Executive Director, Information Security Governance, Risk & Compliance
TheCollegeBoard

*This role is posted as a continuous recruitment effort, previous applicants to the role should not re-apply. *

About the College Board

College Board is a mission-driven not-for-profit organization that connects students to college success and opportunity. Founded in 1899, the College Board was created to expand access to higher education. Each year, the College Board helps more than seven million students prepare for a successful transition to college through programs and services in college readiness and college success - including the SAT and the Advanced Placement Program. The organization also serves the education community through research and advocacy on behalf of students, educators, and schools.

About the Team

The Information Security Governance Risk and Compliance (ISGRC) team at the College Board works closely with other teams across the organization to assess and certify the security of College Board's information systems and processes. This dedicated team of ten individuals facilitates information security governance and compliance by assessing College Board's vendors, reviewing and negotiating contractual commitments to information security, planning for disaster response and recovery, testing system strength using industry-recognized frameworks (ISO 27001, PCI-DSS and SOC2), implementing information security policies, promoting security awareness and training, and testing the acumen of College Board employees through robust and innovative phishing campaigns.

About the Opportunity

As the Executive Director, Information Security, Governance, Risk and Compliance (ISGRC), you directly reduce risk and ensure compliance with secure practices. You are a strong and proven leader with a comprehensive understanding of security-focused governance, risk, and compliance functions, who will set the vision, mission, and strategy for the ISGRC team ensuring that College Board meets or exceeds the relevant information security compliance standards. You are an effective manager who will drive the team's development, engagement, and success through the design, communication, and achievement of strategic goals.

In this role, you will engage in:

Team Management (35%)

• Effectively manage, guide, and support ten team members, including two direct reports, to ensure they are engaged and working effectively with their respective teams towards accomplishing ISGRC and organizational goals
  

Strategy & Communication (35%)

• Develop a deep understanding of College Board business priorities
  
• Develop and maintain strong partnerships with leaders in IT and the various business units including by providing strong contributions that deliver business value
  
• Craft a compelling vision and strategic plan grounded in security-focused governance risk and compliance functions to directly reduce risk to the organization and ensure compliance of industry-recognized certifications (ISO 27001, PCI-DSS and SOC2) at all levels of the organization
  

• Drive internal efficiency and productivity and enhance ISGRC services through standardization, simplification, process re-engineering, and cross-team alignment
  

Design & Implementation (30%)

• Assess and enhance ISGRC's risk assessment and reporting, audit, compliance, policy, and security awareness activities to ensure compliance
  
• Assess and enhance the assessment experience both organization-wide and for external vendors to reduce risk, add actual and perceived value, and increase efficiency
  

• Manage technology-based systems that enhance information security assessments, facilitate efficient and meaningful analyses of data to evaluate compliance, and engage in requisite mitigation or remediation of risks to the organization
  
• Identify metrics and design reports to be used across the organization to better understand information security risk and compliance
  

About You

You have:

• Expertise in risk management techniques, information security, and privacy frameworks
  
• 10+ years of experience in security and/or general IT operational settings
  
• 7-10 years of experience in security audit, compliance, and third-party risk management
  
• Exceptional knowledge of InfoSec governance practices including risk, audit, policy and standard development, metrics development, and education and training
  

• Experience with audits such as SOX, SOC2 or similar types of audits and third-party risk
  
• Understanding of risk and risk management
  
• Proven ability to set vision and direction, then manage others to meet aligned goals and metrics
  
• Adept problem-solving skills, including use and analysis of data to inform decisions and actions
  
• Excellent verbal and written communication skills, including the ability to negotiate, inspire, persuade, and facilitate meetings and presentations both remotely and in-person to your team and to groups of 15 or more
  

• Proven ability to collaborate, build relationships, and influence others to action
  
• Ability to travel to our Reston or New York office 3-4 times per quarter
  
• Experience managing relationships with third-party resources and vendors
  
• Outstanding knowledge of emerging trends and best practice in the field of security-focused governance risk and compliance
  
• Bachelor's degree required, and one or more current Information Security and/or Privacy certifications preferred
  

About Our Culture

Our community matters, and we strive to practice and improve our culture daily. Here are some headlines:

• We are motivated to positively impact the educational and career trajectories of millions of students a year
  
• We prioritize building a diverse and inclusive team where every employee can thrive, and every voice is heard
  
• We welcome staff to join any or all six of our affinity groups: ARISE (Alliance for Asian Retention, Inclusion, Success, and Engagement); DIASPORA (Alliance for Pan-African Success and Achievement); Pride (alliance for LGBTQ+ staff and allies); Resilience (alliance for Native staff and advocates); SALSA (Staff Alliance for Latinx Success and Achievement); and WIN (Women's Impact Network)
  
• We value learning and growth; we offer formal and informal ways to lead through your superpowers, sharpen your strengths, and meet your development goals
  
• We know that our impact is strongest together. Our College Board Cares program offers all staff up to $1,000 annual match of charitable contributions to partner non-profit organizations
  

• We offer a transparent approach to promotions and merit raises, annual performance-based bonuses, and how to grow your career here over time
  
• Our high-performing team works with the latest technologies, so you will constantly learn and sharpen your skills
  

#LI-REMOTE

#LI-GG1

This job has expired.