Senior Director, Cybersecurity Governance, Risk & Compliance (GRC)

Department: Information Technology

Employment Type: Full Time

Location: Atlanta

Description

A Typical Day in the Life Includes:

• Direct a high-performing GRC organization spanning risk management, compliance, audit, policy, and third-party risk. Mentor leaders, scale processes, and set the standard for operational excellence.
• Define and execute the enterprise cybersecurity GRC strategy — aligning governance frameworks, risk appetite, and compliance priorities with business objectives, product roadmaps, and customer commitments.
• Stay ahead of a rapidly shifting global regulatory landscape — GDPR, CCPA/CPRA, EU AI Act, NIS2, DORA, SEC cyber disclosure rules, state privacy laws, sector-specific mandates (HIPAA, PCI DSS, FedRAMP, CMMC, IRAP, C5), and emerging AI governance requirements. Translate change into actionable controls and customer-facing assurances.
• Build and operationalize the AI risk and governance program — model risk management, responsible AI principles, training data governance, AI system inventories, and alignment with NIST AI RMF, ISO/IEC 42001, and the EU AI Act. Partner with engineering and product on AI assurance for generative and agentic features.
• Own compliance posture across multi-cloud environments (Azure, AWS, GCP). Drive continuous control monitoring, automated evidence collection, and compliance-as-code to keep pace with rapid product innovation.
• Operate the enterprise cyber risk program — risk identification, quantification (FAIR or equivalent), treatment, and reporting. Provide clear, decision-ready risk insights to executives, the board, and audit committees.
• Lead external audits and certifications (SOC 1/2, ISO 27001/27701/42001, PCI DSS, FedRAMP, HITRUST, regional sovereign clouds). Build an audit-ready posture that scales with the business.
• Mature the TPRM and software supply chain risk programs — vendor due diligence, ongoing monitoring, SBOM governance, and contractual security obligations.
• Maintain a coherent policy and standards library aligned to NIST CSF 2.0, ISO 27001, CIS Controls, and SSDF. Drive adoption across engineering, IT, and business units.
• Partner with sales, legal, and product to support customer trust — RFPs, security questionnaires, trust portals, DPAs, and executive customer engagements in regulated sectors.
• Partner with security operations and legal on incident response governance, regulatory notification obligations, and breach disclosure readiness.
• Deliver clear, business-aligned reporting to the CISO, executive leadership, and the board on risk posture, compliance health, and program maturity.

Basic Qualifications:

• Experience across major frameworks and standards: NIST CSF 2.0, NIST 800-53, ISO 27001/27701/42001, SOC 2, PCI DSS, FedRAMP, HIPAA, GDPR, and emerging AI governance frameworks (EU AI Act, NIST AI RMF).
• Experience of multi-cloud environments (Azure, AWS, GCP) and modern compliance automation — continuous control monitoring, GRC platforms (e.g., ServiceNow IRM, Archer, OneTrust, Drata, Vanta), and compliance-as-code.
• Experience of AI/ML risk and governance — securing and governing generative AI, LLM-integrated products, model lifecycle, and AI supply chain.
• Experience of enterprise risk management methodologies, risk quantification (FAIR), and translating risk into business language.
• Experience of managing complex external audits and customer assurance programs at scale.
• Experience briefing boards, regulators, and enterprise customers with clarity and credibility.
• Experience balancing long-term program vision with pragmatic execution in a fast-moving product environment.