Head of Governance, Risk & Compliance (Director).

Head of Governance, Risk & Compliance (Director).
United States
$260K

The Head of GRC is responsible for leading and maturing the organization’s Governance, Risk, and Compliance functions, ensuring a unified, lifecycle-driven approach across risk management, compliance, audits, policy/standards development, and security training & awareness. This role partners closely with the Board and senior stakeholders to identify, assess, prioritize, and manage risks across the enterprise while fostering strong communication, collaboration, and accountability.

Key Responsibilities:
GRC Strategy & Leadership
· Define and execute a comprehensive GRC strategy aligned with business objectives and cybersecurity priorities.
· Lead and develop a high-performing GRC team, fostering a culture of ownership, transparency, and continuous improvement.
· Establish and maintain a unified GRC operating model that integrates governance, risk management, compliance, audit, and security awareness activities into a cohesive lifecycle.

Risk Management:
· Design and oversee the enterprise risk management framework, including risk identification, assessment, triage, mitigation, and tracking throughout the risk lifecycle.
· Partner with business and technology stakeholders to identify emerging risks and ensure appropriate risk treatment plans are defined and executed.
· Maintain a centralized risk register and provide clear reporting and insights to leadership.

Compliance & Audits:
· Oversee compliance programs to ensure adherence to applicable regulations, standards, and internal policies.
· Lead internal and external audit engagements, ensuring readiness, coordination, and timely remediation of findings.
· Drive continuous improvement of compliance processes and controls.

Policy & Standards Development:
· Establish and maintain a robust framework for policy, standards, and procedures development and governance.
· Ensure policies and standards are aligned with regulatory requirements, industry best practices, and organizational risk appetite.
· Promote adoption and awareness across the organization.

Security Training & Awareness:
· Develop and lead a comprehensive security awareness and training program for all employees and relevant stakeholders.
· Ensure training content aligns with current threat landscape, regulatory expectations, and organizational policies.
· Measure effectiveness through metrics such as participation rates, phishing simulations, and behavioral improvements.
· Foster a security-first culture by embedding awareness into daily operations and decision-making.
· Partner with HR, IT, and business units to ensure onboarding and ongoing training requirements are met.

Lifecycle Integration & Program Management:
· Ensure all GRC components (risk, compliance, audit, policy, and awareness) are integrated and operate within a consistent lifecycle model.
· Lead major cross-functional programs to enhance GRC capabilities, tools, and processes.
· Implement and optimize GRC tooling to enable efficient tracking, reporting, and collaboration.

Stakeholder Engagement & Communication:
· Act as a key liaison between security, IT, business units, and executive leadership.
· Translate complex risk and compliance topics into clear, actionable insights for diverse audiences.
· Drive strong collaboration across teams to ensure alignment and shared ownership of risk and security responsibilities.

Reporting & Metrics:
· Develop and deliver meaningful metrics, dashboards, and reports on risk posture, compliance status, audit outcomes, and awareness program effectiveness.
· Provide regular updates to the CISO and executive leadership, enabling informed decision-making.

Qualifications & Experience:
· Proven experience leading GRC, risk management, compliance, or security awareness functions in a complex organization.
· Strong understanding of cybersecurity frameworks, regulatory requirements, and audit practices.
· Demonstrated ability to build and scale GRC and security awareness programs and integrate them into business operations.
· Experience leading large, cross-functional initiatives and influencing senior stakeholders.
· Excellent communication, organizational, and leadership skills.

Key Competencies:
· Strategic thinking with strong execution focus
· Collaborative and stakeholder-oriented mindset
· Highly organized with the ability to manage multiple priorities
· Strong analytical and problem-solving capabilities
· Effective communicator with the ability to simplify complexity.

Success in This Role Looks Like:
· A fully integrated GRC lifecycle with clear ownership and accountability
· Improved visibility into enterprise risk and proactive risk management
· Strong alignment between security, compliance, and business objectives
· A measurable, effective security awareness culture across the organization
· Successful delivery of major GRC initiatives with measurable impact.

Interested? Please send your Microsoft Word CV to Jonny Scott-Slater, Vish Atari, Joey Polpero or Ashley Armstrong LLM.

E - uswwrecruitment@aol.com

We will contact you by email and arrange a preliminary discussion.

Discretion protection and secrecy are assured at all times.

We are currently invloved in seeking the above mentioned category of professional. We are speaking to candidates in the market using direct approach methodologies.