Senior Director, Governance and Risk

$120K — $175K *
US-AnywhereRemote in United States
Education, Government & Non-Profit
8 - 10 years of experience
Job Overview by Ladders

Qualifications

  • 8-10+ years in Governance and Risk leadership roles
  • CRISC certification required; other security certifications preferred
  • Bachelor's degree required; advanced degree preferred
  • Deep knowledge of Security Policy, Awareness, and Vendor Risk Management
  • Ability to communicate technical risks clearly to diverse audiences

Responsibilities

  • Lead the operationalization of governance policies and standards
  • Manage the delivery of the security awareness program
  • Coordinate business continuity and disaster recovery governance
  • Maintain an accurate Information Security Risk Register
  • Oversee execution of third-party risk assessment programs
  • Implement process optimizations and scale governance functions
  • Lead a team focused on Governance and Risk functions

Benefits

  • Remote work flexibility with optional hybrid schedule
  • Cultural commitment to education and career opportunities
  • Opportunities for professional development and continuous improvement
  • Culture fostering collaboration and diverse perspectives
  • Support for innovative technology adoption and automation
Full Job Description

Senior Director Governance and Risk

College Board –Risk Management

Location:This is a remote role. Candidates who live near CB offices have theoptionof being fully remote or hybrid (Tuesday and Wednesday in office). All CB employeesare required tooccasionally travel to meet in person for business purposes.

Role Type:This is a full-time position

About the Opportunity

As the Senior Director, Information Security Governance & Risk, you will operationalize the vision set in collaboration with other Senior Team members and approved by Executive Leadership.The Senior Director will oversee delivery across Security Policy, Security Awareness, Business Continuity, Vendor Risk Management, and the Information Security Risk Register.Your role is to ensure execution of Governance and Risk functions through a team of practitioners.You will work closely with stakeholders from Legal, Procurement, Information Security Office, Privacy, and Business Stakeholders.

In this role, you will:

Manage Governance and Risk (50%)

Security Policy & Governance Operations

  • Ensure policies and standards aremaintained, updated, and operationalized by the organization.

  • Oversee policy communication, awareness, andexceptionprocesses.

  • Drive consistency in governance practices across the organization.

Security Awareness Execution

  • Ensure effective delivery of the organizations security awareness program.

  • Oversee targeted training and campaigns aligned to key risk areas.

  • Monitor engagement andeffectivenessmetrics.

Business Continuity Coordination

  • Ensure coordination of Business Continuity and Disaster Recovery governance activities.

  • Oversee execution of BIAs, plan updates, and testing exercises.

  • Track and drive remediation of identified gaps.

Technology Risk Register

  • Ensure the teammaintainsan accurateand actionable Information Security Risk Register.

  • Oversee consistent risk identification, assessment, and documentation practices.

  • Drive accountability fortimelyriskremediation and escalation.

  • Support development of risk reporting for senior leadership consumption.

Vendor Risk Management (VRM)

  • Ensure consistent, high-quality execution of the third-party risk assessment program.

  • Drive increased assessment throughput and reduced cycle times through team performance and process optimization.

  • Oversee standardized approaches for SOC 2 reviews, control analysis, and risk evaluation.

  • Ensure effective coordination with Procurement and business stakeholders.

  • Experience with or exposure to continuous monitoring capabilities (e.g., external risk signals, ongoing vendor posture tracking) to enhance third-party risk visibility is a plus.

Process Optimization & Automation (20%)

  • Identifyand prioritize opportunities to scale Governance and Risk processes using automation and AI Agents.

  • Ensure successful implementation of tooling and workflow improvements (e.g.,OneTrust, KnowBe4).

  • Drive reduction of manual effort across assessments, evidence review, and reporting.

  • Promote a culture of continuous improvement within the team.

  • Establish and monitor KPIs/KRIs to track team performance and program effectiveness.

  • Identifygaps and ensure implementation of scalable, sustainable improvements.

Team Leadership (20%)

  • Manage and lead a team of four thatisresponsible for Security Policy, Security Awareness, Business Continuity, Vendor Risk Management, and the Information Security Risk Register.

  • Ensure you:

  • Set vision and priorities for the team, track and manage progress to goals, and provide coaching and support to ensure team members meet and exceed goals, remain engaged, and contribute meaningfully to our mission and impact.

Negotiate Security Reviews(10%)

  • Review Data Security language in critical procurement contracts.

  • Review security requirementsinRFPs.

  • Develop risk language for state contracts.

About You

  • 8-10+ years of progressive experience leading Governance and Risk functions.

  • CRISC certificationrequired. All other security certifications (e.g., CISM, CISSP)optionaland preferred.Bachelorsdegreerequired. Preference will be given to advanced degrees.

  • Proven ability tosupportand deep practical knowledge of Security Policy, Security Awareness, Business Continuity, Vendor Risk Management, and Information Security Issue Management.

  • Comfortable with change, a strong people leader and operator who can build structure, drive accountability, and increase program capacity through disciplined execution, process improvement, and the use of automation and AI.

  • Ability to work effectively across technical and non-technical teams, including Legal, Procurement, Information Security, Privacy, engineering, operations, and business stakeholders, building trust and alignment while driving agreement on risk decisions, ownership, and remediation.

  • Exceptional written and verbal communication skills, with the ability to explain complex security risks, audit findings, and control gaps to both technical audiences and senior leadership in a clear, concise manner.

  • Strong planning, prioritization, and execution skills, capable of managing multiple concurrent audit timelines, remediation efforts, and control dependencies in fast-paced, evolving environments.

  • Ability to communicate the value of governance and risk work in clear business terms, helping stakeholders understand how strong risk practices reduce organizational exposure, support resilience, protect trust, and advance College Boards mission.

  • A strategic and inclusive leadership style: you set clear priorities, build effective team structures, plan for future needs, and foster a culture of belonging.

  • A proven ability to drive performance and growth: you sethigh expectations, deliver real-time, evidence-based feedback, and coach team members to take smart risks, stretch their skills, and achieve meaningfulimpact.

All roles at College Board require:

  • A passion for expanding educational and career opportunities and mission-driven work grounded inour.

  • Curiosity and enthusiasm for emerging technologies, with a willingness to experiment with and adopt new AI-driven solutions and comfort with learning and applying new digital tools independently and proactively.

  • Clear and concise communication skills, written and verbal

  • A learners mindset and a commitment to growth: welcoming diverse perspectives, giving and receivingtimely, respectful feedback, and continuously improving through iterative learning and user input.

  • A drive for impact and excellence: solving complex problems, making data-informed decisions, prioritizing what matters most, and continuously improving through learning, user input, and external benchmarking.

  • A collaborative and empathetic approach: working across differences, fostering trust, and contributing to a culture of shared success

  • The ability to travel 3-4 times a year to College Board offices or on behalf of College Board business.

  • Authorization to work in the United States

About Our Process

  • Application review will beginimmediatelyand will continue until the position is filled.This role is expected to accept applications for a minimum of 5 business days.

  • Whilethe

Similar Jobs

More Jobs at

More Education, Government & Non-Profit Jobs

Find similar Senior Director, Governance and Risk jobs: