GRC Director

New York, United States


  • Promote external compliance audit planning and maintain evidence gathering
  • Produce and maintain quality process and standard operating procedure documentation
  • Help to implement and automate security frameworks and controls throughout our environment
  • Control the processing of client security forms to assist with client onboarding
  • Assist our client’s third-party risk management programme by conducting security and risk evaluations of potential and current vendors
  • Promote a security awareness culture by keeping our training materials up to date and running occasional sessions on selected topics
  • Drive continuous improvement of our cyber security program by challenging its status quo, identifying areas of cyber risk and improvements, and following industry best practices
  • Maintain a set of performance metrics to measure control effectiveness and inform strategic decisions
  • Contribute to regular risk assessments and manage our risk treatment plan
  • Support our internal auditing program
  • Coordinate information security calendar events such as regular penetration tests, auditing activities, reviews, etc


  • 4+ years of relevant experience in supporting Governance, Risk & Compliance programs
  • Passion for cyber security as a business enabler in a fast-paced environment
  • Working knowledge in security frameworks like ISO 27000 family, SOC 2, PCI-DSS, CIS, NIST, etc
  • Internal auditing capabilities against ISO 27001 and SOC 2 are desirable
  • Demonstrated ability to break down complex compliance requirements, and design and implement scalable processes that won’t slow down the business
  • Experience in compliance metrics reporting with attention to detail and focus on outcomes
  • Natural affinity to documentation creation and maintenance
  • Strong verbal and written communication skills and stakeholder management experience with an ability to translate security and technical information into clear business language

Apply for this role: