Full-Time Associate Director, IT Risk & Compliance

The Associate Director, IT Risk & Compliance is responsible for leading and managing the company's information security and technology risk management program. This role will play a critical part in identifying, assessing, and mitigating risks across the organization's IT infrastructure, applications, and data. The successful candidate will possess a strong understanding of industry best practices, regulatory requirements (e.g., SOX, HIPAA, GDPR), and emerging threats.

• Manage and mentor a team of risk analysts and security professionals.
• Develop and maintain a comprehensive Enterprise IS/IT Risk Management framework.
• Conduct regular risk assessments across the organization, including business impact analyses (BIA) and threat and vulnerability assessments (TVAs).
• Oversee the implementation of risk mitigation controls and monitor their effectiveness.
• Develop and maintain key risk indicators and key performance indicators (KPIs) to track and measure risk levels.
• Advise senior management on risk-related decisions and provide recommendations for improving the company's overall security posture.
• Stay abreast of emerging threats and vulnerabilities and advise on appropriate countermeasures.
• Collaborate with internal and external stakeholders, including IT, legal, compliance, and business units.
• Ensure compliance with relevant industry regulations and standards.
• Participate in incident response activities and post-mortem analysis.
• Develop and deliver presentations and reports to senior management and the Board of Directors.
• Develop and maintain IT policies, procedures, and standards.
• Conduct internal and external audits to assess compliance.
• Manage relationships with external auditors and regulatory bodies.
• Stay abreast of changes in regulatory requirements and industry best practices.

• Bachelor's degree in Computer Science, Information Systems, or a related field.
• 8+ years of experience in information security and risk management roles, with at least 5 years in a leadership position.
• Proven experience in developing and implementing enterprise-wide risk management frameworks.
• Strong understanding of industry best practices, regulatory requirements (e.g., SOX, HIPAA, GDPR), and emerging threats.
• Experience with risk assessment methodologies, including threat modeling, vulnerability scanning, and penetration testing.
• Excellent analytical and problem-solving skills.
• Strong leadership and mentoring skills.

What is the last date for applying to the job?

Which countries are accepted for this remote job?