Director, Risk Management & Compliance

Director, Risk Management & Compliance 

College Board – Risk Management Division 

Location: This is a fully remote , full time position.  

About the Team  

The Information Security Governance Risk and Compliance (ISGRC) team at the College Board collaborates closely with other teams across the organization to assess and certify the security of College Board’s information systems and processes. This dedicated team facilitates information security governance and compliance by supporting customer-facing initiatives such as third-party issued audits & certifications (ISO 27001, PCI-DSS and SOC2), providing security questionnaires to existing and potential customers, assessing College Board’s vendors, reviewing and negotiating contractual commitments to information security, providing disaster response and recovery oversight, testing system strength using industry-recognized frameworks, implementing information security policies, promoting security awareness and training, and testing the acumen of College Board employees through robust and innovative phishing campaigns.   

About the Opportunity   

• Lead Security Questionnaires response which helps address inquiries from external parties such as existing and potential customers, and cyber insurers. 

• Lead and enhance ISGRC’s risk assessment, controls metrics and continuous controls monitoring capabilities. 

• Lead GRC system implementation UAT schedules, conduct regular quality assurance check-ins, ensure UAT issues are resolved promptly, facilitate UAT and document results and resolutions.  

• Act as single point of contact with the GRC vendor team and lead managing vendor deliverables, timeline, contract renewal activities. 

• Lead GRC system post-implementation support and training with the team and all internal stakeholders to ensure there is a clear process and understanding of the process for post go-live issues and support. 

• Support College Board sales initiatives by acting as single point of contact for responding to existing and potential customer inquiries related to security and compliance aspects of our products and services. 

• Uplift and enhance current customer experience by collaborating with internal cross-functional stakeholders in Program, Legal, Privacy, Technology & Security teams to expedite customer inquiries SLAs. 

• Partner with Legal and Security to lead a program to build an inventory of all security commitments made in customer contracts and perform a gap analysis with the existing control inventory. Lead and facilitate gap remediations across cross-functional teams. 

• Participate in the new Data Security Working Group & perform all tasks assigned to ISGRC. 

• Assist in assessing, designing, and implementing centralized common control inventory and new risk taxonomy, as necessary. 

• Perform Technical Project Manager responsibilities for a new GRC system implementation by managing internal stakeholder engagement and collaboration. Develop a detailed project …