Q4

Director, IT and Governance, Risk & Compliance

Q4$130K — $180K *
US-AnywhereRemote in United States
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • 7+ years in IT operations, information security, technology risk, or GRC management experience.
  • Strong understanding of security frameworks (SOC 2, ISO 27001, NIST CSF, CIS) and privacy regulations (GDPR, CCPA, PIPEDA).
  • Hands-on experience with IT and security tools (IdP/IAM, MDM/EDR, logging/monitoring, GRC platforms).
  • Ability to manage multiple IT and security projects with clear ownership of timelines and budgets.
  • Proven communication skills for complex risk topics tailored for business audiences.

Responsibilities

  • Translate technology and GRC strategies into actionable roadmaps with clear priorities and milestones.
  • Act as a security and risk subject matter expert to advise teams and customers on best practices and emerging threats.
  • Manage the IT, security, and GRC initiative portfolio, ensuring cross-functional coordination.
  • Lead IT operations to guarantee reliable and secure infrastructure and user capabilities.
  • Oversee incident management and improve service level agreements and employee experience.
  • Coordinate day-to-day security operations, including incident response and threat monitoring.
  • Develop and maintain governance processes, ensuring compliance with relevant regulations and security assessments.

Benefits

  • Develop a high-performing team with clear goals and feedback mechanisms.
  • Foster a culture of continuous improvement and strong collaboration across functions.
  • Engage in training and communications to promote security and privacy best practices.
Full Job Description
About the role

The Director, IT and Governance, Risk & Compliance (GRC) leads Q4's IT operations, security operations, and technology governance programs to ensure a reliable, secure, and compliant internal environment for a high-growth SaaS business. The role translates strategy into execution by running the programs, teams, and processes that keep Q4's corporate environment available, secure, and audit-ready, and acts as a senior security and risk subject-matter expert for internal and customer-facing stakeholders.

What you'll do

Strategy & Stakeholder Partnership

  • Translate enterprise technology, security, and GRC strategy into a clear roadmap with priorities, milestones, and success metrics.
  • Act as a senior security and risk SME, advising internal teams and customers on best practices, emerging threats, and pragmatic risk-based decisions.
  • Run the portfolio of IT, security, and GRC initiatives as a formal program, coordinating cross-functional delivery, timelines, and status reporting.

IT Operations & Service Delivery

  • Lead IT operations to ensure infrastructure, end-user computing, and collaboration platforms are reliable, secure, and cost-effective.
  • Oversee incident, request, and change management; drive improvements in SLAs, MTTR, and employee experience.
  • Own standards for asset management and access lifecycle for employees and independent contractors.

Security Operations & Risk Management

  • Manage day-to-day security operations: threat monitoring, alert triage, and coordination of incident response with Security and Engineering.
  • Maintain and test security incident response playbooks; coordinate periodic security testing and ensure remediation of findings.
  • Operate and improve vulnerability management; support DR/BCP planning; help manage security budgets and key security vendors.

Governance, Risk & Compliance (GRC)

  • Lead technology GRC processes (policies, controls, risk registers, exceptions) and coordinate SOC 2 and customer security assessments.
  • Operationalize GDPR, CCPA, PIPEDA and other requirements into controls in partnership with Legal/Privacy, maintaining RoPA, DPIAs, and vendor/sub-processor assessments.
  • Define and track KPIs/KRIs (e.g., incident SLAs, vuln closure rates, audit findings) and provide clear dashboards and reports to leadership.

Business Systems & Enterprise Enablement

  • Partner with Business Systems, Product, and Data teams to ensure enterprise platforms and integrations meet security and governance expectations.
  • Contribute to architecture standards, access models, and data protection patterns across core systems.
  • Identify automation and tooling opportunities to reduce manual work and improve control coverage and data quality.

People Leadership & Collaboration

  • Lead and develop a high-performing IT and GRC team with clear goals and feedback.
  • Foster a culture of accountability, continuous improvement, and strong cross-functional partnership.
  • Champion security, privacy, and technology best practices through training, communication, and engagement.

Qualifications

  • 7+ years in IT operations, information security, technology risk, or GRC, including people management.
  • Strong knowledge of security and control frameworks (e.g., SOC 2, ISO 27001, NIST CSF, CIS) and privacy regulations (e.g., GDPR, CCPA, PIPEDA).
  • Hands-on experience with IT and security tooling (IdP/IAM, MDM/EDR, logging/monitoring, GRC platforms).
  • Proven ability to manage multiple security/IT/GRC projects or programs with ownership of timelines, budgets, and stakeholder communication.
  • Track record supporting external audits and customer security assessments and communicating complex risk/technical topics in clear business language.

About Q4

Q4 is a financial technology company that provides cloud-based investor relations and capital market solutions. The company's platform enables public companies to manage their investor relations activities, including earnings calls, investor targeting, and shareholder analytics. Q4's products include the Q4 Desktop, a web-based investor relations platform, and the Q4 Intelligence, a market intelligence platform. The company serves customers in various industries, including financial services, healthcare, and technology.
Learn more about Q4
Size
1,000 employees
Industry
Founded
2006

Similar Jobs

More Jobs at Q4

More Information Technology Jobs

Find similar Director, IT and Governance, Risk & Compliance jobs: