Senior Director, Cybersecurity Governance, Risk & Compliance; GRC

Overview

The Senior Director GRC at Infor will lead enterprise GRC at a global high‑tech software company operating at the leading edge of cloud, AI, and enterprise SaaS. You'll shape the governance, risk, and compliance strategy for a complex, multi‑cloud product portfolio serving customers across regulated industries worldwide - navigating an evolving global regulatory landscape that spans data privacy, AI governance, cloud sovereignty, and critical infrastructure protection.

Experience leading enterprise cybersecurity GRC programs at a high‑tech, cloud‑first software or SaaS company.

• Direct a high‑performing GRC organization spanning risk management, compliance, audit, policy, and third‑party risk. Mentor leaders, scale processes, and set the standard for operational excellence.
• Define and execute the enterprise cybersecurity GRC strategy - aligning governance frameworks, risk appetite, and compliance priorities with business objectives, product roadmaps, and customer commitments.
• Stay ahead of a rapidly shifting global regulatory landscape - GDPR, CCPA/CPRA, EU AI Act, NIS2, DORA, SEC cyber disclosure rules, state privacy laws, sector‑specific mandates (HIPAA, PCI DSS, FedRAMP, CMMC, IRAP, C5), and emerging AI governance requirements. Translate change into actionable controls and customer‑facing assurances.
• Build and operationalize the AI risk and governance program - model risk management, responsible AI principles, training data governance, AI system inventories, and alignment with NIST AI RMF, ISO/IEC 42001, and the EU AI Act. Partner with engineering and product on AI assurance for generative and agentic features.
• Own compliance posture across multi‑cloud environments (Azure, AWS, GCP). Drive continuous control monitoring, automated evidence collection, and compliance‑as‑code to keep pace with rapid product innovation.
• Operate the enterprise cyber risk program - risk identification, quantification (FAIR or equivalent), treatment, and reporting. Provide clear, decision‑ready risk insights to executives, the board, and audit committees.
• Lead external audits and certifications (SOC 1/2, ISO 27001/27701/42001, PCI DSS, FedRAMP, HITRUST, regional sovereign clouds). Build an audit‑ready posture that scales with the business.
• Mature the TPRM and software supply chain risk programs - vendor due diligence, ongoing monitoring, SBOM governance, and contractual security obligations.
• Maintain a coherent policy and standards library aligned to NIST CSF 2.0, ISO 27001, CIS Controls, and SSDF. Drive adoption across engineering, IT, and business units.
• Partner with sales, legal, and product to support customer trust - RFPs, security questionnaires, trust portals, DPAs, and executive customer engagements in regulated sectors.
• Partner with security operations and legal on incident response governance, regulatory notification obligations, and breach disclosure readiness.
• Deliver clear, business‑aligned reporting to the CISO, executive leadership, and the board on risk posture, compliance health, and program maturity.

• Experience across major frameworks and standards: NIST CSF 2.0, NIST 800‑53, ISO 27001/27701/42001, SOC 2, PCI DSS, FedRAMP, HIPAA, GDPR, and emerging AI governance frameworks (EU AI Act, NIST AI RMF).
• Experience of multi‑cloud environments (Azure, AWS, GCP) and modern compliance automation - continuous control monitoring, GRC platforms (e.g., Service Now IRM, Archer, One Trust, Drata, Vanta), and compliance‑as‑code.
• Experience of AI/ML risk and governance - securing and governing generative AI, LLM‑integrated products, model lifecycle, and AI supply chain.
• Experience of enterprise risk management methodologies, risk quantification (FAIR), and translating risk into business language.
• Experience of managing complex external audits and customer assurance programs at scale.
• Experience briefing boards, regulators, and enterprise customers with clarity and credibility.
• Experience balancing long‑term program vision with pragmatic execution in a fast‑moving product environment.

Location:

Atlanta GA, Dallas TX