Director, Risk Management & Compliance

Director, Risk Management & Compliance 

College Board – Risk Management Division 

Location: This is a fully remote , full time position.  

About the Team  

The Information Security Governance Risk and Compliance (ISGRC) team at the College Board collaborates closely with other teams across the organization to assess and certify the security of College Board’s information systems and processes. This dedicated team facilitates information security governance and compliance by supporting customer-facing initiatives such as third-party issued audits & certifications (ISO 27001, PCI-DSS and SOC2), providing security questionnaires to existing and potential customers, assessing College Board’s vendors, reviewing and negotiating contractual commitments to information security, providing disaster response and recovery oversight, testing system strength using industry-recognized frameworks, implementing information security policies, promoting security awareness and training, and testing the acumen of College Board employees through robust and innovative phishing campaigns.   

About the Opportunity   

• Lead Security Questionnaires response which helps address inquiries from external parties such as existing and potential customers, and cyber insurers. 

• Lead and enhance ISGRC’s risk assessment, controls metrics and continuous controls monitoring capabilities. 

• Lead GRC system implementation UAT schedules, conduct regular quality assurance check-ins, ensure UAT issues are resolved promptly, facilitate UAT and document results and resolutions.  

• Act as single point of contact with the GRC vendor team and lead managing vendor deliverables, timeline, contract renewal activities. 

• Lead GRC system post-implementation support and training with the team and all internal stakeholders to ensure there is a clear process and understanding of the process for post go-live issues and support. 

• Support College Board sales initiatives by acting as single point of contact for responding to existing and potential customer inquiries related to security and compliance aspects of our products and services. 

• Uplift and enhance current customer experience by collaborating with internal cross-functional stakeholders in Program, Legal, Privacy, Technology & Security teams to expedite customer inquiries SLAs. 

• Partner with Legal and Security to lead a program to build an inventory of all security commitments made in customer contracts and perform a gap analysis with the existing control inventory. Lead and facilitate gap remediations across cross-functional teams. 

• Participate in the new Data Security Working Group & perform all tasks assigned to ISGRC. 

• Assist in assessing, designing, and implementing centralized common control inventory and new risk taxonomy, as necessary. 

• Perform Technical Project Manager responsibilities for a new GRC system implementation by managing internal stakeholder engagement and collaboration. Develop a detailed project plan outlining tasks, responsibilities, owners, timelines, and milestones. 

• Prepare and provide regular project status reports to team and division leadership. 

• Design & build ISGRC data schema, data export, data import tasks for all functions in collaboration with the team 

• Document ISGRC functional requirements for strategic initiatives and ensure they are reviewed and approved by the respective ISGRC function leaders. 

• Other duties as assigned. 

In this role, you will:  

Lead Technical Project Management (50%) 

• Develop detailed project plans, including timelines, milestones, and resource allocation. 

• Lead stakeholder management by collaborating with cross-functional teams throughout the organization. 

• Identify potential project risks and develop mitigation strategies. 

• Maintain project documentation including progress reports and status updates to management. 

• Apply project and change management principles to drive continuous improvement. 

• Participate in the new Data Security Working Group & perform all tasks assigned to ISGRC. 

Lead customer-facing team in responding to customer information security compliance requests (40%)  

• Oversee the intake, prioritization, and timely resolution of customer requests and inquiries which come to the team from internal business teams. 

• Facilitate communications between cross-functional teams to ensure business needs are met effectively. 

• Continuously evaluate and improve support workflows to enhance efficiency and effectiveness. 

• Lead recurring customer support requests related to information security compliance. 

Complete Special Projects (10%)  

• Lead technical requirements and testing with stakeholder teams for continuous controls monitoring development 

• Manage ad-hoc projects and initiatives. 

​About You  

You have: 

• Bachelor’s degree in information technology, Management Information Systems, or equivalent program required with one or more current Information Security and/or Privacy certifications preferred (e.g., CISA, CISSP, CCSP or CCAK). 

• 7-10 years of experience in information security and/or information technology projects. 

• Prior experience implementing one or more vendor GRC products. 

• A commitment to excellence, an insatiable appetite for continuous improvement, and a constant need to learn and practice. 

• Demonstrate high Emotional Intelligence (EQ) to effectively collaborate with diverse teams in a fully remote setting. 

• Strong technical project and time management skills are a must for this role. 

• Experience managing relationships with third-party vendors, auditors and internal cross-functional teams. 

• Strong organization and prioritization skills and ability to manage multiple tasks simultaneously, both independently and as a member of the team, including understanding of agile methodologies. 

• Exceptional knowledge of InfoSec governance practices including risk, audit, policy and standard development, metrics development, and education and training. 

• Excellent analytical, verbal, and written communication skills, including the ability to facilitate meetings and presentations both remotely and in-person. 

• Adept critical thinking skills, including use and analysis of data to inform decisions and actions. 

• Experience in performing control design and operating effectiveness testing for controls applicable to SOC2, ISO27001, PCI DSS frameworks and industry standards. 

• Experience leading and managing audits such as SOX, SOC1, SOC2, PCI, ISO27001, CSA CCM or similar types of audits and third-party risk management. 

• Knowledge about risks and controls in Cloud environments such as AWS and Azure is strongly preferred. 

• Excellent PowerPoint, Word, Excel, and MS Project skills. 

• Proven ability to build relationships and influence others to action. 

• Ability to travel to our Reston or New York office 3-4 times per year.
   

• Authorization to work for any employer in the United States. 
   

About Our Process   

• Application review will begin immediately and will continue until the position is filled. 

• While the hiring process may vary, it generally includes resume and application submission, recruiter phone/video screen, hiring manager interview, performance exercise such as live coding, a panel interview, a conversation with leadership and reference checks.    

About Our Benefits and Compensation 

College Board offers a competitive benefits and compensation program that attracts top talent looking to make a difference in education. As a self-sustaining non-profit, we believe in compensating employees equitably in relation to each other, their qualifications, their impact, and the relevant market.  

The hiring range for a new employee in this position is $84,000 to $140,000 . College Board differentiates salaries by location so where you live will narrow the portion of this range in which you can expect a salary.  

Your salary will be carefully determined based on your location, relevant experience, the external labor market, and the pay of College Board employees in similar roles. College Board strives to provide our best offer up front based on this criterion.  

Your salary is only one part of all that College Board offers, including but not limited to:    

• A comprehensive package is designed to support the well-being of employees and their families and promote education. Our robust benefits package includes health, dental, and vision insurance, generous paid time off, paid parental leave, fertility benefits, pet insurance, tuition assistance, retirement benefits, and more. 

• Recognition of exceptional performance through annual bonuses, salary growth over time through market increases, and opportunities for merit raises and promotions based on increased scope of responsibility. 

• A job that matters, a team that cares, and a place to learn, innovate and thrive. 

You can expect to have transparent conversations about benefits and compensation with our recruiters throughout your application process. 

#LI-Remote 

 #LI-MD1