Senior Director, Compliance

Senior Director Compliance

Location:

Remote (option to be fully remote or hybrid with in‑office days on Tuesday and Wednesday for employees near CB offices; occasional travel required).

The Information Security Governance Risk and Compliance (ISGRC) team works closely with other teams across the organization to assess and certify the security of College Board’s information systems and processes. The team facilitates information security governance and compliance by assessing vendors, reviewing and negotiating contractual commitments, planning disaster response, testing system strength using industry‑recognized frameworks (ISO 27001, PCI‑DSS, SOC2), obtaining compliance certifications, implementing policies, promoting security awareness and training, and testing employee security awareness through training and phishing campaigns.

As the Senior Director, Compliance, you will lead the external compliance program, contributing to the successful execution of SOC 2, ISO 27001, and PCI DSS audits in partnership with GRC leadership and internal stakeholders. You will coordinate with external auditors, ensure controls are designed, implemented, documented, and operated effectively within cloud‑based systems, translate framework requirements into practical technical controls, and embed compliance into system design and day‑to‑day operations.

Your role includes developing and maturing the compliance strategy, standardizing processes and evidence practices, and collaborating cross‑functionally with technical and non‑technical stakeholders.

• Lead the execution of external compliance audits (SOC 2, ISO 27001, PCI DSS) including audit planning, scope definition, evidence strategy, walkthrough coordination, issue resolution, and delivery of audit results.
• Act as key liaison to external auditors, leading audit communications, responding to information requests, participating in audit discussions, and providing technical context and judgment on findings.
• Partner with internal stakeholders and control owners across business areas, engineering, legal, and operations to align on audit scope, control responsibilities, evidence requirements, and remediation plans.
• Lead control readiness and continuous audit preparedness by working with control owners to ensure effective control operation throughout the audit period.

• Lead the development and execution of compliance strategy and roadmap focused on SOC 2, ISO 27001, PCI DSS, and related frameworks.
• Help standardize control design, documentation, evidence collection, and operating procedures to improve audit efficiency and repeatability.
• Establish and operate compliance governance processes, including control ownership, monitoring, issue tracking, and exception management.
• Promote continuous compliance readiness and embed compliance requirements into day‑to‑day operations and technical workflows.
• Identify opportunities to mature the compliance program through automation, continuous monitoring, improved evidence practices, and scalable audit readiness processes.

• Provide technical lead on compliance‑driven control design and implementation in cloud‑native environments.
• Lead compliance assessments and audits, conduct control walkthroughs, validate control operation, and explain system architectures and security mechanisms to auditors.
• Review technical implementations from a compliance perspective, identify gaps and audit risks early, and recommend remediation approaches.

• Build strong working relationships and trust with stakeholders at all levels, leading collaboration, decision‑making, and issue resolution.
• Partner with cross‑functional teams (engineering, legal, operations) to ensure compliance requirements are understood, owned, and executed consistently.
• Coordinate delivery of compliance initiatives, align timelines, dependencies, and responsibilities for audit readiness and remediation.
• Communicate compliance expectations, progress, and risks clearly to keep stakeholders informed,…