Brookaire Company

Senior Director, Cybersecurity Governance, Risk, and Compliance

Brookaire Company

full-time

Posted on:

Location Type: Remote

Location: Remote • Virginia • 🇺🇸 United States

Visit company website
AI Apply
Apply

Salary

💰 $190,000 - $230,000 per year

Job Level

Senior

Tech Stack

Cyber Security

About the role

  • Own the cyber GRC framework: Establish and continuously improve the organization’s IT and cybersecurity governance model to drive measurable risk reduction aligned with business objectives.
  • Set policy & standards: Develop, implement, and enforce global IT and cybersecurity policies, standards, and procedures that meet international and regional regulations.
  • Advise leadership: Lead the cybersecurity committee/working group; provide regular, executive-ready updates to senior leadership and the board on risk posture and program performance.
  • Run enterprise risk management for cyber/IT: Build and execute comprehensive risk assessment processes, identify vulnerabilities, prioritize mitigations, and track remediation to closure.
  • Manage third-party risk: Partner with IT, operations, and business units to assess and monitor vendor and partner risks across the lifecycle.
  • Measure what matters: Define KRIs and metrics to monitor risk levels and drive decisions, reporting trends and insights to stakeholders.
  • Lead compliance programs: Ensure and maintain compliance with global regulations (e.g., GDPR, CCPA) and frameworks (e.g., NIST, ISO 27001); lead internal/external audits and close findings.
  • Sustain certifications: Maintain and improve certifications and attestations (e.g., SOC 2, HIPAA, PCI DSS), coordinating with legal and privacy teams.
  • Build capability & culture: Lead and mentor a high-performing team; develop training and awareness to strengthen a security-first mindset across the organization.

Requirements

  • Bachelor’s degree in cybersecurity, computer science, information systems, or related field.
  • 10+ years in cybersecurity with significant GRC leadership experience.
  • Deep knowledge of global frameworks and regulations (e.g., ISO 27001, NIST CSF, GDPR, CCPA).
  • Proven track record conducting risk assessments, leading audits, and sustaining compliance certifications (e.g., SOC 2, HIPAA, PCI DSS).
  • Strong leadership and program/project management skills with the ability to manage multiple priorities in a dynamic, global environment.
  • Excellent communication and stakeholder management skills, including presenting to senior leadership and boards.
Benefits
  • Comprehensive health coverage for you and your family
  • Generous leave and time off
  • Competitive retirement plans
  • Flexible work options
  • Wellness, education, and support programs

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard skills
cybersecurity governancerisk assessmentcompliance auditspolicy developmentrisk managementvendor risk assessmentmetrics definitionprogram managementcybersecurity frameworksvulnerability management
Soft skills
leadershipcommunicationstakeholder managementmentoringtraining developmentorganizational skillsdecision makingteam buildingpresentation skillsdynamic prioritization
Certifications
CISSPCISMISO 27001SOC 2HIPAAPCI DSSNIST CSFCCPAGDPRITIL