Director, Cybersecurity Governance, Risk and Compliance

OverviewDirector, Cybersecurity Governance, Risk and Compliance. The Cybersecurity Governance, Risk, and Compliance (GRC) Director is a leadership position responsible for overseeing the university's cybersecurity governance, risk management, and compliance programs and staff. Reporting to the Chief Information Security Officer (CISO), the GRC Director ensures information security practices align with regulatory requirements, industry standards, and best practices. This role involves developing and implementing policies, conducting risk assessments, managing compliance initiatives, and fostering a culture of security awareness across the university.ResponsibilitiesDevelop and maintain the university/'s cybersecurity governance framework, including policies, procedures, and standards.Conduct regular risk assessments and audits to identify and mitigate security risks.Ensure compliance with federal, state, and local regulations, as well as industry standards (e.g., NIST, PCI, GDPR, HIPAA, FERPA).Oversee the implementation of IT operations, applications, infrastructure, and data risk management strategies and controls.Collaborate with internal and external stakeholders, including the University Enterprise Risk Manager, to address compliance and risk management issues.Develop and deliver training programs to promote security awareness and compliance.Monitor and report on the university/'s cybersecurity risk posture and compliance status to senior leadership.Lead the response to regulatory inquiries and audits.Stay current with emerging cybersecurity threats, regulations, and best practices.Maintain regular, reliable, and non-disruptive attendance and foster collegial working relationships.QualificationsMinimum QualificationsBachelor/'s degree in Computer Science, Information Technology, Cybersecurity, or a related fieldAt least five (5) years of experience in cybersecurity governance, risk management, and compliance, with a minimum of three (3) years in a leadership and management roleProfessional certifications such as CISSP, CISM, CRISC, CGRC, or CISAStrong knowledge of information security frameworks, standards, and best practices as evidenced by application materialsExperience with risk assessment methodologies and compliance managementPreferred QualificationsMaster/'s degree in a related fieldExperience working in a higher education environmentAdditional certifications such as CGEIT, CIPT, or CIPMExperience with cloud security and privacyKnowledge of data protection regulations such as GDPR, HIPAA, and FERPAProven track record of successfully managing compliance initiatives and risk management programsKnowledge, Skills, and AbilitiesIn-depth understanding of cybersecurity governance, risk management, and compliance principlesExcellent communication and interpersonal skillsStrong analytical and problem-solving skillsAbility to lead and motivate a team of security professionalsExcellent project management skills, with the ability to manage multiple projects simultaneouslyStrong understanding of privacy laws and regulationsAbility to communicate complex security concepts to non-technical stakeholdersHigh level of integrity and ethical conductSalary and BenefitsSalary Information: $114,205 - $148,466; Commensurate with education and experience Benefits: University contributions to health, dental, life and disability insurance, tuition waivers for employees and families, 12 official holidays, immediate leave accrual, and retirement programs with university contributions 5–10% of salaryApplication InformationRequired Documents To Apply: Cover Letter/Letter of Application, List of three Professional References (name, email, business title), ResumeOptional Documents: Proof of Veteran StatusRecruitment Contact: Crystal Ellis, Strategic Talent Acquisition Specialist, application materials must be uploaded to the University of Arkansas System Career SiteDisability accommodations information and general application assistance are available. Applicants should submit a request per position. The University of Arkansas is an equal opportunity employer. Background checks may be required as part of pre-employment screening. For more information, review the Special Instructions to Applicants and the University/'s Title IX and equal opportunity statements.DetailsSeniority level: DirectorEmployment type: Full-timeJob function: Information TechnologyIndustries: Higher Education #J-18808-Ljbffr

Created: 2025-10-08