CrawlJobs Logo
Archer Aviation Logo Archer Aviation · IT - Administration

Director of Technology - Governance, Risk, and Compliance

United States, San Jose 219000.00 - 290000.00 USD / Year · Job Posted March 10, 2026
Apply Position
Job Link Share

Job Description

We are seeking a Director of Technology - Governance, Risk, and Compliance to design and develop Archer's Cybersecurity GRC program. You are a strategic, hands-on leader and an excellent communicator who can see the big picture. Reporting directly to the Chief Information Security Officer, you will oversee the design and implementation of our enterprise governance, risk, and compliance strategy while rigorously following NIST SP 800-171, CMMC Level 2, SOX, ITAR, and other industry-specific regulations. This role demands executive-level leadership of a GRC function, extensive knowledge of compliance frameworks and control design, and the ability to translate complex regulatory requirements into practical programs. You will work with security, legal, finance, and operations teams to build a scalable, auditable compliance foundation that allows Archer to pursue federal contracts, uphold public company standards, and grow with confidence.

Job Responsibility

  • Develop and execute a comprehensive Cyber-focused Governance, Risk, and Compliance (GRC) strategy
  • Lead the design and implementation of System Security Plans (SSPs) and Plans of Action and Milestones (POA&Ms)
  • Establish and manage an enterprise-wide risk management program
  • Design and enforce a control framework
  • Conduct or coordinate regular compliance assessments and internal audits
  • Manage relationships with external auditors, assessors, and regulators
  • Develop and maintain comprehensive compliance documentation
  • Lead the design of third-party and vendor risk management processes
  • Drive compliance training and awareness programs across the organization
  • Stay current with emerging regulatory changes
  • Provide executive-level reporting to the Board, Audit Committee, and C-suite

Requirements

  • 8 plus years of experience in Technical Governance, Risk, and Compliance, Risk Management, Audit, or Information Security
  • Minimum of 3 years in a director or senior manager role leading a GRC function or compliance program
  • Expert-level understanding of NIST CSF, SP 800-171, and CMMC Level 2 frameworks
  • Hands-on experience managing NIST CSF, 800-171 compliance programs or leading CMMC Level 2 assessments and certification initiatives
  • Strong knowledge of SOX Section 404 requirements, particularly IT General Controls (ITGC)
  • Deep understanding of ITAR and EAR export control regulations
  • Proficiency in risk management methodologies
  • Experience designing and operating control frameworks (ISO 27001, NIST CSF, SOC 2 Type II)
  • Strong communication skills to present complex compliance and risk concepts
  • Demonstrated ability to lead and mentor teams, manage budgets, and drive cross-functional initiatives

Nice to have

  • Experience with Aerospace, Defense, or Federal Contractor industries
  • Hands-on experience conducting or participating in CMMC Level 2 assessments or FedRAMP authorizations
  • Experience as a Security Control Assessor (SCA) or CMMC Professional (CISSP with CMMC focus)
  • Background in public company SOX compliance
  • Knowledge of GRC platforms and tools (Archer GRC, Audit Board, ServiceNow)
  • Professional certifications such as CISSP, CISM, CRISC, Certified Regulatory Compliance Manager (CRCM), or Certified Compliance and Ethics Professional (CCEP)
  • Advanced degree in Cybersecurity, Business Administration, Law, or Engineering
  • Experience with third-party risk management and vendor security assessment frameworks
  • Direct experience building compliance automation and audit evidence collection processes
Archer Aviation - All Job Offers

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Suggested Tags: Frontend Developer Secretary Talent Manager Salesforce Administrator Data Analyst
Similar Jobs for

Director of Technology - Governance, Risk, and Compliance

8 matching positions

Director - Governance, Risk and Compliance

We are a fast-growing fintech company seeking a proactive and highly organized G...
Location
Location
United States , New York
Salary
Salary:
175000.00 - 200000.00 USD / Year
clearstreet.io Logo
Clear Street
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 7+ years of experience in GRC, security compliance, risk management, or related functions
  • Strong understanding of common security frameworks (SOC 2, ISO 27001, NIST CSF, PCI-DSS)
  • Experience managing audits end-to-end
  • Demonstrated ability to build and maintain governance processes and cross-functional compliance programs
  • Excellent documentation, communication, and stakeholder-management skills
  • Experience in technology, fintech, financial services, or other highly regulated industries
Job Responsibility
Job Responsibility
  • Develop, maintain, and manage the company’s security and compliance policy framework
  • Ensure policies are current, properly communicated, approved, and effectively implemented across the organization
  • Oversee periodic reviews of all internal policies
  • Educate teams on policy requirements and drive adherence
  • Build, implement, and continuously refine the company’s cyber security risk management framework
  • Lead risk identification, assessment, scoring, and periodic re-evaluations
  • Maintain the corporate risk register
  • Manage all internal and external audits including SOC 2, ISO 27001, regulatory exams, and customer due-diligence requests
  • Coordinate and prepare audit evidence
  • Serve as the primary liaison with external auditors, security assessors, and regulatory bodies
What we offer
What we offer
  • Competitive compensation packages
  • Company equity
  • 401k matching
  • Gender-neutral parental leave
  • Full medical, dental and vision insurance
  • Lunch stipends
  • Fully stocked kitchens
  • Happy hours
  • Fulltime
Read More
Arrow Right

Director, Deputy Corporate Compliance & Operations

Aledade's Compliance & Ethics organization is seeking a tenured and strategic he...
Location
Location
United States , Arlington; Austin; Durham; Novi; Bethesda
Salary
Salary:
Not provided
aledade.com Logo
Aledade, Inc.
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's degree or equivalent combination of education and experience
  • +12 years of experience, with a minimum of 8 years of progressive experience in healthcare compliance, with a strong focus on corporate compliance operations
  • Experience leading compliance operations teams
  • Experience presenting and reporting to the Board of Directors
  • Strong knowledge of HIPAA, fraud, waste, and abuse laws (Stark Law, Anti-Kickback Statute, False Claims Act)
  • Excellent analytical, problem-solving, and critical thinking skills
  • Exceptional written and verbal communication skills, with the ability to translate complex data findings into clear and actionable guidance
  • Strong interpersonal skills and the ability to collaborate effectively with diverse teams
Job Responsibility
Job Responsibility
  • Deputize for the VP, Head of Compliance in providing leadership, oversight and representation for the Compliance Department
  • Prepare and present compliance reports to senior leadership, Compliance Committee, and the Board of Directors
  • Oversee and continually enhance Aledade’s Corporate Compliance Program, ensuring alignment with OIG compliance program guidance, industry best practices, and Aledade’s strategic objectives
  • Establish and maintain a strong compliance governance framework, including policy standards, committee structures, and reporting mechanisms
  • Develop and manage compliance training and education programs to ensure business relevant and effective programs
  • Lead and manage compliance the day-to-day operations, including policy governance, reporting & investigations, conflict of interest, exclusion screening, training & education, and compliance communications
  • Oversee the intake, internal investigations, and resolution of compliance concerns and reports to ensure consistent application of policies, procedures, and corrective actions
  • Partner with Legal, Privacy, Security, and People teams to ensure coordinated approaches to compliance risks
  • Lead special projects on behalf of the VP, Head of Compliance, including compliance program optimization, technology enablement, and corporate transaction readiness
  • Supervise and mentor compliance team members, fostering professional growth and operational excellence
What we offer
What we offer
  • Flexible work schedules and the ability to work remotely are available for many roles
  • Health, dental and vision insurance paid up to 80% for employees, dependents and domestic partners
  • Robust time-off plan (21 days of PTO in your first year)
  • Two paid volunteer days and 11 paid holidays
  • 12 weeks paid parental leave for all new parents
  • Six weeks paid sabbatical after six years of service
  • Educational Assistant Program and Clinical Employee Reimbursement Program
  • 401(k) with up to 4% match
  • Stock options
  • Fulltime
Read More
Arrow Right

Director - FRTB Market Risk RWA Calculation and Analysis

The position leads the Calculation and Analysis of FRTB Market Risk RWA across m...
Location
Location
United States , New York
Salary
Salary:
170000.00 - 300000.00 USD / Year
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 10+ years of experience in Market Risk and RWA calculations
  • Deep expertise in FRTB implementation for a large, global Bank
  • Strong familiarity with FRTB rules in more than one jurisdictions
  • Subject matter expertise in trading book products, strategies, and risk management across multiple asset classes
  • Strong background in working with Technology on implementation of large, complex programs involving Front office Risk Management systems and Market/Reference data
  • Familiar with FRTB implementation challenges, advocacy proposals, and state-of-play across the Street
  • Experience in supporting Regulatory exams with US/UK/EU banking supervisors, and experience in working with Internal Audit
  • Hands-on data analytics experience using Python/Tableau/SQL
  • Working knowledge of Market Risk models and methodologies
  • 5+ years managerial experience
Job Responsibility
Job Responsibility
  • Own production of FRTB Market Risk RWA results, including analysis of drivers, for both Citigroup and selected Legal Entities in EMEA and Asia
  • Manage a large team spread across NY, Warsaw, and Mumbai, including managing other people managers
  • Partner with other key stakeholders to ensure Citi's compliance with FRTB Rules and Regulatory expectations
  • Responsible for working with Technology to drive FRTB implementation and remediation
  • Closely coordinate with Front Office and Market Risk to improve the quality of FRTB results
  • Serve as key contributor for FRTB related Regulatory Exams, Internal Audit, and Second Line of Defense Reviews
  • Work with Regulatory Policy teams on interpretive items, and on ensuring governance of implementation assumptions
  • Contribute to FRTB advocacy efforts and impact studies, both bilaterally and representing Citi in industry FRTB forums
What we offer
What we offer
  • medical, dental & vision coverage
  • 401(k)
  • life, accident, and disability insurance
  • wellness programs
  • paid time off packages including vacation, sick leave, and holidays
  • Fulltime
Read More
Arrow Right

Chief Country Compliance Officer Sr Mgr

Oversees the Citi Compliance Risk Management Program for a medium to smaller fra...
Location
Location
Bahamas , Nassau
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Credibility as a subject matter expert and experience of dealing with issues that have a high impact at all levels of the organization
  • Experience of working with key country level regulators and industry associations
  • Knowledge of local regulatory requirements and obligations and the ability to identify emerging compliance issues and themes
  • An ability to influence senior business leaders on all compliance risk-related matters affecting the business. The individual should have the ability to independently challenge, when needed, while at the same time being supportive and solution-based and not being perceived as obstructive
  • An ability to be “hands on” and “in the trenches” with the direct team, while also bringing a sense of strategic vision and a global sensibility to the function
  • Ability to navigate and negotiate through conflicting demands to maintain focus on priority objectives while ensuring key stakeholders’ needs are met
  • Strong team leadership, communication, interpersonal and management skills, with a track record of leading through change and the ability to effectively communicate the strategic vision to various stakeholder groups
  • Effective negotiation skills, a proactive and “no surprises” approach in communicating issues and strength in sustaining independent views. Strong presentation and relationship management and influencing skills are essential
  • The ability to thrive and execute in a complex, highly matrixed, global environment
  • Bachelor’s Degree highly preferred or relevant, equivalent experience. Preference for post graduate degree and/or recognized professional qualifications where applicable. Professional qualifications may include: CRMC or equivalent, CPA, ACA, CIA, CFA, ACAMS, etc. strong technical knowledge of compliance regulations and requirements, experience within a highly complex, global financial institution, regulator or related industry participant.
Job Responsibility
Job Responsibility
  • Annual Country Compliance Plan: Preparing, obtaining approval and successfully completing an annual compliance risk management plan, in accordance with the global template and content and presentation requirements, setting out how compliance risk will be managed within the jurisdiction and its constituent parts, and the role to be played by ICRM in order to achieve the plan. Identification of the jurisdictional requirements, accountabilities and the process ownership and monitoring and testing ownership, as well as the determination of suitable staffing, hours required and secured budget in order to achieve the state of compliance within risk appetite will be set out in the plan, which will be reviewed quarterly with the jurisdictional CCC and ICRM, as well as any applicable legal entity, as well as where required by applicable regulatory agencies. The annual country compliance plan must take into consideration the applicable compliance risk assessments and MCAs appropriate to the jurisdiction and its activities.
  • State of Compliance Reporting: Preparing quarterly, in accordance with the approved global format, and in adherence to all established requirements for the State of Compliance reporting. The State of Compliance report will be presented to the appropriate CCC, BRCC and legal entity Board or Board Audit Committee, or other such Board committee required within the jurisdiction.
  • Enhancing Governance: Providing a valued interactive program of support and compliance risk management services covering the assessment and reporting of Key Compliance Risks across products, services, functions, legal entities, service centers and the jurisdiction as a whole. Providing stakeholders with insight and practical solutions as well as credible challenge to improve the ethical control culture, and conduct risk environment. Timely reporting of significant local regulatory issues to local, overseas, regional, and global stakeholders. Same-day escalation of regulatory reports received. Maintaining on-going assessment and reporting of the State of Compliance through the relevant corporate governance committees such as country audit committee(s) and/or subsidiary board(s), country coordinating committee and business risk management committee, and other management body(ies). Key Activities Compliance Risk Culture:
  • Stakeholder Support and Relationships: Developing senior management relationships, including with legal entity management focus, inclusive of non-executive directors (where they exist in the jurisdiction), and the CCO as well as product functional and entity/service center line management. Informing senior management and directors of subsidiary boards, and the country/business management of significant compliance matters that require their attention or action. Proactively anticipate and help the business and functions plan for changes in the compliance and regulatory environment in the country. Provide support to compliance programs and country/business management on policy interpretation and “gray area” exposures. Build and maintain strong relationships with other functional leads, including Legal, Risk Management, including Operational Risk Management, and Internal Audit to create a supportive and seamless compliance and ethical control culture and an appropriate conduct risk environment. Key Activities Processes and Activities:
  • Regulatory Management and Coordination: Supporting the Citi Country Officer (CCO) in the management and development of regulatory relationships. Coordinating as the key interface with regulators on compliance risk management issues and supervisory exam management matters. Providing same day notification of regulator correspondence to Citi Compliance Officer, Regulatory Liaison and Exam Management CCO and ICRM COO. Providing leadership, coordination and regular interaction with the [insert country] authorities on behalf of ICRM and the Citi franchise. Record regulator correspondence and minutes of regulator meetings on Citi system in line with the Global Regulatory Exam Management Governance and Process Standards. Ensuring prompt recording of, responses to, and escalation of regulatory queries, notices of violations and breaches, any forbearance, and concerns identified. Deliver to regulators and supervisors a valued interactive program of support and assurance in accordance with requirements and appropriate expectations on compliance issues, trends, themes, root cases and impacts relating to governance, regulatory risk management and internal control issues. The overall objective is to earn the regulator’s trust and to establish a strong, independent and professional regulatory relationship across the franchise.
  • Regulatory Inventory: Ensuring prompt identification, logging in, evaluation and formulation of a plan to address requirements arising from new and amended laws, regulations, rules and other requirements and expectations from regulatory and enforcement authorities.
  • Regulatory Change Management and Controls: Ensuring that the regulatory change management requirements and processes, along with the regulatory control framework for existing requirements, are effectively operating within the country with respect to the identification, impact assessment and implementation of all applicable laws, regulations, rules and related processes, controls and reporting that impact Citi activities in the jurisdiction.
  • Anti-Money Laundering Compliance Risk Management (ACRM): Providing strategic direction, oversight, coordination and cooperation in respect of the country’s Anti-Money Laundering compliance risk management program. Partner closely and with the Head of ACRM to ensure a strong linkage between ICRM and ACRM.
  • Independent Compliance Risk Management (Program and Product/Service/Function focused*): Providing direction and oversight in supporting the ICRM teams in the country related to local requirements and the applicable extraterritorial laws, regulations, relevant Citi policies, standards, and global procedures. Deliver consistent application of program procedures and be accountable to program owners consistent with the ICRM methodology and CRM Framework. *Programs include but are not limited to: Sanctions
  • Anti Bribery
  • Fulltime
Read More
Arrow Right

Global Head of Cyber Risk and Compliance

The Technology & Cyber Compliance and Operational Risk Office (TCCORO) at Citi i...
Location
Location
United States , Irving, Texas, United States, New York, New York, United States
Salary
Salary:
250000.00 - 500000.00 USD / Year
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 20+ years' experience in technology risk and/or cyber risk management in the banking/financial services industry, or related field, with at least 5+ years in 2nd or 3rd line senior leadership positions
  • Subject matter expert in technology risk and/or cyber risk management principles and practices across various information system architecture and engineering domains
  • Proven experience in managing complex risk portfolios and developing strategic risk management frameworks for large organizations
  • Robust understanding of operational risk management frameworks, industry standards, regulatory requirements, and risk mitigation practices
  • Experience managing and overseeing large remediation and transformation programs to achieve intended results
  • Extensive experience in effective written and verbal communication with executive audiences including Boards
  • Experienced risk challenger who balances risks vs. rewards aligned with corporate risk culture
  • Understanding of Citi products and services and downstream impacts of technology risk and/or cyber risk strategy
  • Professional certifications in either technology risk and/or cyber risk preferred, including: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), ERM, CET, ISO27001, COBIT, TOGAF, or CRI
  • In-depth, working knowledge of banking technologies, fraud, cybercrime detection and countermeasures, encryption, data retention, as well as information security support for segregation of duties, application development, network and systems operation, testing and vendor management
Job Responsibility
Job Responsibility
  • Oversight and challenge of the cybersecurity incident response programs
  • Oversight of the security operations center (SOC) and cybersecurity fusion center (CSFC)
  • Oversight of cybersecurity penetration testing and red-team operations
  • Oversight of the Chief Information Security Office (CISO), including the review of the effectiveness of the controls, standards and programs across the enterprise
  • Implementation of guidance for overseeing Emerging Technology and Operational Risks, in compliance with OCC Heightened Standards
  • Able to present and lead discussions with key Regulators, internal and external auditors, as well the Board of Directors and the Risk and Audit sub-committees
  • Governance and Oversight of security risks impacting the business and technology
  • Support in the development of Cyber Policy and Standards
  • Oversight of Key Operational Risks and related indicators and thresholds
  • Challenge of Cyber Risk Self Assessments
What we offer
What we offer
  • Discretionary and formulaic incentive and retention awards
  • medical, dental & vision coverage
  • 401(k)
  • life, accident, and disability insurance
  • wellness programs
  • paid time off packages, including planned time off (vacation), unplanned time off (sick leave), and paid holidays
  • Fulltime
Read More
Arrow Right

Country Compliance Officer UAE - Director

The Citi Country Compliance Officer (CCCO) is responsible for overseeing the Com...
Location
Location
United Arab Emirates , Dubai
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Credibility as a subject matter expert and experience of dealing with issues that have a high impact at all levels of the organization
  • Experience of working with key country level regulators and industry associations
  • Knowledge of local regulatory requirements and obligations and the ability to identify emerging compliance issues and themes
  • An ability to influence senior business leaders on all compliance risk-related matters affecting the business. The individual should have the ability to independently challenge, when needed, while at the same time being supportive and solution-based and not being perceived as obstructive
  • An ability to be hands on and in the trenches with the direct team, while also bringing a sense of strategic vision and a global sensibility to the function
  • Ability to navigate and negotiate through conflicting demands to maintain focus on priority objectives while ensuring key stakeholders needs are met
  • Strong team leadership, communication, interpersonal and management skills, with a track record of leading through change and the ability to effectively communicate the strategic vision to various stakeholder groups
  • Effective negotiation skills, a proactive and no surprises approach in communicating issues and strength in sustaining independent views. Strong presentation and relationship management and influencing skills are essential
  • The ability to thrive and execute in a complex, highly matrixed, global environment
  • Fluency in English language required and local language proficiency
Job Responsibility
Job Responsibility
  • Key Activities Governance and Organization: Annual Country Compliance Plan: Preparing, obtaining approval and successfully completing an annual compliance risk management plan, in accordance with the global template and content and presentation requirements, setting out how compliance risk will be managed within the jurisdiction and its constituent parts, and the role to be played by ICRM in order to achieve the plan
  • Identification of the jurisdictional requirements, accountabilities and the process ownership and monitoring and testing ownership, as well as the determination of suitable staffing, hours required and secured budget in order to achieve the state of compliance within risk appetite will be set out in the plan, which will be reviewed quarterly with the jurisdictional CCC and ICRM, as well as any applicable legal entity, as well as where required by applicable regulatory agencies
  • State of Compliance Reporting: Preparing quarterly, in accordance with the approved global format, and in adherence to all established requirements for the State of Compliance reporting
  • Enhancing Governance: Providing a valued interactive program of support and compliance risk management services covering the assessment and reporting of Key Compliance Risks across products, services, functions, legal entities, service centers and the jurisdiction as a whole
  • Timely reporting of significant local regulatory issues to local, overseas, regional, and global stakeholders
  • Maintaining on-going assessment and reporting of the State of Compliance through the relevant corporate governance committees such as country audit committee(s) and/or subsidiary board(s), country coordinating committee and business risk management committee, and other management
  • Stakeholder Support and Relationships: Developing senior management relationships, including with legal entity management focus, inclusive of non-executive directors (where they exist in the jurisdiction), and the CCO as well as product functional and entity/service center line management
  • Proactively anticipate and help the business and functions plan for changes in the compliance and regulatory environment in the country
  • Build and maintain strong relationships with other functional leads, including Legal, Risk Management, including Operational Risk Management, and Internal Audit to create a supportive and seamless compliance and ethical control culture and an appropriate conduct risk environment
  • Regulatory Management and Coordination: Supporting the Citi Country Officer (CCO) in the management and development of regulatory relationships
What we offer
What we offer
  • Learn About Global Benefits
  • Fulltime
Read More
Arrow Right

Manager, IT Governance, Risk & Compliance

Reporting to the Director, IT Governance, Risk & Compliance, the GRC Manager is ...
Location
Location
Canada , Toronto
Salary
Salary:
85000.00 - 125000.00 CAD / Year
fourseasons.com Logo
Four Seasons
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree or equivalent business qualifications
  • Minimum 5 years of experience with PCI standard and GRC methodologies
  • Information Security Certification or Accreditation is an asset
  • Professional security management certifications are highly preferred (ie. CISSP, CRISC)
  • PCI Compliance: Strong understanding of PCI DSS requirements and the use of compliance tools to support adherence to the standards
  • Reporting & Analytics: Proficient in reporting tools for creating dashboards, analyzing program data, and generating compliance and risk reports that support leadership decision‑making
  • IT Governance: Strong knowledge of governance frameworks such as COBIT and ISO 27001, applying these structures to strengthen compliance and manage risks effectively
  • Ticketing & ITIL: Proficient in ITIL‑based ticketing systems such as ServiceNow to manage incidents, problems, and changes, ensuring smooth service delivery and timely issue resolution
  • Risk Management: Comprehensive understanding of IT and cybersecurity risk practices, including identifying and evaluating risks and supporting remediation efforts
  • Change Management: Experienced in managing and reviewing IT change requests to assess compliance and risk impact, ensuring proper approvals, documentation, and alignment with internal change governance processes
Job Responsibility
Job Responsibility
  • Lead the Corporate Office PCI compliance Program, including: Define, collect, and conduct internal reviews for the Corporate Quarterly PCI compliance cycles
  • Lead the planning, evidence collection, and internal review processes for the Corporate Annual PCI assessment
  • Scheduling and participating in all audit-related meetings to ensure consistent communication between teams and the QSA
  • Overseeing remediation of audit findings and tracking progress to closure
  • Work closely with the QSA to ensure the successful annual renewal of the company’s AoC (Attestation of Compliance) and RoC (Report of Compliance) as a Level 1 service provider
  • Facilitating the Corporate annual tabletop major incident response exercise with Corporate TID teams
  • Maintain and update the company’s IT policies, standards, and procedures
  • develop new documentation and RACI matrices
  • communicate changes to relevant stakeholders
  • conduct reviews as required
  • Fulltime
Read More
Arrow Right

Director of Governance, Risk, Compliance and Trust

Everlaw is seeking a pragmatic and execution-oriented Director of GRCT to lead o...
Location
Location
United States , Oakland
Salary
Salary:
230000.00 - 312000.00 USD / Year
everlaw.com Logo
Everlaw
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 10+ years of experience in Information Security, Risk, or Compliance
  • Senior ownership of FedRAMP Moderate/High programs from authorization through steady-state operations
  • Hands-on experience implementing modern GRC automation platforms
  • Experience driving a shift from manual compliance processes toward Continuous Control Monitoring
  • Strong risk judgment, evaluating control gaps, exception requests, and architectural trade-offs pragmatically
  • Technical literacy to lead Security Impact Analyses (SIA) and embed compliance into DevOps and CI/CD workflows
  • Experience supporting customer assurance and GTM efforts—from complex security questionnaires to executive-level conversations
  • Operational and people leadership skills, skilled at establishing operating rhythms, defining meaningful program metrics, driving predictable execution, and coaching high-ownership teams
  • Clear and credible communicator, able to distill complex technical and regulatory topics
  • Bachelor’s degree in Information Security, Computer Science, Engineering, Information Systems, or a related field (or equivalent practical experience)
Job Responsibility
Job Responsibility
  • Public Sector Compliance Ownership: Own Everlaw’s public sector compliance posture, including FedRAMP and GovRAMP authorization and ongoing maintenance
  • Regulatory & Contractual Requirements: Ensure compliance with specialized regulatory and contractual requirements (e.g., CJIS, FTI)
  • Global & Industry Certifications: Accountable for global and industry certifications, including SOC 2, ISO 27001/27017/27018, UK CE+, GDPR, and HIPAA
  • Audit Readiness & Execution: Ensure sustained audit readiness through clear control ownership, effective evidence management, and scalable compliance processes
  • Strategic Certifications & Market Access: Own the go/no-go framework for pursuing new certifications or regulatory authorizations (e.g., ISO 42001)
  • Regulatory Awareness: Continuously monitor emerging regulatory and industry requirements and advise leadership on impact, readiness, and timing
  • Security Risk Identification & Management: Oversee the identification, assessment, and tracking of information security risks
  • Security Impact Analysis (SIA): Partner with Security Engineering to lead the SIA process for major system, infrastructure, and product changes
  • Third-Party Security Risk: Oversee the vendor security risk lifecycle, from onboarding through ongoing monitoring and renewal
  • Pragmatic Governance & Decision Support: Maintain security policies, standards, and exception processes
What we offer
What we offer
  • Equity program
  • 401(k) retirement plan with company matching
  • Health, dental, and vision
  • Flexible Spending Accounts for health and dependent care expenses
  • Paid parental leave and approximately 10 days (80 hours) per year of sick leave
  • Seventeen paid vacation days plus 11 federal holidays
  • Membership to Modern Health to help employees prioritize mental health and wellness
  • Annual allocation for Learning & Development opportunities and applicable professional membership dues
  • Company-sponsored life and disability insurance
  • Work in Uptown Oakland, just steps from the BART line and dozens of restaurants and walking distance to Lake Merritt
  • Fulltime
Read More
Arrow Right