The College Board Hiring for Executive Director, Information Security Governance, Risk & Compliance at Helena / Helena, Montana Full Time

About the College Board

College Board is a mission-driven not-for-profit organization that connects students to college success and opportunity. Founded in 1899, the College Board was created to expand access to higher education. Each year, the College Board helps more than seven million students prepare for a successful transition to college through programs and services in college readiness and college success – including the SAT and the Advanced Placement Program. The organization also serves the education community through research and advocacy on behalf of students, educators, and schools.

About the Team

The Information Security Governance Risk and Compliance (ISGRC) team at the College Board works closely with other teams across the organization to assess and certify the security of College Board’s information systems and processes. This dedicated team of ten individuals facilitates information security governance and compliance by assessing College Board’s vendors, reviewing and negotiating contractual commitments to information security, planning for disaster response and recovery, testing system strength using industry-recognized frameworks (ISO 27001, PCI-DSS and SOC2), implementing information security policies, promoting security awareness and training, and testing the acumen of College Board employees through robust and innovative phishing campaigns.

About the Opportunity

As the Executive Director, Information Security, Governance, Risk and Compliance (ISGRC), you directly reduce risk and ensure compliance with secure practices. You are a strong and proven leader with a comprehensive understanding of security-focused governance, risk, and compliance functions, who will set the vision, mission, and strategy for the ISGRC team ensuring that College Board meets or exceeds the relevant information security compliance standards. You are an effective manager who will drive the team’s development, engagement, and success through the design, communication, and achievement of strategic goals.

In this role, you will engage in:

Team Management (35%)

Effectively manage, guide, and support ten team members, including two direct reports, to ensure they are engaged and working effectively with their respective teams towards accomplishing ISGRC and organizational goals

Strategy & Communication (35%)

Develop a deep understanding of College Board business priorities
Develop and maintain strong partnerships with leaders in IT and the various business units including by providing strong contributions that deliver business value
Craft a compelling vision and strategic plan grounded in security-focused governance risk and compliance functions to directly reduce risk to the organization and ensure compliance of industry-recognized certifications (ISO 27001, PCI-DSS and SOC2) at all levels of the organization

Drive internal efficiency and productivity and enhance ISGRC services through standardization, simplification, process re-engineering, and cross-team alignment

Design & Implementation (30%)

Assess and enhance ISGRC’s risk assessment and reporting, audit, compliance, policy, and security awareness activities to ensure compliance
Assess and enhance the assessment experience both organization-wide and for external vendors to reduce risk, add actual and perceived value, and increase efficiency

Manage technology-based systems that enhance information security assessments, facilitate efficient and meaningful analyses of data to evaluate compliance, and engage in requisite mitigation or remediation of risks to the organization
Identify metrics and design reports to be used across the organization to better understand information security risk and compliance

About You

You have:

Expertise in risk management techniques, information security, and privacy frameworks
10+ years of experience in security and/or general IT operational settings
7-10 years of experience in security audit, compliance, and third-party risk management
Exceptional knowledge of InfoSec governance practices including risk, audit, policy and standard development, metrics development, and education and training

Experience with audits such as SOX, SOC2 or similar types of audits and third-party risk
Understanding of risk and risk management
Proven ability to set vision and direction, then manage others to meet aligned goals and metrics
Adept problem-solving skills, including use and analysis of data to inform decisions and actions
Excellent verbal and written communication skills, including the ability to negotiate, inspire, persuade, and facilitate meetings and presentations both remotely and in-person to your team and to groups of 15 or more

Proven ability to collaborate, build relationships, and influence others to action
Ability to travel to our Reston or New York office 3-4 times per quarter
Experience managing relationships with third-party resources and vendors
Outstanding knowledge of emerging trends and best practice in the field of security-focused governance risk and compliance
Bachelor’s degree required, and one or more current Information Security and/or Privacy certifications preferred

About Our Culture

Our community matters, and we strive to practice and improve our culture daily. Here are some headlines:

We are motivated to positively impact the educational and career trajectories of millions of students a year
We prioritize building a diverse and inclusive team where every employee can thrive, and every voice is heard
We welcome staff to join any or all six of our affinity groups: ARISE (Alliance for Asian Retention, Inclusion, Success, and Engagement); DIASPORA (Alliance for Pan-African Success and Achievement); Pride (alliance for LGBTQ+ staff and allies); Resilience (alliance for Native staff and advocates); SALSA (Staff Alliance for Latinx Success and Achievement); and WIN (Women’s Impact Network)
We value learning and growth; we offer formal and informal ways to lead through your superpowers, sharpen your strengths, and meet your development goals
We know that our impact is strongest together. Our College Board Cares program offers all staff up to $1,000 annual match of charitable contributions to partner non-profit organizations

We offer a transparent approach to promotions and merit raises, annual performance-based bonuses, and how to grow your career here over time
Our high-performing team works with the latest technologies, so you will constantly learn and sharpen your skills