Director of Security GRC

Position Summary:

The Director of Security Governance, Risk, and Compliance (GRC) is focused on ensuring Pax8’s security policy framework, exception management, risk assessment, and compliance efforts are operating effectively. They oversee the delivery of the security policy and standards, including management, tracking, and remediation of deviations from the security policies. Additionally, the Director supports the efforts of measuring the control effectiveness through risk assessment efforts to promote further maturity of the security program. They are a key member of the GRC team, providing guidance and direction to GRC professionals and collaborating with other departments across our organization.

Essential Responsibilities:

• Manage inquiries and requests to update the security policy and standards through cross-functional team coordination.
• Establish, implement, and manage requests for policy exceptions evaluating based on a risk model and promoting policy adherence and remediation.
• Oversee control effectiveness and program maturity assessment efforts to support security program prioritization.
• Participate in security automation and tool selection efforts aligned with the security policies and standards.
• Develop and maintain security procedures including defining and documenting security best practices for managing a risk-based process.
• Stay up to date on industry trends and best practices including continuously learning and adapting the security program to address evolving threats.
• Collaborate with other departments including IT, engineering, legal, data management office, HR, and other departments to ensure security considerations are integrated into all business processes.
• Measure and report on security performance by tracking key metrics (KPIs/KRIs), identifying areas for improvement, and reporting to the GRC leader and other stakeholders.

Ideal Skills, Experience, and Competencies:

• At least (10) years of experience in an IT security GRC role.
• Proven experience in policy management, exception management, remediation tracking, risk assessment, and risk-based prioritization efforts (e.g., asset criticality, data classification, BIA).
• Understanding of public cloud deployments and associated security risks and controls.
• Experience working in a Zero Trust focused security program,
• Strong understanding of security best practices and frameworks (e.g., MITRE ATT&CK, NIST Cybersecurity Framework, ISO 27001:2022, SOC2 audit efforts).
• Experience with incident management and response planning efforts.
• Excellent communication, interpersonal, and leadership skills.
• Ability to perform risk assessment efforts and deliver on security program initiatives.

Required Education & Certifications:

• B.A./B.S. in related field or equivalent work experience.
• Risk-focused certifications (e.g., CISA, CRISC, CISSP) preferred.

Compensation:

#LI-Remote #LI-AG1 #BI-Remote #DICE-A