Senior Director, Governance and Risk

About the role

This senior‑level position leads enterprise‑wide security governance, risk, and resilience initiatives for a mission‑driven organization in the United States. The role combines strategic leadership with hands‑on execution to modernize governance processes through automation and AI‑driven solutions.

Key responsibilities

• Lead and operationalize enterprise governance and risk programs covering security policy, awareness, business continuity, vendor risk, and information security risk tracking.
• Maintain up‑to‑date governance frameworks, policies, and standards and ensure their effective implementation.
• Oversee security awareness initiatives, targeted training campaigns, and employee engagement programs.
• Coordinate business continuity and disaster‑recovery activities, including impact assessments, testing, remediation planning, and recovery readiness.
• Maintain the Information Security Risk Register, ensuring accurate risk identification, documentation, escalation, and remediation tracking.
• Direct third‑party/vendor risk management processes, including risk assessments, SOC 2 reviews, and control evaluations.
• Drive process‑improvement initiatives using automation, AI tools, and governance platforms to increase efficiency and scalability.
• Establish KPIs and KRIs to monitor program effectiveness and support continuous improvement.
• Lead, mentor, and develop a high‑performing governance and risk team.
• Review and negotiate security requirements in procurement contracts, RFPs, and risk‑related agreements.

Required profile

• 8‑10+ years of progressive leadership experience in Governance, Risk, and Compliance (GRC) or Information Security Governance.
• CRISC certification required; CISSP or CISM highly preferred.
• Bachelor’s degree required; advanced degree considered a strong advantage.
• Deep practical expertise in security governance, vendor risk, business continuity, and risk tracking.

Required skills