Renata
Back to jobs
QXO

Director, Cybersecurity Governance Risk and Compliance

QXO
Posted Today

Job Description

Overview

QXO, Inc. (NYSE: QXO) is the largest publicly traded distributor of roofing, waterproofing, and related products, and the second largest publicly traded distributor of lumber and building materials in North America. QXO is the fastest growing company in the $800 billion building products distribution industry and plans to become the tech-enabled leader by delivering best-in-class customer satisfaction and outsized returns for its shareholders. The company is targeting $50 billion in annual revenues within the next decade through accretive acquisitions and organic growth.

 

As the Director of Cybersecurity Governance Risk and Compliance (GRC) at QXO, you’ll be a part of the Cybersecurity Leadership Team reporting to the CISO, providing leadership and direction for the company’s GRC requirements. The director is responsible for establishing and maintaining the company’s overall IT and security GRC program, as well as for developing and managing a global, enterprise-wide information GRC program. The role includes implementation and maintenance of policies, comprehensive controls framework, regulatory compliance, global third-party risk management and customer trust centers.

What you will do:

In tandem with risk management and security, direct and conduct ongoing risk analysis organization-wide to uphold the GRC program.
Lead a team dedicated to an ongoing security maturation program, where areas of strength are amplified and areas needing improvement are documented.
Emphasize privacy, security, business resiliency and compliance frameworks.
Direct the GRC team to document, communicate and enforce areas of security improvement that balance risk with business operations, as well as ensure controls are not weakening efficiencies or business innovation.
Establish and maintain a strategy for managing security-related audits, compliance checks and external assessment processes for auditors, including but not limited to, Sarbanes-Oxley (SOX), Service Organization Controls (SOC) 2, California Consumer Privacy Act (CCPA), Payment Card Industry Data Security Standard (PCI DSS), and other applicable industry standards.
Facilitate IT compliance of identified controls – for example, IT general controls (ITGCs), application, cloud and cybersecurity.
Oversee and ensure adequate protection of key information is maintained through data classification, data loss prevention (DLP) and enforcement of records retention requirements.
Play a key role in the vendor risk assessment process and ensure all divisions follow and uphold process rigor.
Maintain a high degree of knowledge with current and proposed security changes impacting regulatory, privacy and security industry best practice guidance.
Effectively communicate knowledge of GRC controls across business units with a focus on, but not limited to, company practices, procedures, third-party integrations, product development and financials.
Focus on principles aligning with enterprise risk management fundamentals within security and technology teams to maintain up-to-date configuration documentation for systems and processes.
Lead a team to provide rigorous oversight of security systems and security configuration administration that reduces risk to enterprise systems and accounts.
Liaison with auditors, both internal and external, to maintain and implement controls for compliance and privacy laws.
Drive and govern disaster recovery and business continuity as they relate to security frameworks, compliance and privacy laws.
Openly support management team and executive leadership, even during tumultuous times.
Perform other duties as assigned.

What you will bring:

At least 10+ years’ experience in cybersecurity in one or more roles, including security analyst, compliance and regulations, risk management or audit.
5 or more years’ experience managing distributed team personnel.
Demonstrated leadership experience and thorough understanding of various regulatory requirements and laws such as, but not limited to PCI, SOX, HIPAA, HITRUST, and GDPR.
Proven project leadership with both legacy and emerging technologies to assess and manage business risk and enforce security controls.
Proven understanding of business focus and processes, and ability to inject cybersecurity into the business through teamwork and influence.
Track record of delivering GRC projects under tight deadlines.
Demonstrated experience conducting tabletop exercises for business continuity.
Ability to motivate teammates to achieve excellence and willingly share knowledge.

Additional Qualifications

Organized, efficient self-starter requiring minimal supervision.
Understanding of service design, delivery concepts and control frameworks.
Forward thinking with strong business acumen and flexibility.
Highly focused on building and implementing a strong, cohesive team and security culture.
Effective at stress management in a constantly changing environment.
Outstanding written and verbal, business and cybersecurity communication skills.

Education Requirements

Bachelor's degree in computer science, information assurance, MIS or related field, or equivalent.
Advanced degree not required, but an MBA or master’s degree in information assurance/technology is preferred.
 

Certification Requirements

CISSP, CISM, CISA, CRISC, GSLC preferable, but not required.

What you will earn:

  • Base pay range: $172,100 - $266,800
  • Annual performance bonus
  • Long term incentive (equity/stock)
  • 401(k) with employer match
  • Medical, dental, and vision insurance
  • PTO, company holidays, and parental leave
  • Paid Time Off/Paid Sick Leave: Applicants can expect to accrue 15 days of paid time off during their first year (4.62 hours for every 80 hours worked) and increased accruals after five years of service.
  • Paid training and certifications
  • Legal assistance and identity protection
  • Pet insurance
  • Employee assistance program (EAP)

 

 

To comply with Pay Transparency laws, employers must disclose an annual salary range. Actual offers depend on factors such as location, experience, skills, and market data. This position may also offer variable compensation. 

 

Please contact [email protected] if you have any questions related to this job posting.

 

QXO is an Equal Opportunity Employer. We value diversity and do not discriminate on the basis of race, color, religion, sex, national origin, age, disability, or any other protected status. 

Pay Range

USD $172,100.00 - USD $266,800.00 /Yr.

See Your Match Score

Sign up and Renata will show you how this job matches your skills and experience.

About QXO
1001-5000 employees
Herndon, Virginia, US
Website
Director, Cybersecurity Governance Risk and Compliance at QXO | Renata