Senior Director, Cybersecurity Governance, Risk, and Compliance

Job not on LinkedIn

3 hours ago

⚔️ Virginia – Remote

Although this job is listed in Virginia, this company may be open to hiring remote in other states.

💵 $190k - $230k / year

⏰ Full Time

🟠 Senior

👮‍♂️ Cybersecurity / Security Engineer

Apply Now

Receive Emails with Similar Jobs

Brookaire Company

WebsiteLinkedInAll Job Openings

Manufacturing • Retail • Transport

Brookaire Company is a third-generation family-operated business specializing in the manufacturing and distribution of HVAC air filters and V-belts across the United States. Since 1974, the company has focused on providing exceptional customer service and high-quality products, catering to industries such as commercial buildings, data centers, healthcare, pharmaceuticals, and schools. Brookaire offers a wide range of products, including custom size air filters and belts, with services like scheduled job site delivery and air filter disposal to enhance customer convenience. Their reputation for reliable and efficient service has made them a leading choice in HVAC maintenance supplies, with a large inventory available for quick delivery.

51 - 200 employees

Founded 1977

🛒 Retail

🚗 Transport

📋 Description

• Own the cyber GRC framework: Establish and continuously improve the organization’s IT and cybersecurity governance model to drive measurable risk reduction aligned with business objectives. • Set policy & standards: Develop, implement, and enforce global IT and cybersecurity policies, standards, and procedures that meet international and regional regulations. • Advise leadership: Lead the cybersecurity committee/working group; provide regular, executive-ready updates to senior leadership and the board on risk posture and program performance. • Run enterprise risk management for cyber/IT: Build and execute comprehensive risk assessment processes, identify vulnerabilities, prioritize mitigations, and track remediation to closure. • Manage third-party risk: Partner with IT, operations, and business units to assess and monitor vendor and partner risks across the lifecycle. • Measure what matters: Define KRIs and metrics to monitor risk levels and drive decisions, reporting trends and insights to stakeholders. • Lead compliance programs: Ensure and maintain compliance with global regulations (e.g., GDPR, CCPA) and frameworks (e.g., NIST, ISO 27001); lead internal/external audits and close findings. • Sustain certifications: Maintain and improve certifications and attestations (e.g., SOC 2, HIPAA, PCI DSS), coordinating with legal and privacy teams. • Build capability & culture: Lead and mentor a high-performing team; develop training and awareness to strengthen a security-first mindset across the organization.

🎯 Requirements

• Bachelor’s degree in cybersecurity, computer science, information systems, or related field. • 10+ years in cybersecurity with significant GRC leadership experience. • Deep knowledge of global frameworks and regulations (e.g., ISO 27001, NIST CSF, GDPR, CCPA). • Proven track record conducting risk assessments, leading audits, and sustaining compliance certifications (e.g., SOC 2, HIPAA, PCI DSS). • Strong leadership and program/project management skills with the ability to manage multiple priorities in a dynamic, global environment. • Excellent communication and stakeholder management skills, including presenting to senior leadership and boards.

🏖️ Benefits

• Comprehensive health coverage for you and your family • Generous leave and time off • Competitive retirement plans • Flexible work options • Wellness, education, and support programs