Director, Governance, Risk, & Compliance

Bertelsmann

$120K — $150K *
Information Technology
8 - 10 years of experience
Job Overview by Ladders

Qualifications

  • 10+ years of experience in cybersecurity, risk management, or compliance.
  • 5+ years in a leadership role within GRC or a related function.
  • Bachelor's degree in Cybersecurity, Information Security, IT, Business, or related field.
  • Proven track record in building and managing GRC programs at mid to large organizations.
  • Experience in managing third-party risk and conducting vendor assessments.
  • Skilled in developing enterprise risk frameworks and policies.
  • Strong collaboration with executive leadership on risk initiatives.

Responsibilities

  • Lead strategy and maturity roadmap for GRC programs.
  • Develop and enforce information security policies aligned with regulations.
  • Oversee enterprise risk management for cybersecurity.
  • Coordinate audit readiness, including evidence collection and remediation tracking.
  • Manage compliance with frameworks like NIST CSF and ISO 27001.
  • Establish governance forums and reporting structures for risk decision-making.
  • Drive continuous improvement of governance practices based on audit insights.

Benefits

  • Opportunity for professional development and collaboration in office.
  • Work from Morrisville, NC office approximately 30 days per quarter.
  • Build and lead a high-performing GRC team in a pivotal cyber leadership role.
  • Access to technology platforms supporting GRC functions, enhancing workflow efficiency.
  • Engagement with executive leadership and cross-functional teams for impactful initiatives.
Full Job Description
Job Description

The Director of (Cyber) Governance, Risk & Compliance (GRC) is a cyber leadership role responsible for establishing, operationalizing, and continuously maturing the organization's cybersecurity governance, risk management, and compliance programs in alignment with enterprise strategy and regulatory obligations. This role provides strategic oversight of policy development, risk assessment and treatment, internal controls, third-party risk management, audit readiness, and regulatory engagement. The Director partners closely with security architecture, security operations, legal, privacy, internal audit, product, and business stakeholders to ensure cybersecurity practices are aligned with enterprise risk tolerance and customer expectations. The role is accountable for defining governance structures, driving risk-informed decision-making, ensuring compliance with applicable frameworks and regulations, and building a scalable GRC function that enhances transparency, accountability, and trust across the organization.

WHAT YOU'LL BE DOING:
• Lead the strategy, operating model, and maturity roadmap for governance, risk, and compliance programs.
• Develop, maintain, and enforce information security policies, standards, procedures, and guidelines aligned with regulatory and business requirements.
• Oversee enterprise risk management for cybersecurity, including risk identification, assessment, prioritization, treatment tracking, and reporting.• Maintain a centralized risk register and ensure appropriate risk acceptance, mitigation, or transfer decisions are documented and approved.
• Lead internal and external audit readiness activities, including coordination of evidence collection, control validation, and remediation tracking.
• Manage compliance with applicable frameworks and standards such as NIST CSF, ISO 27001, SOC 2, HIPAA, PCI DSS, and other regulatory obligations as applicable.
• Oversee third-party risk management processes, including vendor assessments, due diligence, risk rating, and monitoring of remediation activities.
• Establish governance forums, reporting structures, and escalation pathways to support risk-informed decision-making and accountability.
• Develop and deliver risk reporting, dashboards, and executive communications that articulate control effectiveness, compliance posture, and residual risk.
• Partner with legal, privacy, human resources, and business stakeholders to ensure alignment on regulatory obligations and data protection requirements.
• Drive continuous improvement of controls, processes, and governance practices based on audit findings, risk trends, and evolving threats.
• Support customer-facing security and compliance inquiries, including RFPs, due diligence questionnaires, and assurance reporting.
• Manage technology platforms supporting GRC functions (e.g., risk management systems, policy tools, audit tracking solutions).
• Lead, coach, and develop GRC professionals while fostering a culture of accountability, transparency, and continuous improvement.

Qualifications

YOU'VE GOT WHAT IT TAKES IF YOU HAVE/ARE:
• 10+ years of progressive experience in cybersecurity, risk management, compliance, or related fields.
• 5+ years of leadership experience in a GRC or related cybersecurity function.
• Bachelor's degree in Cybersecurity, Information Security, Information Technology, Business, or a related field; or equivalent professional experience.• Demonstrated experience building or managing governance, risk, and compliance programs in a mid-sized or large organization.
• Experience supporting audits, regulatory inspections, and compliance assessments.
• Experience managing third-party risk and vendor assessment processes.
• Experience developing policies, standards, and enterprise risk frameworks.
• Experience partnering with executive leadership and cross-functional stakeholders on risk and compliance initiatives.

EXPERIENCE/EDUCATION PREFERRED:
• Master's degree in Cybersecurity, Risk Management, Information Assurance, Business Administration, or related discipline.
• Professional certifications such as CISSP, CISM, CRISC, or CISA.
• Experience in SaaS, cloud-native, or highly regulated industries.• Experience aligning security and compliance programs to FedRAMP, SOC 2, ISO 27001, or similar frameworks.
• Experience supporting customer trust programs and external assurance reporting.
• Experience implementing or optimizing GRC tooling and automation.

Additional Information

IN OFFICE REQUIREMENT:

Relias values collaboration and wants to ensure that our team members have opportuniites to work with their managers regularly for professional development opportunities. This role requires that you live in the state of North Carolina, within a commutable distance to our office. You would be expected to work in our Morrisville, NC Headquarters approximately 30 days/quarter.

Similar Jobs

More Jobs at Bertelsmann

More Information Technology Jobs

Find similar Director, Governance, Risk, & Compliance jobs: