CrawlJobs Logo

Senior Governance, Risk & Compliance Lead

United States · Job Posted March 12, 2026
Apply Position
Job Link Share

Job Description

OnePlan is looking for a Senior Governance, Risk & Compliance Lead to own and operate our security, privacy, and compliance programs. This role is responsible for maintaining OnePlan’s existing certifications including SOC 2 Type II, ISO 27001, and ISO 27701, while leading our FedRAMP Moderate readiness initiative as we expand into public sector markets. This is a senior individual contributor role focused on building and operationalizing a scalable governance, risk, and compliance program within a Microsoft based SaaS ecosystem.

Job Responsibility

  • Own and manage OnePlan’s governance, risk, and compliance program across security and privacy frameworks
  • Maintain the company’s compliance certifications including SOC 2 Type II, ISO 27001, and ISO 27701, ensuring ongoing audit readiness and successful surveillance audits and recertifications
  • Coordinate with external auditors and manage evidence collection, control validation, and supporting documentation
  • Maintain and update security policies, procedures, and internal documentation supporting compliance frameworks
  • Maintain the company risk register and drive risk identification, assessment, and remediation activities across the organization
  • Partner closely with Engineering and IT teams to implement and document security controls across the platform
  • Lead OnePlan’s FedRAMP Moderate readiness initiative, including NIST 800-53 gap assessments and remediation planning
  • Develop and maintain the System Security Plan (SSP) and associated FedRAMP documentation
  • Prepare the organization for 3PAO assessment and establish processes for ongoing continuous monitoring
  • Manage vendor risk assessments and third party security reviews
  • Support enterprise and public sector security questionnaires, compliance reviews, and due diligence requests
  • Ensure privacy and data protection practices align with GDPR and global privacy frameworks
  • Support the ongoing operation of OnePlan’s ISO 27701 privacy program

Requirements

  • 6+ years of experience in governance, risk and compliance, information security, or security compliance roles
  • Direct experience managing SOC 2 Type II and ISO 27001 audits and maintaining ongoing compliance programs
  • Strong understanding of NIST 800-53 and FedRAMP security requirements
  • Experience using compliance automation platforms such as Vanta or similar tools
  • Experience working in a cloud native SaaS environment, ideally within Azure
  • Strong documentation, audit management, and cross functional coordination skills
  • Ability to translate security and compliance requirements into practical operational processes
  • Experience leading or supporting FedRAMP readiness or authorization programs

Nice to have

  • Professional certifications such as CISSP, CISM, CISA, CRISC, ISO 27001 Lead Implementer/Auditor, or CIPP
  • Experience supporting enterprise security reviews and government compliance requirements
  • Experience working in high growth SaaS or enterprise software companies

What we offer

  • We offer comprehensive health, dental, and vision benefits, with additional insurance options
  • Employer RRSP and 401K matching programs
  • A fun, collaborative, and diverse environment with regular health and team challenges to keep things light and enjoyable

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Similar Jobs for

Senior Governance, Risk & Compliance Lead

8 matching positions

New

Senior Governance, Risk & Compliance Business Partner

Are you a seasoned GRC professional who thrives on moving beyond advisory to act...
Location
Location
Australia , Adelaide
Salary
Salary:
70.00 - 75.00 AUD / Hour
https://www.randstad.com Logo
Randstad
Expiration Date
July 23, 2026
Flip Icon
Requirements
Requirements
  • Proven Delivery Track Record: Deep, practical experience in governance, risk, and compliance within complex environments, with a proven history of personally leading or materially driving GRC uplift initiatives
  • Framework Expertise: Strong working knowledge of risk management principles aligned directly to ISO 31000
  • Executive Presence: Demonstrated ability to operate as a trusted advisor to executive leadership, with exceptional verbal and written communication skills
  • Execution & Analytical Capability: Strong analytical capability with the ability to interpret complex policy or legislation (including Freedom of Information processes) and translate them into actionable business solutions
  • Agility: The ability to determine priorities, bring structure to ambiguity, manage competing demands, and deliver high-quality outcomes to tight timeframes
  • 10 years experience
Job Responsibility
Job Responsibility
  • Drive GRC Maturity: Strengthen and uplift the organisation's GRC maturity, translating risk and compliance frameworks into practical, embedded business practices
  • Internal Audit & Assurance: Lead the development and formulation of a detailed, risk-based Internal Audit Plan for executive and board sub-committee approval
  • Strategic Business Partnering: Influence, consult, and partner with executives and senior leaders to embed clear accountability for risk, compliance, and internal controls
  • Policy & Framework Custodianship: Review, draft, and maintain robust corporate policies and procedures, ensuring strict alignment with legislative and government policy requirements (including protective security frameworks)
  • Reporting & Briefings: Prepare high-level briefings, reports, and papers for executive leadership and board-level review
Read More
Arrow Right

Senior Information Security Governance, Risk and Compliance Specialist

The Senior Information Security Governance, Risk and Compliance (GRC) Specialist...
Location
Location
Salary
Salary:
Not provided
nttdata.com Logo
NTT DATA
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree or equivalent in Information Technology or Computer Science degree or related field
  • Security certifications such as CISA, CRISC, COBIT, IIA or equivalent preferred
  • Certifications such as Lead audit/Implementer - ISO 27001, SOC TSP preferred
  • Advanced experience in information security, including GRC-related roles
  • Advanced experience in leading risk assessments, compliance efforts, security awareness initiatives, and policy management
  • Advanced understanding of information security frameworks and standards
  • Advanced proficiency in conducting risk assessments, analyzing security controls, and policy management
  • Excellent communication and interpersonal skills for collaborating with various stakeholders
  • Strong project management skills for handling security initiatives
  • Advanced familiarity with legal and compliance aspects related to information security
Job Responsibility
Job Responsibility
  • Leads risk assessments and gap analyses to identify vulnerabilities and recommends risk mitigation strategies
  • Develops and maintains security policies, standards, and procedures
  • Collaborates with legal and compliance teams to ensure adherence to regulatory requirements
  • Provides guidance and support to junior GRC team members
  • Assists in the creation and delivery of security awareness and training programs
  • Participates in security incident response activities as needed
  • Contributes to the continuous improvement of the information security program
  • Assists in policy management and refinement
  • Performs any other related task as required
  • Fulltime
Read More
Arrow Right

Risk & Compliance Senior Director Consulting Practice Lead

The Risk & Compliance Senior Director Consulting Practice Lead role at NTT DATA ...
Location
Location
United States , New York
Salary
Salary:
216405.00 - 480900.00 USD / Year
nttdata.com Logo
NTT DATA
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 15+ years of experience in Risk & Compliance, including direct business development, client relationship management, and talent development
  • 8+ years of experience in a Management Consulting firm (Big 4 preferred) with strong customer engagement and delivery oversight
  • 5+ years’ experience: Credit experience in at least one of the following areas: Institutional, Corporate, or Commercial credit across all products
  • Commercial, Corporate & Markets Loan Workout across major credit cycles
  • Risk appetite, governance, and limits management
  • Fraud, waste, and abuse
  • Data and customer privacy
  • Personal credit signing authority
  • Enterprise Risk Management experience, including: Designing and executing risk management frameworks (including regulatory remediation)
  • Risk identification across operational, reputational, financial crime, and compliance domains
Job Responsibility
Job Responsibility
  • Lead, manage, and grow the Risk & Compliance consulting practice
  • Oversee the delivery of the largest and most complex client engagements
  • Collaborate with executive leadership to set organizational strategy and business objectives
  • Influence long-term strategic focus and drive both tactical and transformational change
  • Serve as a trusted advisor to executive stakeholders, providing expert-level consulting and subject matter expertise
  • Deliver thought leadership and innovative, leading-edge consulting solutions
  • Guide clients on business strategy, technology strategy, and prioritization based on industry trends
  • Build and maintain strong relationships with C‑suite executives in targeted organizations
  • Contribute to solution development and strategic decision-making across the organization
What we offer
What we offer
  • medical, dental, and vision insurance
  • flexible spending or health savings account
  • life and AD&D insurance
  • short and long term disability coverage
  • paid time off
  • employee assistance
  • participation in a 401k program with company match
  • additional voluntary or legally-required benefits
Read More
Arrow Right

Markets Data Risk Senior Lead Analyst - Senior Vice President

We are seeking a highly experienced Senior Vice President (SVP) to fill a global...
Location
Location
United Kingdom , London
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Significant senior-level experience in risk management, data governance, or internal audit within the financial services industry
  • Deep understanding of a Markets business, including complex traded products, end-to-end trade lifecycles, and associated data flows
  • Proven, in-depth expertise in the design, implementation, and assessment of risk and control frameworks, including hands-on experience with RCSA/MCA processes
  • Comprehensive understanding of data's role in business decisions, risk management, and regulatory compliance, with the ability to analyze data lineage and architecture
  • Exceptional communication and influencing skills with a demonstrated ability to present data-driven narratives to senior stakeholders
  • A track record of developing and implementing long-term strategies that deliver measurable improvements in control effectiveness and risk reduction
Job Responsibility
Job Responsibility
  • Lead rigorous, top-down assessments of data controls across all Markets processes to identify weaknesses and gaps
  • Own and refine the Risk & Control Self-Assessment (RCSA)/Manager Control Assessments (MCA) for Markets Data
  • Design robust data controls to mitigate identified risks
  • Evolve and enhance the Markets Data Risk Appetite framework, defining standards for inherent risk, control effectiveness, and residual risk tolerance
  • Drive the implementation of new data controls within existing governance frameworks and operational workflows
  • Develop key data quality metrics (KRIs/KPIs) and deliver insightful reports on control effectiveness and the overall risk landscape to senior management
  • Serve as the organization's senior expert on data risk and controls
  • Act as a primary liaison between Data Managers, Process Owners, and senior leadership, using exceptional influencing skills to drive complex, cross-functional control improvement initiatives
What we offer
What we offer
  • Generous holiday allowance starting at 27 days plus bank holidays
  • increasing with tenure
  • A discretional annual performance related bonus
  • Private medical insurance packages to suit your personal circumstances
  • Employee Assistance Program
  • Pension Plan
  • Paid Parental Leave
  • Special discounts for employees, family, and friends
  • Access to an array of learning and development resources
  • Fulltime
Read More
Arrow Right

Senior Engineering Lead - Credit Risk - Senior Vice President

This is a Senior Lead Principal Engineer position responsible for establishing a...
Location
Location
India , Chennai
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Full-stack developer with 10+ years of experience in designing and developing robust, scalable, and maintainable applications applying Object Oriented Design principles
  • Hands-on experience in Web technologies (HTML, CSS, React JS), REST-APIs, and Backend using Java/J2EE technologies
  • Deep experience with Big Data technologies and data platforms capable of handling vast datasets for training, serving, and managing AI models
  • Strong knowledge of cloud platforms (AWS, Azure, or Google Cloud) and deployment/packaging solutions such as Dockers/Kubernetes, OpenShift
  • Experience with Agile software development processes with a strong emphasis on test driven development
  • Strong knowledge of CI/CD pipelines and experience in tools such as JIRA, BlackDuck, SONAR etc
  • Deep understanding of JVM internals such as class loading and memory management
  • Java Core with extensive hands-on experience with concurrent programming
  • Spring Framework including Core, Integration, Batch, JDBC, Hibernate
  • Distributed Caching frameworks such as Oracle Coherence, Redis or equivalent
Job Responsibility
Job Responsibility
  • Provide technical leadership and development oversight to the wider team of Software Engineers/Analysts
  • Ensure application design adheres to the appropriate architectural and design patterns for scalable and intelligent systems
  • Develop key software components personally, and use your code as a teaching tool across the team for patterns and techniques, especially concerning Agentic AI design and implementation
  • Host sessions for design and code review at multiple levels of the organization
  • Improve our engineering standards and process to make the team more capable and efficient, embracing AI-assisted development practices, including the use of tools like Git Copilot and Devin AI
  • Collaborate effectively with a large global team of software engineers, business analysts, dev-ops and support staff to deliver software solutions for the business
  • Lead the adoption of new technologies where appropriate to solve business problems while adhering to Citi's architectural guidelines, with a strong focus on Agentic AI and Machine Learning frameworks
  • Serve as advisor or coach to mid-level/junior developers and analysts, helping build the overall engineering capabilities of the team, particularly in AI/ML and intelligent systems development
  • Appropriately assess risk when decisions are made, demonstrating particular consideration for the firm's reputation and safeguarding Citigroup, its clients and assets, by driving compliance with applicable laws, rules and regulations, adhering to Policy, applying sound ethical judgment regarding personal behavior, conduct and business practices, and escalating, managing and reporting control issues with transparency
  • Fulltime
Read More
Arrow Right

Risk & Controls Oversight Senior Lead - AI & Data Risk

As a Risk & Controls Oversight Senior Lead – AI & Data Risk you’ll be responsibl...
Location
Location
United Kingdom , London; Northampton
Salary
Salary:
Not provided
barclays.co.uk Logo
Barclays
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Good understanding of Retail Banking Customer Journeys to identify and manage associated risks and controls
  • In-depth expertise in Data and Records Management. This includes knowledge of data architectures, data quality standards, and data retention/deletion practices
  • Expertise in AI, with a focus on ethical principles, transparency and fairness assessments
  • Ensure good Risk Assessment and governance across use AI case approval, validation, deployment and monitoring
  • Up-to-date with the latest advancements in AI, including Generative AI, and the associated risks
  • Proven experience in data analytics, data science, and driving automation and digitization within Risk Management processes
  • Ability to balance risk management with business goals when defining Risk Appetite, and effectively influencing or negotiating with stakeholders on risk acceptance
  • Be able to conduct active deep dives and Risk assessments for active Risk management
  • Well-versed in market trends, competitor activities, and the broader risk environment, with the ability to use this knowledge to enhance internal controls
  • Having gravitas and experience in influencing senior stakeholders including Managing Director level
Job Responsibility
Job Responsibility
  • Developing and assessing risk appetite
  • Leading conversations on risk acceptance
  • Ensuring controls are designed and assessed properly, resolving any gaps and improving the control environment
  • Ensuring ongoing monitoring of controls to keep the business audit ready
  • Embedding active risk management culture
  • Assessing new business activities and leveraging tools KRIs and risk dashboards
  • Staying on top of market trends and emerging risks
  • Driving continuous education based on internal and external themes and lessons learnt
  • Ensuring compliance with relevant laws and regulations
  • Preparing and enhancing governance papers and reports
What we offer
What we offer
  • Cycle or run to work
  • CoSpace drop-in co-working space
  • Wellness Suite including a well-equipped gym and exercise studios, personal training sessions and massage therapy
  • Advanced trading floors
  • Inclusive and supportive culture
  • Hybrid working
  • Fulltime
Read More
Arrow Right

Senior Python Tech Lead - Market Risk Quant Engineer - Senior Vice President

The senior python market risk engineer is a senior level position responsible fo...
Location
Location
India , Pune
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 15+ years of relevant experience
  • Experience in implementing projects
  • Experience in systems analysis and programming of software applications
  • Demonstrated Subject Matter Expert (SME) in area(s) of Applications Development
  • Demonstrated knowledge of client core business functions
  • Demonstrated leadership, project management, and development skills
  • Relationship and consensus building skills
  • Bachelor’s degree/University degree or equivalent experience
  • Highly Experienced Python Professional with great exposure to architecting and building horizontally scalable, highly available, highly resilient and performant applications
  • Extensive development expertise in building efficient software platforms for data computation and processing
Job Responsibility
Job Responsibility
  • Lead integration of functions to meet goals, deploy new products, and enhance processes
  • Analyze complex business processes, system processes, and industry standards to define and develop solutions to high level problems
  • Provide expertise in area of advanced knowledge of applications programming and plan assignments involving large budgets, cross functional project, or multiple projects
  • Develop application methodologies and standards for program analysis, design, coding, testing, debugging, and implementation
  • Utilize advanced knowledge of supported main system flows and comprehensive knowledge of multiple areas to achieve technology goals
  • Consult with end users to identify system function specifications and incorporate into overall system design
  • Allocate work, and act as an advisor/coach developers, analysts, and new team members
  • Influence and negotiate with senior leaders and communicate with external parties
  • Appropriately assess risk when business decisions are made, demonstrating particular consideration for the firm's reputation and safeguarding Citigroup, its clients and assets, by driving compliance with applicable laws, rules and regulations, adhering to Policy, applying sound ethical judgment regarding personal behavior, conduct and business practices, and escalating, managing and reporting control issues with transparency.
  • Fulltime
Read More
Arrow Right

Risk And Controls Oversight Senior Lead - Retail And Wealth Risk

As a Risk & Controls Oversight Lead - Retail & Wealth Risk, you’ll be responsibl...
Location
Location
United Kingdom , London; Northampton
Salary
Salary:
Not provided
barclays.co.uk Logo
Barclays
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Good understanding of Retail Banking Customer Journeys to identify and manage associated risks and controls
  • Ability to balance risk management with business goals when defining Risk Appetite, and effectively influencing or negotiating with stakeholders on risk acceptance
  • Be able to conduct active deep dives and Risk assessments for active Risk management
  • Well-versed in market trends, competitor activities, and the broader risk environment, with the ability to use this knowledge to enhance internal controls
  • Having gravitas and experience in influencing senior stakeholders including Managing Director level
  • Ability to design and implement the Risk strategy in line with the Overall Vision of BUK Customer and Digital function
  • Deep understanding of market trends, competitor activities, and the broader risk environment, using this knowledge to drive continuous improvements in internal controls
  • Subject Matter Expertise and experience of delivering transformation and change in Risk management
Job Responsibility
Job Responsibility
  • Overseeing risk and control across Retail customers being referred for Investment and Wealth products
  • ensuring that key risks are effectively identified, understood, and managed
  • maintaining a great focus on customer outcomes
  • helping to prevent issues such as mis-selling, poor advice, unresolved complaints, and inconsistent delivery of Consumer Duty expectations
  • assessing risks linked to product suitability and proposition design
  • ensuring products are appropriate for their target audience and deliver fair value
  • supporting the management of advice boundary and referral risks
  • ensuring clear and effective controls are in place across Barclays UK (BUK) – Prive Bank and Wealth Management (PBWM) interactions and that the distinction between guidance and advice is maintained
  • oversight of sales and distribution practices
  • monitoring risks related to incentivisation and ensuring consistency across digital, telephony, and branch channels
What we offer
What we offer
  • Hybrid working
  • flexible working arrangements
  • inclusion and opportunities
  • Wellness suite including gym and exercise studios
  • personal training sessions and massage therapy
  • cycle hire and parking areas
  • showering and changing facilities
  • CoSpace drop-in co-working space
  • Fulltime
Read More
Arrow Right