SiriusXM
Overview
Director, Governance, Risk, and Compliance. The Director of GRC will lead the organization’s governance, risk management, and compliance programs, ensuring that the business operates securely, ethically, and in alignment with key regulatory requirements. This role acts as the bridge between executive leadership, legal, security, and operations teams, protecting the company’s ability to conduct business by maintaining critical compliance certifications, mitigating risks, and driving a culture of accountability. What You’ll Do
Establish, maintain, and communicate enterprise security and compliance policies, standards, and procedures. Ensure consistent governance practices across business units and technology functions. Own the enterprise risk management (ERM) framework, including risk identification, assessment, and mitigation strategies. Deliver clear reporting to executives and the board on organizational risk posture. Maintain compliance with regulatory frameworks and certifications (SOX, SOC 2, ISO 27001, and PCI-DSS). Partner with internal teams and external auditors to manage audits, certifications, and regulatory examinations. Ensure vendor and third-party risk management programs are effective and scalable. Partner with the CISO, CIO, and General Counsel to embed compliance and risk considerations into business strategy. Support secure product development and go-to-market efforts through compliance-by-design approaches. Mentor and develop GRC staff, fostering a culture of accountability and continuous improvement. Champion cross-functional collaboration to integrate risk and compliance practices across the enterprise. Own and evolve the business continuity and disaster recovery planning programs. Ensure the organization is prepared to respond to incidents and regulatory inquiries with confidence and clarity. What You’ll Bring
10+ years of experience in governance, risk, compliance, or information security, with at least 5 years in a leadership role. Bachelor’s degree in Information Security, Risk Management, Business, or related field. Deep knowledge of regulatory frameworks and industry standards (SOC 2, ISO 27001, SOX, and PCI-DSS). Proven experience leading enterprise risk management programs and driving successful compliance audits. Strong understanding of information security principles and their application to business operations. Demonstrated ability to partner with senior executives, boards, and cross-functional teams to influence strategy. Exceptional communication skills, with the ability to translate complex risk and compliance concepts into clear business terms. Experience building and scaling GRC teams in complex, multi-technology environments. Compensation & Employment Details
At SiriusXM, compensation varies by background and experience. The base salary for this position is expected to be in the range of $182,000 to $245,000 and may be eligible for discretionary incentives. This role may be eligible for short-term and long-term incentives where applicable. SiriusXM is an equal opportunity employer that does not discriminate on any protected characteristic under applicable laws. Company and Compliance Notes
This description may be modified or waived at the Company’s sole discretion without notice. R-2025-09-56 R-2025-09-56 Our goal is to provide and maintain a work environment that fosters mutual respect, professionalism and cooperation.
#J-18808-Ljbffr
Director, Governance, Risk, and Compliance. The Director of GRC will lead the organization’s governance, risk management, and compliance programs, ensuring that the business operates securely, ethically, and in alignment with key regulatory requirements. This role acts as the bridge between executive leadership, legal, security, and operations teams, protecting the company’s ability to conduct business by maintaining critical compliance certifications, mitigating risks, and driving a culture of accountability. What You’ll Do
Establish, maintain, and communicate enterprise security and compliance policies, standards, and procedures. Ensure consistent governance practices across business units and technology functions. Own the enterprise risk management (ERM) framework, including risk identification, assessment, and mitigation strategies. Deliver clear reporting to executives and the board on organizational risk posture. Maintain compliance with regulatory frameworks and certifications (SOX, SOC 2, ISO 27001, and PCI-DSS). Partner with internal teams and external auditors to manage audits, certifications, and regulatory examinations. Ensure vendor and third-party risk management programs are effective and scalable. Partner with the CISO, CIO, and General Counsel to embed compliance and risk considerations into business strategy. Support secure product development and go-to-market efforts through compliance-by-design approaches. Mentor and develop GRC staff, fostering a culture of accountability and continuous improvement. Champion cross-functional collaboration to integrate risk and compliance practices across the enterprise. Own and evolve the business continuity and disaster recovery planning programs. Ensure the organization is prepared to respond to incidents and regulatory inquiries with confidence and clarity. What You’ll Bring
10+ years of experience in governance, risk, compliance, or information security, with at least 5 years in a leadership role. Bachelor’s degree in Information Security, Risk Management, Business, or related field. Deep knowledge of regulatory frameworks and industry standards (SOC 2, ISO 27001, SOX, and PCI-DSS). Proven experience leading enterprise risk management programs and driving successful compliance audits. Strong understanding of information security principles and their application to business operations. Demonstrated ability to partner with senior executives, boards, and cross-functional teams to influence strategy. Exceptional communication skills, with the ability to translate complex risk and compliance concepts into clear business terms. Experience building and scaling GRC teams in complex, multi-technology environments. Compensation & Employment Details
At SiriusXM, compensation varies by background and experience. The base salary for this position is expected to be in the range of $182,000 to $245,000 and may be eligible for discretionary incentives. This role may be eligible for short-term and long-term incentives where applicable. SiriusXM is an equal opportunity employer that does not discriminate on any protected characteristic under applicable laws. Company and Compliance Notes
This description may be modified or waived at the Company’s sole discretion without notice. R-2025-09-56 R-2025-09-56 Our goal is to provide and maintain a work environment that fosters mutual respect, professionalism and cooperation.
#J-18808-Ljbffr