FreeHire

Q4 Inc.

Director, IT and Governance, Risk & Compliance

Show

At Q4, we make an impact together, obsess over our customers, operate with integrity, and bring big ideas to life.

Q4 is charting a bold new path for investor relations as the first AI-driven IR Ops Platform, providing everything an IR team needs to succeed on a single, powerful platform. The Q4 Platform enables public companies to attract, manage, and understand investors - all in one place. Over 2,600 customers, including many of the most respected brands in the world, trust Q4 to help drive premium valuations for their companies. Only Q4 offers a tech stack holistically designed to equip IR teams with data, insights, and smart workflows that power remarkable outcomes. Learn more at q4inc.com.

We hire smart, curious, and talented people to push boundaries, reimagine what’s possible, and turn challenges into opportunities. All while keeping the needs of our clients at the heart of everything we do.

Come grow with us!

About the role

The Director, IT and Governance, Risk & Compliance (GRC) leads Q4’s IT operations, security operations, and technology governance programs to ensure a reliable, secure, and compliant internal environment for a high‑growth SaaS business. The role translates strategy into execution by running the programs, teams, and processes that keep Q4’s corporate environment available, secure, and audit‑ready, and acts as a senior security and risk subject‑matter expert for internal and customer‑facing stakeholders.

What you'll do

Strategy & Stakeholder Partnership

  • Translate enterprise technology, security, and GRC strategy into a clear roadmap with priorities, milestones, and success metrics.
  • Act as a senior security and risk SME, advising internal teams and customers on best practices, emerging threats, and pragmatic risk‑based decisions.
  • Run the portfolio of IT, security, and GRC initiatives as a formal program, coordinating cross‑functional delivery, timelines, and status reporting.

IT Operations & Service Delivery

  • Lead IT operations to ensure infrastructure, end‑user computing, and collaboration platforms are reliable, secure, and cost‑effective.
  • Oversee incident, request, and change management; drive improvements in SLAs, MTTR, and employee experience.
  • Own standards for asset management and access lifecycle for employees and independent contractors.

Security Operations & Risk Management

  • Manage day‑to‑day security operations: threat monitoring, alert triage, and coordination of incident response with Security and Engineering.
  • Maintain and test security incident response playbooks; coordinate periodic security testing and ensure remediation of findings.
  • Operate and improve vulnerability management; support DR/BCP planning; help manage security budgets and key security vendors.

Governance, Risk & Compliance (GRC)

  • Lead technology GRC processes (policies, controls, risk registers, exceptions) and coordinate SOC 2 and customer security assessments.
  • Operationalize GDPR, CCPA, PIPEDA and other requirements into controls in partnership with Legal/Privacy, maintaining RoPA, DPIAs, and vendor/sub‑processor assessments.
  • Define and track KPIs/KRIs (e.g., incident SLAs, vuln closure rates, audit findings) and provide clear dashboards and reports to leadership.

Business Systems & Enterprise Enablement

  • Partner with Business Systems, Product, and Data teams to ensure enterprise platforms and integrations meet security and governance expectations.
  • Contribute to architecture standards, access models, and data protection patterns across core systems.
  • Identify automation and tooling opportunities to reduce manual work and improve control coverage and data quality.

People Leadership & Collaboration

  • Lead and develop a high‑performing IT and GRC team with clear goals and feedback.
  • Foster a culture of accountability, continuous improvement, and strong cross‑functional partnership.
  • Champion security, privacy, and technology best practices through training, communication, and engagement.

Qualifications

  • 7+ years in IT operations, information security, technology risk, or GRC, including people management.
  • Strong knowledge of security and control frameworks (e.g., SOC 2, ISO 27001, NIST CSF, CIS) and privacy regulations (e.g., GDPR, CCPA, PIPEDA).
  • Hands‑on experience with IT and security tooling (IdP/IAM, MDM/EDR, logging/monitoring, GRC platforms).
  • Proven ability to manage multiple security/IT/GRC projects or programs with ownership of timelines, budgets, and stakeholder communication.
  • Track record supporting external audits and customer security assessments and communicating complex risk/technical topics in clear business language.

Originally posted on Himalayas