Director, Governance, Risk & Compliance

New York, NY

RedStream Technology is recruiting  a Director of Governance, Risk & Compliance to join a global media organization. This hands-on position will oversee the Governance Risk and Compliance team. Ensures the overall effectiveness of the Information Security Risk Management program.

Responsibilities:

• Responsible for the security Information Security Governance, Risk and Compliance management function.
• Build and manage a high performing team of risk professionals through recruitment, training, coaching, and performance management
• Build and maintain successful stakeholder relationships with technology and business executives by developing a clear understanding of business needs, acting as a trusted advisor, and ensuring cost-effective delivery of security services to meet those needs
• Educate risk owners on risk management best practices and work with other risk functions (e.g., Internal Audit and Legal) in the development and implementation of risk controls and treatment plans
• Continuously improve the Information Security Risk Management Program
• Develop and maintain all relevant documentation, policies, standards, guidelines, and frameworks, embedding controls into process across the business and technology units
• Assists in the early identification of risk trends by establishing and monitoring key performance and key risk indicators via Risk and Business Impact Assessments
• Oversee global security awareness strategy and programs fostering a culture where security is everyone’s responsibility
• Manage Compliance programs across business units e.g., PCI, HIPAA, Privacy, Internal/External Audits, and 3rd Party Vendor Management
• Advise senior management on risk reduction practices and influence process change
• Assist the CISO to develop strategic plans and roadmaps

Requirements / Qualifications

• 10 + years of security experience in relevant security domains (e.g., compliance, audit, security risk management), with 5+ years of management experience
• Experience implementing and maturing risk frameworks based on NIST, ISO, PCI, HITRUST and SOC2
• Experience implementing privacy program control frameworks based on privacy regulations such as CCPA and GDPR
• Experience managing internal/external audits
• One or more industry certificates e.g., CISM, CRISC, CISA, CIPM, CISSP
• Experience recruiting and building out high performing, global security teams
• Demonstrated customer-first mindset
• Outstanding communication, conceptual thinking, change/project management, analytical, and problem-solving capabilities
• Consistent track record owning project/work activities, balancing multiple priorities delivering results