×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security Data Security IT Consultant

Director, Governance, Risk & Compliance

Job in Melville, Suffolk County, New York, 11775, USA
Listing for: Accommodations Plus International
Full Time position
Listed on 2026-06-23
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security, Data Security, IT Consultant
Salary/Wage Range or Industry Benchmark: 150000 - 200000 USD Yearly USD 150000.00 200000.00 YEAR
Job Description & How to Apply Below

Overview

The Director of Governance, Risk Management & Compliance (GRC) will lead API’s global IT and security GRC program, reporting to the CISO. This leader is accountable for the company’s cyber risk management framework, regulatory compliance posture, vendor risk program, and data governance strategy.

Success in this role requires the ability to identify, evaluate, and communicate security risks — and to influence strategy across a diverse technology landscape that spans new platforms and legacy business-critical systems. This leader must balance rigorous risk management with business agility, positioning security as an enabler rather than an obstacle.

Key Responsibilities
  • Risk Management: Lead organization-wide risk analysis, maintaining a risk register with documented remediation and mitigation plans. Serve as the primary advisor on information security risks to security management and business unit leads.
  • Compliance & Audit: Establish and own the strategy for managing security audits, compliance checks, and external assessments — including GDPR, SOC 2, ISO 27001, CCPA, and other applicable standards. Liaise with internal and external auditors to implement and sustain required controls.
  • Vendor & Third-Party Risk: Build and manage a comprehensive vendor risk program, evaluating the cybersecurity and data protection controls of third parties, vendors, and business partners.
  • GRC Program Maturation: Drive ongoing security program improvement by amplifying areas of strength and developing actionable plans to address gaps. Develop and report key metrics to security and business leadership.
  • Data Governance & Protection: Lead data governance and data protection programs, ensuring alignment with enterprise risk management principles and up-to-date documentation of systems and processes.
  • Controls & IT Compliance: Facilitate IT compliance across identified controls, including IT general controls (ITGCs), application, cloud, and cybersecurity controls.
  • Policy & Communications: Document, communicate, and enforce security policies that balance risk with business operations. Champion cybersecurity best practices across all business units to reduce the organization’s attack surface.
  • Incident Response: Oversee GRC-related incident response activities, tracking occurrences and resolutions with strict documentation and reporting protocols.
  • Access Review: Manage the access review process to ensure appropriate access is consistently granted, maintained, and revoked.
Success Metrics
  • Risk register is current, with documented mitigation plans and clear ownership for all identified risks.
  • SOC 2, ISO 27001, and other applicable certifications and audits are managed on schedule with no critical findings.
  • Vendor risk program covers all strategic third parties with completed assessments and remediation tracking.
  • Security metrics are reported regularly to executive leadership with measurable program improvement over time.
  • Security policies are actively communicated, adopted, and embedded across business units.
  • Data governance documentation is current and aligned with enterprise risk and compliance requirements.
Required Skills,

Education and Experience Experience
  • 7–10+ years of experience in cybersecurity, spanning security analysis, compliance and regulatory affairs, risk management, or audit.
  • Demonstrated experience leading and managing GRC programs, including risk registers, remediation planning, and executive-level reporting.
  • Proven track record managing security audits and assessments for SOC 2, ISO 27001, GDPR, CCPA, and other standards; familiarity with PCI, HITRUST, and GLBA is a plus.
  • Hands‑on experience with vendor and third‑party risk management programs, including evaluation of cybersecurity and data protection controls.
  • Experience with incident response tracking, documentation, and reporting.
  • 2+ years of experience with AWS and/or Microsoft Azure cloud security configuration and management preferred.
Skills & Competencies
  • Proven ability to lead and influence across business units, translating complex risk concepts for both technical and non‑technical audiences.
  • Strong understanding of IT general controls, cloud controls, and…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search