Director IT Compliance

The Director of IT Compliance is responsible for both the strategic development and operational execution of the organization's IT/Cyber Compliance Management Program. The Director of IT/Cyber Compliance Management is responsible for overseeing the IT compliance strategy and ensuring that the organization's IT infrastructure, policies, and practices comply with regulatory requirements, industry standards, and internal policies. This role involves managing compliance programs, ensuring audit readiness, and implementing best practices across the IT function. The Director of IT/Cyber Compliance works closely with internal audit, legal, and internal security teams and IT to align IT activities with the organization's compliance goals.

RESPONSIBILITIES:

Compliance Program Leadership:

• Develop, implement, and manage the organization's IT/Cyber compliance program to ensure alignment with applicable laws, regulations, and industry standards (e.g., GDPR, ISO, PCI-DSS, SWIFT, SOX, ISO 27001, TISAX, NIST CSF, CMMC, NIS2, COBIT).

• Establish a governance structure to manage IT compliance across IT departments and ensure that policies and procedures are effectively communicated and enforced.

• Ensure IT compliance requirements are embedded into business and IT processes

Regulatory and Legal Compliance:

• Stay current with changes in regulations and industry standards related to IT, cybersecurity, and data privacy (e.g., TISAX, GDPR, SOX, PCI-DSS, etc.).

o Ensure the organization's IT systems and processes meet regulatory requirements, including implementing new regulations as they arise.

o Lead the preparation for and management of external and internal IT audits to ensure compliance with relevant standards and certifications.

Policy Development and Enforcement:

• Work with IT/Cyber policy management teams to develop, review, and update IT policies and procedures to ensure compliance with regulatory and legal requirements.

• Enforce IT compliance policies and standards across the organization, ensuring that all employees adhere to established requirements.

Audit and Monitoring:

• Partner with internal IT audits, working closely with internal and external auditors to ensure readiness for audits related to regulatory compliance (e.g., SOX, TISAX, PCI, ISO, NIST CSF, CMMC, etc.).

• Ensure ongoing monitoring and auditing of IT controls, systems, and processes to verify compliance with policies and regulations.

• Respond to Client Cybersecurity Inquiries

• Develop and track compliance metrics, prepare reports and dashboards for senior leadership.

• Drive continuous improvement by identifying compliance gaps and implementing corrective actions.

Continuous Improvement:

• Stay current with industry trends and regulatory changes, emerging technologies, and best practices in IT/Cyber compliance.

• Identify opportunities for process improvements and implement changes to enhance the effectiveness of IT/Cyber compliance program.

SKILLS:

• Bachelor's degree or higher (completed and verified prior to start)

• Ten (10) years of experience in Cybersecurity in a private, public, government or military environment

• Five (5) years of management and/or supervisor experience

• CISSP certification or one of the following certifications such as CISA, CISM, CGEIT, ISO 27001 Lead Auditor/Lead Implementer, PCI DSS QSA

• Multiple certifications from the list above are preferred

Additional qualifications that could help you succeed even further in this role include:

• Master's degree in computer engineering, computer systems or information technology field from an accredited institution

• Minimum of 8-10 years of experience in cybersecurity/risk management, with at least 5 years in a leadership role focused on IT/Cyber Compliance Management.

• Strong knowledge of cybersecurity frameworks and standards (e.g., NIST CSF, ISO 27001, COBIT, TISAX, PCI, NIS2, SOX).

• Other technology certifications e.g., ITIL, COBIT.

• Excellent communication, negotiation, and relationship-building skills.

• Strong analytical and problem-solving skills

• Ability to work collaboratively with internal teams and external vendors.