Director, Governance, Risk & Compliance

Accommodations Plus International

Director of Governance, Risk Management & Compliance leading API's global IT and security GRC program. Overseeing cyber risk management framework and regulatory compliance posture.

Posted 5/30/2026full-timeRemote • 🇺🇸 United StatesLead💰 $160,000 - $190,000 per yearWebsite

Tech Stack

Tools & technologies

AWSAzureCloudCyber Security

About the role

Key responsibilities & impact

Lead organization-wide risk analysis, maintaining a risk register with documented remediation and mitigation plans.
Serve as the primary advisor on information security risks to security management and business unit leads.
Establish and own the strategy for managing security audits, compliance checks, and external assessments — including GDPR, SOC 2, ISO 27001, CCPA, and other applicable standards.
Liaise with internal and external auditors to implement and sustain required controls.
Build and manage a comprehensive vendor risk program, evaluating the cybersecurity and data protection controls of third parties, vendors, and business partners.
Drive ongoing security program improvement by amplifying areas of strength and developing actionable plans to address gaps.
Lead data governance and data protection programs, ensuring alignment with enterprise risk management principles and up-to-date documentation of systems and processes.
Facilitate IT compliance across identified controls, including IT general controls (ITGCs), application, cloud, and cybersecurity controls.
Document, communicate, and enforce security policies that balance risk with business operations.
Champion cybersecurity best practices across all business units to reduce the organization’s attack surface.
Oversee GRC-related incident response activities, tracking occurrences and resolutions with strict documentation and reporting protocols.
Manage the access review process to ensure appropriate access is consistently granted, maintained, and revoked.

Requirements

What you’ll need

7–10+ years of experience in cybersecurity, spanning security analysis, compliance and regulatory affairs, risk management, or audit.
Demonstrated experience leading and managing GRC programs, including risk registers, remediation planning, and executive-level reporting.
Proven track record managing security audits and assessments for SOC 2, ISO 27001, GDPR, CCPA, and other standards; familiarity with PCI, HITRUST, and GLBA is a plus.
Hands-on experience with vendor and third-party risk management programs, including evaluation of cybersecurity and data protection controls.
Experience with incident response tracking, documentation, and reporting.
2+ years of experience with AWS and/or Microsoft Azure cloud security configuration and management preferred.

Benefits

Comp & perks

Medical, Dental, and Vision insurance
Flexible Spending Accounts for childcare and healthcare
401(k) with matching
Basic Life Insurance and voluntary options including short-term disability, hospital, accident, and pet discounts at select hotels

ATS Keywords

✓ Tailor your resume

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

risk analysissecurity auditscompliance checksvendor risk managementincident responsedata governanceIT general controlscybersecurity controlsremediation planningexecutive-level reporting

Soft Skills

leadershipcommunicationorganizational skillsadvisory skillsstrategic planningcollaborationproblem-solvingpolicy enforcementprogram improvementstakeholder engagement

Certifications

SOC 2ISO 27001GDPRCCPAPCIHITRUSTGLBA