×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security

Director, Information Security Governance - HYBRID; Windsor

Job in Windsor, Sonoma County, California, 95492, USA
Listing for: Green Shield
Full Time position
Listed on 2026-05-31
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security
Salary/Wage Range or Industry Benchmark: 100000 - 125000 USD Yearly USD 100000.00 125000.00 YEAR
Job Description & How to Apply Below
Position: DIRECTOR, INFORMATION SECURITY GOVERNANCE - HYBRID (Windsor)

The Role in a Nutshell

Base Salary:
Range Exempt

The Director, Information Security Governance, is responsible for the strategic leadership and operational oversight of the organization’s Information Security Governance, Risk, and Compliance (GRC) functions. This role ensures a robust, risk‑based, and business‑aligned information security posture across the enterprise. The Director will develop, execute, and continuously enhance governance programs, policies, and processes that align with the NIST Cybersecurity Framework, regulatory obligations, and organizational objectives.

This position is both strategic and hands‑on—requiring expertise in cybersecurity risk management, policy governance, third‑party oversight, regulatory compliance, and leadership of a multidisciplinary security team. The Director supports the Vice President, Security (CISO) to liaise with executive stakeholders, including the Risk Committee, Executive Committee, and Board of Directors.

Responsibilities
  • Information & Cybersecurity Awareness and Testing
    • Design and oversee a comprehensive cybersecurity awareness and testing program covering onboarding, monthly micro‑trainings, quarterly phishing simulations, and annual enterprise‑wide training.
    • Deliver targeted training for executives, business units, and the Board of Directors, incorporating role‑based risk scenarios and regulatory expectations.
    • Measure training effectiveness through metrics and Key Risk Indicators (KRIs) for continuous program improvement.
  • Third‑Party Risk Management (TPRM) – Security Posture Assessments
    • Lead the Information Security evaluation and continuous monitoring of third‑party vendors, ensuring robust due diligence and risk scoring against security posture standards and procedures.
    • Develop and manage the vendor security assessment lifecycle, integrating findings into enterprise risk reporting and procurement processes.
  • Information Security Policy and Standards Management
    • Maintain and expand the Information Security Policy and Standards library to align with evolving business operations, regulatory changes, threats, and frameworks (NIST, SOC2, OSFI, ISO
      27001, etc.).
    • Oversee policy governance and internal communication to ensure organizational compliance and understanding.
  • Cybersecurity Incident Response Program
    • Lead the development, testing, and maintenance of the Cybersecurity Incident Response Plan (CIRP) and oversight of playbook updates in partnership with the Information Security Operations team.
    • Facilitate regular tabletop exercises simulating real‑world attack scenarios, driving executive participation and readiness.
  • Business Enablement
    • Support revenue growth by leading the security response to RFPs, participation in client meetings, and due diligence requests, enabling sales opportunities.
    • Lead client assurance efforts, including security audit responses and TPRM assessments, reinforcing trust and compliance assurance with customers.
  • Information & Cybersecurity Risk Management Program
    • Develop and operationalize a comprehensive Cybersecurity Risk Management framework aligned to NIST CSF.
    • Oversee the execution of security risk assessments and quantification models to measure and report risk exposure across business units.
    • Lead ongoing security control testing for systems, applications, and third parties to validate security control design and effectiveness, ensuring risk mitigation.
  • Information Security Governance Program
    • Architect and execute a governance model that aligns with corporate strategy and risk appetite, ensuring consistent oversight of security programs and compliance obligations.
    • Maintain governance documentation, charters, and processes reflecting continuous improvement and audit readiness.
  • Information Security Control Framework
    • Develop and manage a centralized Control Library mapping to regulatory, policy, and framework requirements.
    • Oversee periodic control testing, validation, and maintenance activities, ensuring transparency and traceability to audit results.
  • Business Continuity Program (BCP)
    • Oversee development, implementation, and testing of Business Continuity and Disaster Recovery programs.
    • Conduct Business Impact Assessments (BIAs), Process Impact…
    • To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
    (If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
     
     
     
    Search for further Jobs Here:
    (Try combinations for better Results! Or enter less keywords for broader Results)
    Location
    Increase/decrease your Search Radius (miles)
    0
    200
    Filters
    Education Level
    Experience Level (years)
    Posted in last:
    Salary
    Advanced Search