Senior Director, Governance, Risk & Compliance

Overview

The Governance, Risk & Compliance (GRC) Senior Director is a member of the Chief Information Officer (CIO) organization and positioned strategically to support governance, reduce risk and strengthen compliance within the organization. The GRC Sr. Director is to provide highly skilled technical and information security expertise for development and implementation of the information security risk management program which includes product compliance, policy and audits. 

What You'll Do

  • Responsible for strategic and tactical improvement/expansion and implementation of measures to mitigate security risks in the areas of responsibility.

  • Perform other duties as assigned to ensure the smooth functioning of the department and maintain the reputation of the organization as a viable business partner.

  • Recommend programmatic and technical directions and operate with a high degree of independence in matters relating to the investigation, impact, and analysis of security incidents, decisions regarding risk, and measures for product, computer, and network security.

  • Execute strategy for dealing with increasing number of audits, compliance checks and external assessment processes from customers and external auditors relating to effective security practices, ISO 27001/2, ISO9001, SOC1, SOC 2-HIPAA, PCI-DSS and FedRAMP.

  • Strategically reviewing existing current policies and strategically reviewing for streamlining, simplification and/or revision. Gaining cross-functional support and buy in while meeting compliance requirements.

  • Assist in the development and implementation of effective and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation and alignment with business objectives.

  • Lead the organization-wide information security compliance program, ensuring IT activities, processes, and procedures meet defined requirements, policies and regulations.

  • Interacts in both oral and written communications with all levels of Company staff including; IT, engineering, senior leadership, general counsel, auditors, customers, and technology vendors and contractors, in matters related to information security.

  • Work with customers, external auditors, and outside consultants as appropriate on required security assessments and audits.

  • Coordinate and track all information technology and security related audits including scope of audits, parties involved, timelines, auditing agencies and outcomes. Work with auditors as appropriate to keep audit focus in scope, maintain excellent relationships with audit entities and provide a consistent perspective that continually puts the organization in its best light. Provide guidance, evaluation and advocacy on audit responses.

  • Assist in the development and implementation of Business Continuity Planning and testing.

  

 

Who You Are

  • 8+ years GRC experience 

  • 3+ years progressively responsible for security risk management frameworks and compliance practices such as ISO/NIST

  • Program and/or Project Management experience including PgM or PMP certification preferred

  • Experience with achieving/maintaining compliance for product security certifications such as ISO27001, ISO9001, SOC1, SOC2, SOC2-HIPAA, PCI-DSS and FedRAMP.

  • Business Continuity Planning development and testing

  • Strong leadership skills and ability to lead and horizontally-manage cross-functional teams 

  • Experience interacting with and influencing executive management and cross-functional teams 

  • Excellent interpersonal and relationship building skills 

  • Highly developed organization skills with the ability to smoothly handle rapidly evolving, multi-dimensional negotiations under strict timelines 

  • Ability to present a position, negotiate and drive an initiative

  • Strong understanding of asset related KPIs, analysis, operational tracking and reporting 

  • Education: Bachelor’s degree, preferably in Business Management, Operations Management or related experience 

  • Excellent written and verbal communication skills 

  • Ability to manage multiple priorities 

  • Experience in small-medium sized, highly regulated industry such as healthcare, finance and/or publicly traded

  • Strong problem solving ability

  • Data Privacy (GDPR/CCPA) experience and/or Certified Information Privacy Manager (CIPM) is a bonus

About TIBCO

TIBCO Software Inc. unlocks the potential of real-time data for making faster, smarter decisions. Our Connected Intelligence Platform seamlessly connects any application or data source; intelligently unifies data for greater access, trust, and control; and confidently predicts outcomes in real time and at scale. Learn how solutions to our customers’ most critical business challenges are made possible by TIBCO at www.tibco.com.

Department

IT

Type

Full Time

Location

Boston,

United States