CISSP Cloud Compliance Computer Science FedRAMP FISMA Governance HIPAA Monitoring NIST Privacy Risk management Security assessment SOC 2 SOX Vendor management
Perks/benefits: 401(k) matching Career development Health care Insurance
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Product Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Chief Information Security Officer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Cybersecurity Specialist jobs
- Open Security Researcher jobs
- Open IT Security Engineer jobs
- Open Sr. Security Engineer jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open CISA-related jobs
- Open SaaS-related jobs
- Open Analytics-related jobs
- Open Threat intelligence-related jobs
- Open IAM-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Malware-related jobs
- Open Security Clearance-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open Forensics-related jobs
- Open CEH-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs