Director, Governance Risk and Compliance

Anthology Inc

NY

JOB DETAILS
SALARY
$154,000–$209,000 Per Year
SKILLS
Best Practices, Blackboard, Budget Management, Business Analysis, Business Continuity Planning (BCP), CISA - Certified Information Systems Auditor, CISM - Certified Information Security Manager, CISSP - Certified Information Systems Security Professional, Cloud Computing, Communication Skills, Computer Security, Corporate Policies, Data Quality, Disaster Recovery, Document Control, Documentation, External Audit, Finance, Forecasting, ISO (International Organization for Standardization), Identity Data Management, Incident Response, Information Technology & Information Systems, Information/Data Security (InfoSec), Leadership, Legal, Mentoring, PCI-DSS, People Management, Privacy Controls, Privacy Regulations, Product Management, Project Planning, Project Tracking, Project/Program Management, Publications, Regulations, Regulatory Compliance, Requirements Management, Risk, Risk Analysis, Risk Management, Security Analysis, Security Attacks, Security Auditing, Security Compliance, Security Monitoring, Software Configuration Management, Software Development Lifecycle (SDLC), System Architecture, Team Lead/Manager, Team Player, Technical Delivery, Technical Strategy, Training/Teaching, U.S. National Institute of Standards and Technology (NIST), United States Citizen, Vendor/Supplier Management, Vendor/Supplier Planning
LOCATION
NY
POSTED
17 days ago

Description

Director, Governance, Risk & Compliance

Remote - United States

About the Role

The Director, Governance Risk and Compliance (GRC) is responsible for leading efforts to assess the confidentiality, integrity and availability of information via the framework set forth in the company's global Information Security Management System (ISMS). This includes assessments of compliance with company security policies, operating an internal and third-party risk management process, and regular review and measurement of the effectiveness of information security controls. The successful candidate will liaise with and advise various teams including those responsible for systems architecture, systems deployments and application configuration. The position is a subject matter expert able to translate complex regulations in NIST, ISO, SOC, and PCI-DSS frameworks and standards into practical security controls and processes and reporting on the company's risk posture to senior management.

Responsibilities

  • Developing and maintaining the organization's ISMS documentation, including policies, standards, and procedures for risk management, compliance, and information security. Responsible for recommendations to the CISO, Product Management, Legal and Finance leadership teams that provide security program alignment with compliance requirements.
  • Responsible for information risk management, collaborative design of information security controls, assessment of effective implementation of applicable controls, including identity and access management.
  • Staying current on evolving regulatory environments, security threats, and compliance best practices, and updating policies and procedures accordingly.
  • Responsible for maintaining and improving information security awareness in the organization.
  • Translating business and information security needs and integrating these with the ISMS.
  • Coordinating external audit engagements with 3PAO, ISO/SOC auditors, PCI DSS QSA firms and other security assessors, including coordinating responses and remediation efforts.
  • Conducting vendor risk assessments and ensuring third-party compliance with security and privacy standards.
  • Reviewing and monitoring the activities of the Security Incident Response and Business Continuity Management teams to ensure that the information security controls are used effectively during the complete life cycle of business continuity and disaster recovery response.
  • Managing the recurring measurement of the effectiveness of ISMS controls implemented and communicate findings with senior management.
  • Enforcing document control management processes for the Information Security Management System.
  • Assisting with forecasting, planning and risk assessment relevant to evolving security control coverage in alignment with the company's technology strategy.
  • Maintaining and applying current industry knowledge and best practices. Researching and recommending use of new technologies.
  • Project management including analysis of business requirements, creating and updating project plans, and tracking projects to successful completion.
  • Assisting with vendor management, forecasting and program budget management.
  • Managing personnel including mentoring and cross-training of team members to achieve business objectives.

Required Skills and Experience

  • US Citizenship
  • 10+ years of hands-on experience in IT audit and/or compliance
  • Strong documentation and communication skills
  • Strong understanding of security standards and frameworks including ISO27000 series, NIST Special Publication 800 series, SOC audits, and security requirements of Data Privacy laws
  • Previous experience gaining an ATO or P-ATO for a cloud implementation under the FedRAMP, GovRAMP or IL-4 programs
  • Understanding of software development lifecycle methodologies, cloud and server infrastructure, network technologies

Preferred Skills and Experience

  • Current CISA, CISM, CISSP or equivalent certification is strongly preferred
  • Experience managing security staff, collaboration and relationship building with global teams

About Blackboard

Blackboard advances teaching excellence and unlocks the full potential of technology to deliver meaningful outcomes. We empower institutions to deepen connections between educators and learners, inspire engagement, and drive long-term academic success across the full learner journey.  For more information, please visit www.blackboard.com.

The expected salary range for this position is $154,000 - $209,000. The range reflects base salary only and does not include additional compensation such as company bonus or benefits. Placement within the pay range will depend on a variety of factors, such as experience, skills, internal parity, and location.

This job description is not designed to contain a comprehensive listing of activities, duties, or responsibilities that are required. Nothing in this job description restricts management's right to assign or reassign duties and responsibilities at any time.

Blackboard is an equal employment opportunity/affirmative action employer and considers qualified applicants for employment without regard to race, gender, age, color, religion, national origin, marital status, disability, sexual orientation, gender identity/expression, protected military/veteran status, or any other legally protected factor.

About the Company

A

Anthology Inc