CFA Institute · 4 months ago
Senior Director, Cybersecurity Governance, Risk, and Compliance
United States
Full-time
Remote
Senior Level, Lead/Staff
$190K/yr - $230K/yr
10+ years expCFA Institute is seeking a strategic, hands-on cybersecurity leader to build and mature our global GRC program. The role involves establishing a cybersecurity governance framework, advising leadership on risk posture, and ensuring compliance with global regulations while managing a high-performing team.
Financial Services
No H1B
Responsibilities
Own the cyber GRC framework: Establish and continuously improve the organization’s IT and cybersecurity governance model to drive measurable risk reduction aligned with business objectives
Set policy & standards: Develop, implement, and enforce global IT and cybersecurity policies, standards, and procedures that meet international and regional regulations
Advise leadership: Lead the cybersecurity committee/working group; provide regular, executive-ready updates to senior leadership and the board on risk posture and program performance
Run enterprise risk management for cyber/IT: Build and execute comprehensive risk assessment processes, identify vulnerabilities, prioritize mitigations, and track remediation to closure
Manage third-party risk: Partner with IT, operations, and business units to assess and monitor vendor and partner risks across the lifecycle
Measure what matters: Define KRIs and metrics to monitor risk levels and drive decisions, reporting trends and insights to stakeholders
Lead compliance programs: Ensure and maintain compliance with global regulations (e.g., GDPR, CCPA) and frameworks (e.g., NIST, ISO 27001); lead internal/external audits and close findings
Sustain certifications: Maintain and improve certifications and attestations (e.g., SOC 2, HIPAA, PCI DSS), coordinating with legal and privacy teams
Build capability & culture: Lead and mentor a high-performing team; develop training and awareness to strengthen a security-first mindset across the organization
Qualification
Required
Bachelor's degree in cybersecurity, computer science, information systems, or related field
10+ years in cybersecurity with significant GRC leadership experience
Deep knowledge of global frameworks and regulations (e.g., ISO 27001, NIST CSF, GDPR, CCPA)
Proven track record conducting risk assessments, leading audits, and sustaining compliance certifications (e.g., SOC 2, HIPAA, PCI DSS)
Strong leadership and program/project management skills with the ability to manage multiple priorities in a dynamic, global environment
Excellent communication and stakeholder management skills, including presenting to senior leadership and boards
Preferred
Advanced degree in a relevant field
Security certifications such as CISSP, CISM, and/or CRISC
Experience establishing KRIs/metrics and executive dashboards for ongoing risk monitoring
Demonstrated success leading third-party risk programs and cross-functional, global initiatives
Experience designing and delivering enterprise security awareness and training
Benefits
Eligibility for annual incentives
12% retirement employer contribution
Competitive medical benefits
Comprehensive health coverage for you and your family
Generous leave and time off
Competitive retirement plans
Flexible work options
Wellness, education, and support programs
Company
CFA Institute
Our members and charterholders advance market integrity, trust, and transparency in their professions to build more sustainable, inclusive, and prosperous societies.
501-1000 employees
Funding
Current Stage
Late StageLeadership Team
Margaret Franklin, CFA
President and CEO
Andrew Rome, JD, SHRM-SCP
Chief People Officer
Company data provided by crunchbase