Tier4 Group
Direct message the job poster from Tier4 Group
Overview
We’re seeking a strategic and hands-on
GRC Director
to design, implement, and lead a modern Governance, Risk, and Compliance program for our cloud-native SaaS environment. This role requires a forward-thinking leader who can align compliance and security initiatives with business goals while scaling an enterprise-grade GRC function. What You’ll Do Build & Lead GRC Strategy: Define and execute a scalable, automated GRC program tailored for a fintech SaaS environment; Align compliance, risk, and security practices with organizational objectives and risk appetite.
Regulatory & Framework Compliance: Drive and maintain compliance with FFIEC, PCI DSS, SOC 2, ISO 27001, CCRA, CCPA, GLBA, and GDPR; Own audit readiness, evidence management, and coordination with external auditors/assessors; Lead enterprise risk management, including risk assessments, mitigation planning, and executive reporting; Establish continuous monitoring and risk scoring across business units and third parties.
Automation & Tooling: Select and implement GRC platforms to streamline evidence collection, control testing, and reporting; Integrate GRC solutions with cloud platforms (AWS, Azure, GCP) and SaaS systems.
Cross-Functional Leadership: Partner with Legal, Engineering, Product, and Security teams to embed compliance into product design and operations; Educate and influence stakeholders on risk, compliance, and security best practices.
Policy & Governance: Develop and maintain security and privacy policies, standards, and procedures; Ensure policies align with regulatory requirements and industry best practices.
What You Bring 8+ years of GRC, cybersecurity, or compliance experience, including 3+ years in leadership.
Deep knowledge of fintech regulatory frameworks (FFIEC, PCI DSS, SOC 2, ISO 27001, CCRA, CCPA, GLBA, GDPR).
Proven success building or scaling GRC programs in SaaS or cloud-native environments.
Strong understanding of cloud platforms (AWS, Azure, GCP) and their security/compliance controls.
Hands-on experience with GRC tools (e.g., Drata, Vanta, Tugboat Logic, ServiceNow GRC, or similar).
Exceptional communication, leadership, and stakeholder management skills.
Relevant certifications strongly preferred (e.g., CISA, CISM, CRISC, CIPM, ISO 27001 Lead Implementer).
Job Details Seniority level: Director
Employment type: Full-time
Job function: Information Technology
Industries: Financial Services and IT Services and IT Consulting
#J-18808-Ljbffr
We’re seeking a strategic and hands-on
GRC Director
to design, implement, and lead a modern Governance, Risk, and Compliance program for our cloud-native SaaS environment. This role requires a forward-thinking leader who can align compliance and security initiatives with business goals while scaling an enterprise-grade GRC function. What You’ll Do Build & Lead GRC Strategy: Define and execute a scalable, automated GRC program tailored for a fintech SaaS environment; Align compliance, risk, and security practices with organizational objectives and risk appetite.
Regulatory & Framework Compliance: Drive and maintain compliance with FFIEC, PCI DSS, SOC 2, ISO 27001, CCRA, CCPA, GLBA, and GDPR; Own audit readiness, evidence management, and coordination with external auditors/assessors; Lead enterprise risk management, including risk assessments, mitigation planning, and executive reporting; Establish continuous monitoring and risk scoring across business units and third parties.
Automation & Tooling: Select and implement GRC platforms to streamline evidence collection, control testing, and reporting; Integrate GRC solutions with cloud platforms (AWS, Azure, GCP) and SaaS systems.
Cross-Functional Leadership: Partner with Legal, Engineering, Product, and Security teams to embed compliance into product design and operations; Educate and influence stakeholders on risk, compliance, and security best practices.
Policy & Governance: Develop and maintain security and privacy policies, standards, and procedures; Ensure policies align with regulatory requirements and industry best practices.
What You Bring 8+ years of GRC, cybersecurity, or compliance experience, including 3+ years in leadership.
Deep knowledge of fintech regulatory frameworks (FFIEC, PCI DSS, SOC 2, ISO 27001, CCRA, CCPA, GLBA, GDPR).
Proven success building or scaling GRC programs in SaaS or cloud-native environments.
Strong understanding of cloud platforms (AWS, Azure, GCP) and their security/compliance controls.
Hands-on experience with GRC tools (e.g., Drata, Vanta, Tugboat Logic, ServiceNow GRC, or similar).
Exceptional communication, leadership, and stakeholder management skills.
Relevant certifications strongly preferred (e.g., CISA, CISM, CRISC, CIPM, ISO 27001 Lead Implementer).
Job Details Seniority level: Director
Employment type: Full-time
Job function: Information Technology
Industries: Financial Services and IT Services and IT Consulting
#J-18808-Ljbffr