Associate Director IT Governance Risk Compliance

Job Functions:

Skill:

The Senior / lead of GRC is a key executive leader responsible for ensuring the organization’s governance, risk management, and compliance frameworks are well-defined, implemented, and aligned with business objectives. This role ensures that DIGITAL governance, regulatory compliance, risk management, and cybersecurity frameworks effectively support business operations.

This role involves overseeing DIGITAL risk management, regulatory compliance, internal controls, and policy development, ensuring alignment between DIGITAL, security, legal, and business leaders. The Senior / lead of GRC also plays a key role in defining audit strategies, improving governance models, and ensuring continuous risk monitoring.

Key Responsibilities

1. Governance & DIGITAL Compliance Leadership
• Partners with executive leadership to define and execute the GRC vision and strategy.
• Establishes strategic governance principles, ensuring DIGITAL and business practices align with compliance requirements.
• Oversees the development of DIGITAL risk management frameworks, methodologies, and policies to enhance compliance.
• Ensures regulatory and legal compliance across DIGITAL systems, policies, and practices.
• Implements and enforces GRC frameworks to standardize risk and compliance measures across the organization.

2. Risk Management & Cybersecurity Oversight
• Develops risk assessment methodologies to identify and mitigate DIGITAL security, data privacy, and operational risks.
• Oversees cybersecurity compliance programs, ensuring policies align with industry standards (ISO 27001, NIST, GDPR, etc.).
• Establishes a risk mitigation strategy to prevent financial, operational, and reputational damage.
• Regularly reviews DIGITAL risk exposure, ensuring alignment with business risk tolerance levels.
• Works with cyber security teams to monitor security threats, incidents, and response frameworks.

3. Compliance & Audit Management
• Leads compliance audits and assessments, ensuring adherence to local and international regulations.
• Engages with external auditors, regulators, and compliance authorities, ensuring transparency in reporting.
• Establishes performance metrics to measure compliance effectiveness and drive continuous improvements.
• Develops and enforces business continuity and disaster recovery frameworks to reduce operational risks.
• Provides guidance on ethical business conduct, data protection laws, and financial reporting regulations.

4. Enterprise-Wide Influence & Collaboration
• Acts as a trusted advisor to the board, CIO, CISO, and business unit leaders on risk management strategies.
• Leads cross-functional collaboration between DIGITAL, legal, security, and operations teams.
• Ensures vendor compliance and third-party risk management programs are in place.
• Works closely with regulatory bodies and industry groups to stay updated on new compliance requirements.

5. Policy Development & Training
• Establishes GRC policies, controls, and best practices to guide corporate governance.
• Conducts GRC training programs for DIGITAL and business units, ensuring awareness of security policies.
• Ensures a culture of compliance and ethical business practices across all departments.
• Develops incident response protocols and crisis management procedures to handle security breaches.

Primary Contacts
• CIO, CISO, and DIGITAL leadership teams
• Executive leadership team (Legal, Finance, HR, Risk, and Compliance officers)
• Regulatory bodies, auditors, and industry compliance authorities
• Security teams, DIGITAL governance managers, and third-party vendors

Qualifications & Experience
• Education: Bachelor’s or Master’s degree in Business Administration, cyber Security, Law, or a related field.
• Experience:
• 15+ years of experience in GRC, risk management, DIGITAL compliance, or cybersecurity governance.
• 5-7 years of leadership experience, managing risk, compliance, or DIGITAL governance teams.
• Experience working with financial, legal, and security risk frameworks.
• Skills:
• Strong knowledge of regulatory frameworks (GDPR, ISO 27001, NIST, SOX, etc.).
• Expertise in risk management, compliance audits, financial risk assessments, and digital governance.
• Ability to influence and communicate compliance strategies to executive stakeholders.
• Strong analytical, investigative, and reporting skills for compliance monitoring.