FreeHire

missioncriticalgroup

Director, IT Governance, Risk & Compliance (GRC)

Show

Key Responsibilities

Governance & Strategy

  • Develop and maintain the enterprise IT GRC strategy, framework, and roadmap.
  • Establish governance structures, policies, standards, and procedures for IT and cybersecurity.
  • Present risk, compliance, and governance updates to executive leadership and governance committees.
  • Align IT risk management initiatives with business objectives and organizational priorities.
  • Drive continuous improvement of governance and control processes.

Risk Management

  • Lead enterprise IT risk assessments and risk treatment programs.
  • Identify, assess, monitor, and report technology and cybersecurity risks.
  • Maintain IT risk registers and oversee remediation efforts.
  • Facilitate third-party/vendor risk management programs.
  • Develop key risk indicators (KRIs) and risk reporting metrics.

Compliance Management

  • Ensure compliance with applicable regulations and frameworks such as:
    • NIST Cybersecurity Framework (CSF)
    • NIST 800-53
    • ISO 27001
    • SOC 1 / SOC 2
    • PCI-DSS
    • HIPAA
    • GDPR
    • SOX IT General Controls (ITGC)
    • CIS Controls
  • Manage compliance assessments, audits, and certification activities.
  • Track regulatory changes and evaluate organizational impact.
  • Coordinate remediation plans for compliance findings.

Audit & Controls

  • Serve as the primary liaison for internal and external auditors.
  • Develop and maintain IT control frameworks and documentation.
  • Oversee testing of IT General Controls (ITGCs) and security controls.
  • Monitor corrective actions resulting from audits and assessments.
  • Ensure evidence collection and audit readiness across IT functions.

Security Governance

  • Collaborate with cybersecurity leadership on security governance initiatives.
  • Support security awareness and policy compliance programs.
  • Measure control effectiveness through metrics and reporting.
  • Participate in incident response reviews and post-incident risk assessments.
  • Promote a culture of security and accountability throughout the organization.

Leadership & Team Management

  • Build, mentor, and lead IT GRC professionals.
  • Establish departmental goals, KPIs, and performance metrics.
  • Manage GRC budgets, vendors, and consulting engagements.
  • Foster collaboration among IT, Security, Legal, Privacy, Internal Audit, and business units.

Required Qualifications

Education

  • Bachelor's degree in Information Technology, Cybersecurity, Information Systems, Risk Management, Business Administration, or related field.
  • Master's degree preferred.

Experience

  • 10+ years of progressive IT, cybersecurity, audit, risk, or compliance experience.
  • 5+ years in a leadership or management role.
  • Experience leading enterprise GRC programs.
  • Demonstrated experience with regulatory compliance and security frameworks.
  • Experience working with executive leadership and audit committees.

Certifications (Preferred)

  • CISSP (Certified Information Systems Security Professional)
  • CISM (Certified Information Security Manager)
  • CRISC (Certified in Risk and Information Systems Control)
  • CGEIT (Certified in Governance of Enterprise IT)
  • CISA (Certified Information Systems Auditor)
  • ISO 27001 Lead Auditor or Lead Implementer

Technical Competencies

  • Enterprise Risk Management (ERM)
  • IT Governance Frameworks
  • Cybersecurity Risk Assessment Methodologies
  • Audit and Control Testing
  • Third-Party Risk Management
  • Policy Development and Management
  • Security and Compliance Monitoring Tools
  • Governance, Risk & Compliance Platforms (Archer, ServiceNow GRC, OneTrust, AuditBoard, LogicGate, etc.)
  • Metrics, Reporting, and Executive Dashboard Development

Leadership Competencies

  • Strategic Thinking
  • Executive Communication
  • Cross-Functional Collaboration
  • Program Management
  • Change Management
  • Decision-Making Under Risk
  • Team Development and Coaching
  • Stakeholder Relationship Management

A Note to our Recruitment Partners: We really appreciate the interest, but MCG currently manages hiring through our internal team. We love getting to know our candidates directly! Because of this, we don’t accept unsolicited resumes from agencies at this time. If we ever need an extra hand, we’ll be sure to reach out to the community. Thanks for understanding!

MCG is an equal opportunity employer prohibiting discrimination based on race, color, creed, religion, sex, marital status, physical or mental disability, and any other protected classes stated by applicable federal and state laws. DVM is committed to providing equal employment opportunities to qualified individuals with disabilities and to act in accordance with regulations and guidance issued by the Equal Employment Opportunity Commission (EEOC).