Benchmark
Sr. Director, Risk Management and Compliance
Join to apply for the Sr. Director, Risk Management and Compliance role at Benchmark.
At Benchmark, we are driven by our purpose: to innovate for a healthier, safer, and better‑connected world to create a brighter future. When you join us, you become part of a team passionate about making a meaningful impact across various sectors, including commercial aerospace, defense, advanced computing, next‑generation communications, complex industrials, medical, and semiconductor capital equipment. We prioritize career growth, fostering a culture that ensures you reach your full potential.
Position Overview The Senior Director of Risk Management & Compliance is a key leadership role responsible for building, leading, and scaling the organization’s enterprise GRC function. Reporting directly to the CISO, this leader will oversee cybersecurity and risk management, compliance, data privacy, policy governance, and third‑party risk programs. This role is mission‑critical to ensuring the organization maintains a strong risk posture, meets regulatory requirements, and supports business growth in a heavily regulated environment (e.g., Aerospace and Defense, Medical Technologies, Complex Industrial, etc.).
The ideal candidate will combine strategic vision with hands‑on expertise in risk and compliance, leveraging best‑in‑class frameworks (e.g., NIST CSF, ISO 27001, SOC 2, PCI‑DSS, HIPAA, FedRAMP) to ensure the organization’s resilience and regulatory alignment. The Risk Management & Compliance leader will partner with cross‑functional executives (Legal, IT, Operations, Internal Audit, Product, and Engineering) to integrate GRC into business processes while enabling innovation and scalability.
Key Responsibilities Governance & Strategy
Develop and execute a comprehensive GRC strategy aligned with business, regulatory, and cybersecurity objectives, ensuring data privacy and governance.
Establish, maintain, and enforce corporate cybersecurity policies, standards, and procedures aligned to industry frameworks (e.g., NIST 800‑171, ISO 27002, CMMC, ITAR, EAR, CIS Controls).
Oversee policy lifecycle management to ensure policies remain current, relevant, and effectively communicated.
Serve as a key advisor to executive leadership and the board on risk posture, compliance maturity, and strategic investments.
Risk Management
Develop and operationalize enterprise risk management (ERM) processes for IT and cybersecurity, including risk identification, assessment, treatment, and monitoring.
Maintain risk registers and ensure alignment with business continuity and disaster recovery planning.
Implement and optimize GRC tooling to automate risk assessment and tracking.
Oversee third‑party/vendor risk management and supply chain security assessments.
Compliance and Regulatory Oversight
Ensure adherence to applicable regulatory and industry standards (e.g., SOX, HIPAA, GDPR, CCPA, PCI‑DSS, GLBA, DFARS, NIST 800‑171, FedRAMP) by collaborating with Legal, Quality, and Engineering teams.
Coordinate all compliance activities, reporting progress, and providing updates to executives ensuring that compliance efforts are aligned and communicated effectively across the organization.
Lead internal audits, certifications, and external assessments, serving as the primary liaison with regulators and auditors.
Maintain system security plans (SSPs), POA&Ms, and continuous monitoring programs.
Act as liaison with government agencies and defense contractors for security accreditation.
Team Development and Leadership
Build and lead a high‑performing GRC team including compliance analysts, risk managers, ISSMs, and audit coordinators.
Foster a culture of accountability, innovation, and continuous improvement.
Mentor future leaders and scale the team to support global operations and emerging markets.
Metrics and Reporting
Develop KPIs and dashboards to measure GRC effectiveness and communicate risk posture to stakeholders.
Provide regular reports to the CISO, executive leadership, and board committees.
Future Growth and Innovation
Expand GRC capabilities to include enterprise resilience, ESG risk, and AI governance.
Drive automation and integration of GRC platforms (e.g., OneTrust, Diligent).
Support M&A due diligence and post‑merger integration efforts related to cybersecurity and risk posture.
Partner with Legal, Engineering, IT, and Operations to embed security and compliance requirements into new product initiatives, cloud migrations, and infrastructure expansions.
Drive a continuous improvement approach that balances compliance with business agility.
Qualifications Required:
Bachelor’s degree in Information Security, Risk Management, Computer Science, or a related field.
12+ years of progressive experience in cybersecurity GRC roles, risk management, or compliance roles, with at least 5 years in senior leadership.
Proven expertise with security frameworks (e.g., NIST CSF, NIST 800‑171, ISO 27001, SOC 2) and regulatory requirements (e.g., SOX, PCI‑DSS, HIPAA, CMMC, GDPR).
Demonstrated experience managing enterprise‑wide GRC programs in heavily regulated industries (e.g., Aerospace & Defense, Healthcare).
Strong understanding of cloud security (AWS, Azure, GCP) and modern SaaS environments.
Exceptional stakeholder management, communication, and board‑level reporting experience.
Hands‑on experience with GRC platforms (e.g., Archer, OneTrust, ServiceNow GRC).
Relevant certifications (CISSP, CISM, CRISC, CGEIT, CISA, or equivalent).
Preferred:
Advanced degree (MBA, MS in Cybersecurity, or similar).
Professional certifications: CISSP, CISM, CRISC, CGEIT, CISA, or similar.
Experience with GRC platforms and risk quantification methodologies.
Knowledge of AI/ML security and emerging technologies.
Familiarity with M&A risk due diligence.
Geographical Location: Arizona: Tempe
Shift: Shift 1
Work Schedule: M-F 0800-1630
Full Time
Export Control:
This job position may include access to controlled information or technology covered under applicable U.S. export control laws. As such, employment for this job position may be contingent on either verification that an applicant falls under the definition of a “U.S. Person” (which includes U.S. citizens, U.S. lawful permanent residents, and those granted U.S. asylum or refugee status) or on the Company timely obtaining any necessary export license required under federal laws. The Company evaluates such export license situations on a case‑by‑case basis and may decline to proceed with a job applicant in its sole discretion since export license applications can take many weeks to be processed.
Benchmark is an equal opportunity employer. We are bringing together a diverse workforce with unique talents, life experiences, cultures, and perspectives to promote an innovative, collaborative, and creative place to work. If you need assistance or an accommodation due to a disability, please email us at careers@bench.com.
#J-18808-Ljbffr
At Benchmark, we are driven by our purpose: to innovate for a healthier, safer, and better‑connected world to create a brighter future. When you join us, you become part of a team passionate about making a meaningful impact across various sectors, including commercial aerospace, defense, advanced computing, next‑generation communications, complex industrials, medical, and semiconductor capital equipment. We prioritize career growth, fostering a culture that ensures you reach your full potential.
Position Overview The Senior Director of Risk Management & Compliance is a key leadership role responsible for building, leading, and scaling the organization’s enterprise GRC function. Reporting directly to the CISO, this leader will oversee cybersecurity and risk management, compliance, data privacy, policy governance, and third‑party risk programs. This role is mission‑critical to ensuring the organization maintains a strong risk posture, meets regulatory requirements, and supports business growth in a heavily regulated environment (e.g., Aerospace and Defense, Medical Technologies, Complex Industrial, etc.).
The ideal candidate will combine strategic vision with hands‑on expertise in risk and compliance, leveraging best‑in‑class frameworks (e.g., NIST CSF, ISO 27001, SOC 2, PCI‑DSS, HIPAA, FedRAMP) to ensure the organization’s resilience and regulatory alignment. The Risk Management & Compliance leader will partner with cross‑functional executives (Legal, IT, Operations, Internal Audit, Product, and Engineering) to integrate GRC into business processes while enabling innovation and scalability.
Key Responsibilities Governance & Strategy
Develop and execute a comprehensive GRC strategy aligned with business, regulatory, and cybersecurity objectives, ensuring data privacy and governance.
Establish, maintain, and enforce corporate cybersecurity policies, standards, and procedures aligned to industry frameworks (e.g., NIST 800‑171, ISO 27002, CMMC, ITAR, EAR, CIS Controls).
Oversee policy lifecycle management to ensure policies remain current, relevant, and effectively communicated.
Serve as a key advisor to executive leadership and the board on risk posture, compliance maturity, and strategic investments.
Risk Management
Develop and operationalize enterprise risk management (ERM) processes for IT and cybersecurity, including risk identification, assessment, treatment, and monitoring.
Maintain risk registers and ensure alignment with business continuity and disaster recovery planning.
Implement and optimize GRC tooling to automate risk assessment and tracking.
Oversee third‑party/vendor risk management and supply chain security assessments.
Compliance and Regulatory Oversight
Ensure adherence to applicable regulatory and industry standards (e.g., SOX, HIPAA, GDPR, CCPA, PCI‑DSS, GLBA, DFARS, NIST 800‑171, FedRAMP) by collaborating with Legal, Quality, and Engineering teams.
Coordinate all compliance activities, reporting progress, and providing updates to executives ensuring that compliance efforts are aligned and communicated effectively across the organization.
Lead internal audits, certifications, and external assessments, serving as the primary liaison with regulators and auditors.
Maintain system security plans (SSPs), POA&Ms, and continuous monitoring programs.
Act as liaison with government agencies and defense contractors for security accreditation.
Team Development and Leadership
Build and lead a high‑performing GRC team including compliance analysts, risk managers, ISSMs, and audit coordinators.
Foster a culture of accountability, innovation, and continuous improvement.
Mentor future leaders and scale the team to support global operations and emerging markets.
Metrics and Reporting
Develop KPIs and dashboards to measure GRC effectiveness and communicate risk posture to stakeholders.
Provide regular reports to the CISO, executive leadership, and board committees.
Future Growth and Innovation
Expand GRC capabilities to include enterprise resilience, ESG risk, and AI governance.
Drive automation and integration of GRC platforms (e.g., OneTrust, Diligent).
Support M&A due diligence and post‑merger integration efforts related to cybersecurity and risk posture.
Partner with Legal, Engineering, IT, and Operations to embed security and compliance requirements into new product initiatives, cloud migrations, and infrastructure expansions.
Drive a continuous improvement approach that balances compliance with business agility.
Qualifications Required:
Bachelor’s degree in Information Security, Risk Management, Computer Science, or a related field.
12+ years of progressive experience in cybersecurity GRC roles, risk management, or compliance roles, with at least 5 years in senior leadership.
Proven expertise with security frameworks (e.g., NIST CSF, NIST 800‑171, ISO 27001, SOC 2) and regulatory requirements (e.g., SOX, PCI‑DSS, HIPAA, CMMC, GDPR).
Demonstrated experience managing enterprise‑wide GRC programs in heavily regulated industries (e.g., Aerospace & Defense, Healthcare).
Strong understanding of cloud security (AWS, Azure, GCP) and modern SaaS environments.
Exceptional stakeholder management, communication, and board‑level reporting experience.
Hands‑on experience with GRC platforms (e.g., Archer, OneTrust, ServiceNow GRC).
Relevant certifications (CISSP, CISM, CRISC, CGEIT, CISA, or equivalent).
Preferred:
Advanced degree (MBA, MS in Cybersecurity, or similar).
Professional certifications: CISSP, CISM, CRISC, CGEIT, CISA, or similar.
Experience with GRC platforms and risk quantification methodologies.
Knowledge of AI/ML security and emerging technologies.
Familiarity with M&A risk due diligence.
Geographical Location: Arizona: Tempe
Shift: Shift 1
Work Schedule: M-F 0800-1630
Full Time
Export Control:
This job position may include access to controlled information or technology covered under applicable U.S. export control laws. As such, employment for this job position may be contingent on either verification that an applicant falls under the definition of a “U.S. Person” (which includes U.S. citizens, U.S. lawful permanent residents, and those granted U.S. asylum or refugee status) or on the Company timely obtaining any necessary export license required under federal laws. The Company evaluates such export license situations on a case‑by‑case basis and may decline to proceed with a job applicant in its sole discretion since export license applications can take many weeks to be processed.
Benchmark is an equal opportunity employer. We are bringing together a diverse workforce with unique talents, life experiences, cultures, and perspectives to promote an innovative, collaborative, and creative place to work. If you need assistance or an accommodation due to a disability, please email us at careers@bench.com.
#J-18808-Ljbffr