"Director,Governance, Risk and Compliance"

Job Summary

Leads the enterprise-wide IT risk management, compliance, and governance initiatives. Ensured strategic regulatory alignments, supports audit readiness, and drives resilience across cloud and research environments. Manages assigned staff and collaborates with key stakeholders to build and execute security and compliance strategies.

Responsibilities

KEY RESPONSIBILITIES:

1. Leads the implementation and optimization of GRC platforms (e.g., Apptega)
2. Develops and applies risk quantification methodologies
3. Ensures compliance with cybersecurity frameworks including CIS18 v8.1, NIST CSF, 800-171, etc.
4. Manages third-party risk assessments using BitSight, Security Scorecard, or similar system
5. Collaborates with key stakeholders on the governance of restricted research environments (CUI, HIPAA) and drives cloud security compliance, with a focus on Microsoft Azure
6. Coordinates internal and external audit evidence collection, workflow automation, and reporting
7. Communicates IT risks effectively across technical and non-technical audiences, developing remediation recommendations and plans
8. Supports business continuity and disaster recovery planning
9. Partners with internal stakeholders to develop and execute security plans

Required Qualifications

Educational Requirements

Bachelor's degree from an accredited institution of higher education in Computer Science or related field.

Required Experience

Eight (8) years of experience in governance, risk and compliance (GRC), cybersecurity, or information assurance including at least five (5) years of leadership and team management experience.

Preferred Qualifications

Additional Preferred Qualifications

Professional certifications: CRISC, CGRC, CISSP, CISA, or equivalent
Proven ability to lead and grow a team
Must be adaptable, strategic, and collaborative

Preferred Educational Qualifications

An advanced degree from an accredited institution of higher education in Cybersecurity, Information Security, Computer Science, or related field

Preferred Experience

Strong background in higher education information security is a plus, or experience in regulated industries such as healthcare, energy, or federal government is a plus

Knowledge, Skills, & Abilities

ABILITIES

• Able to handle multiple tasks or projects at one time meeting assigned deadlines
• Communication and stakeholder engagement
• Think like an auditor to anticipate compliance needs
• Build trust and alignment with functional users
• Lead, grow, and develop a high-performing GRC team
• Navigate complex regulatory environments with agility

KNOWLEDGE

• CIS18 8.1 and NIST frameworks
• HIPAA and CUI compliance in research settings
• Cloud security governance (Azure)
• Risk quantification and third-party risk tools (BitSight, SecurityScorecard)
• Strategic planning and execution
• Audit response and evidence management
• Business continuity and disaster recovery coordination

SKILLS

• Excellent interpersonal, initiative, teamwork, problem solving, independent judgment, organization, communication (verbal and written), time management, project management, and presentation skills
• Proficient with computer applications and programs associated with the position (i.e., Microsoft Office suite)
• Strong attention to detail and follow-up skills
• Strong customer service skills and phone and e-mail etiquette

Other Information

This is a supervisory position.
This position has financial responsibilities.
This position will be required to drive.
This role is considered a position of trust.
This position does not require a purchasing card (P-Card).
This position may travel 1% - 24% of the time