Director - Governance, Risk and Compliance
Job in
Norwalk, Fairfield County, Connecticut, 06850, USA
Listed on 2026-06-19
Listing for:
FactSet Research Systems Inc.
Full Time
position Listed on 2026-06-19
Job specializations:
-
IT/Tech
Cybersecurity, Information Security, Data Security, IT Consultant
Job Description & How to Apply Below
to financial data and analytics that investors use to make crucial decisions.
At Fact Set, our values are the foundation of everything we do. They express how we act and operate, serve as a compass in our decision-making, and play a big role in how we treat each other, our clients, and our communities. We believe that the best ideas can come from anyone, anywhere, at any time, and that curiosity is the key to anticipating our clients' needs and exceeding their expectations.
Locations:
Norwalk, CT | New York City
Working Environment:
Hybrid
Your Team's Impact:
The Information Security team at Fact Set drives cybersecurity governance, risk, and compliance activities across the Technology organization. The team is responsible for ensuring that technology systems, infrastructure, and projects are effectively designed, managed and optimized to meet security and regulatory requirements. This includes promoting cross-functional collaboration to identify and remediate cyber risks consistently and reporting KRIs and KPIs.
We are seeking an experienced, proactive Cyber Risk Leader to serve as the Director of Governance, Risk, and Compliance. This critical role involves leading a global GRC team within the Information Security function, with responsibilities spanning strategic management of cyber risk, third-party risk, customer trust, and development of policies and standards. The successful candidate will collaborate with Technology, Compliance, Business, and Legal teams to update audit frameworks and assess cyber risks, partnering with internal and external auditors to support technology audits.
In addition to providing strategic reports for senior management and guidance on regulatory alignment, the role demands input into technology decisions and crafting long-term strategic roadmaps. Reporting directly to the CISO, the ideal candidate will leverage deep technical knowledge, exceptional analytical skills, and strong collaborative abilities to drive measurable security outcomes and uphold Fact Set's commitment to industry-standard compliance.
What You'll Do:
* Develop and implement an Information Security GRC strategy, aligning with business objectives, risk tolerance, security frameworks, and regulatory requirements, providing both short-term and long-term roadmaps.
* Manage the lifecycle of security policies, standards, and procedures to comply with regulations and industry standards, including SOX, SOC2, ISO 27001, and DORA.
* Oversee the implementation and management of the Security GRC platform to enhance visibility into organizational risk and compliance, while providing actionable intelligence on vendor and customer-facing security posture.
* Lead and mature the third-party risk management and customer trust processes, including onboarding, risk assessments, audits, security documentation, and remediation efforts.
* Define and monitor key risk and compliance indicators (KRIs/KPIs), implementing continuous monitoring to ensure vendor performance, customer assurance, and policy adherence are in line with program effectiveness and accountability.
* Coordinate and support comprehensive technology audits and collaborate with external auditors to meet audit requirements and timelines, managing assessments of IT general controls and maintaining the enterprise cyber risk register.
* Foster a cyber-aware culture by implementing training programs, managing a Security Culture Framework, and building a high-performing GRC team through leadership, mentoring, and development.
* Partner with IT, security, and compliance teams to provide insights and guidance on risk mitigation strategies, control enhancements, and findings remediation, while communicating audit findings and recommendations to senior management.
* Prepare and present regular reports to the executive team on GRC posture and initiatives, leveraging automated audit tools and data analytics for improved audit efficiency and insights.
Qualifications:
* Bachelor's degree in information technology, Computer Science, or a related field. Master's degree is preferred.
* 15+ years of experience in information security focusing on governance, risk and compliance domains.
* Strong knowledge of IT risk assessment, IT General Controls, NIST framework, and other compliance frameworks.
* Hands-on experience with third-party risk management programs, encompassing vendor assessments, contract clauses, remediation tracking, and customer trust initiatives.
* In-depth understanding of application, endpoint, network, cloud and infrastructure security controls to validate control design and drive mitigation of identified gaps.
* Expertise in deploying and managing GRC and automation platforms, and effectively translating risk data into executive dashboards and meaningful KRIs/KPIs.
* Familiarity with AI tools and trends such as generative and agentic AI, with a…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
Search for further Jobs Here:
×